There are certainly plenty of opportunities for IT security professionals nowadays. They can get well-paid jobs that offer loads of advancement opportunity, as long as they’re motivated and have a deep interest in security.
The Right Experience
First, you should make sure that your technology experiences put you in contact with a wide assortment of IT and development teams. You don’t want to be a coder in a cubicle corner. The more interaction you have with various teams and working styles, the more well-rounded a security analyst you will be.
Second, you should have plenty of familiarity with security regulations and compliance legislation. Many job postings mention this as a selling point in your evaluation, and many security positions often involve assembling compliance reports and understanding the regulations that your business needs to follow. As more legislation is passed by both the federal and state governments concerning IT security, this is a sure bet. Take the time to bone up here.
Next, you should be experienced in translating technical data into business impacts. The more you can be the interface between the coders and product managers, the more strategic you will be and the more opportunities will be available.
Experience as a systems administrator is also helpful. Many job openings include this as a prerequisite. Your hands-on knowledge of how to set up and run servers is important because it shows real-world grounding in the daily needs of an IT operation, such as making backups, integrating applications across servers and setting up networking infrastructure. Never minimize this kind of experience, and remember: When you have an opportunity to learn more, you become more valuable and marketable.
Can you write and communicate well? The best analysts can, and the more fluid and compelling your writing, the more often your boss will notice what you’re doing and act on your recommendations. If you’re weak in the written word, figure out something that you can write about regularly on the outside (a blog comes to mind) to get more experience. The best writers are like Chicago voters: They write early and write often.
Consider getting your Certified Information Systems Security Professional (CISSP). This demonstrates the basic common knowledge that is needed for many job openings. If you aren’t sure whether you need to study up on the different security domains, start here, where you can download an outline and find links to exam prep materials and other resources.
Obviously there are many ways to approach a career in IT security, and these are just some suggestions to maximize your chances of getting a better job. In the comments below, feel free to share your own personal circumstances that have helped or hurt your career choices along the way.