How to land a job in IT security

To be a security pro, decide on a specialization, then learn as much as you can through formal channels or by self-education

Page 2 of 2

Which certs should I obtain?

Like degrees, certifications can only help you. Personally, I'm not a huge fan of the (ISC)2 Foundation certifications, although Certified Information Systems Security Professional (CISSP) cert remains one of the most requested and respected general certifications. In my personal opinion, it suffers from a poorly designed test. Most people walk out of that test shaking their heads because it seldom maps to the expensive study materials students were told to buy. But the certification covers a wide range of security topics, and studying for it will only make you stronger.

I like any of the ISACA certifications, such as the Certified Information Systems Auditor (CISA) cert. If you're seeking a job in IT management, it can give you a leg up.

I'm also a big fan of exams from CompTIA. They are often considered basic or beginner's exams, but I guarantee you that even a hardened veteran will learn something studying for one. EC-Council certifications are fairly good. The tests sometimes need work, but the course materials and experience you'll gain from studying for these exams are valuable.

Best of all are the SANS certifications and degrees. Unfortunately, they also tend to be expensive. But if I see that someone has a SANS certification, then I know they're on top of their stuff. SANS has awesome practical training, great instructors, and great books -- on top of tons of free information you can download from the SANS website. If you're going to be in charge of particular hardware or software, it helps to have the certs involving those items, such as Microsoft, Cisco, and the rest.

If you can't easily pick up degrees and certs, become an expert. Read everything you can about your intended field of study. Buy books, read all the online information you can find, subscribe to blogs, and try your best to hang around (at least digitally) with people who are the experts in the field. The more you learn, the stronger you'll be as a candidate.

Arm yourself to the teeth

For the actual job you're seeking, prepare like you're going to war. Go to the employer's website and learn everything you can about the company: its history, its organizational structure, its products. Learn about its biggest competitors and the industry in general. Then try your best to throw in a response or two in the job interview that shows you know about the company you're applying to and the industry in which they operate.

Your resume should be customized for each job you're interviewing for. The desired skill sets the employer is looking for should be listed on the top of your resume. Most people tend to put their most recent or best skills first, and that's OK. But it's better to put the requested skills on top where the hiring manager can see them.

If you're interested in the job, make sure you tell the interviewer you really want it. I've given many jobs to candidates who seemed highly interested in the job, even if they had a little less experience or qualifications than others. Follow-up emails and letters can't hurt, but don't stalk the interviewer. If they want you, they will call.

There's no secret to obtaining your first IT security job. Make the best of what you have. And if you don't have the necessary expertise, go get it. There are millions of pages about your desired skill set waiting to be read and downloaded off the Internet. Inventory your strengths and weaknesses, improve what you can, and go and get that job!

This story, "How to land a job in IT security," was originally published at Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at For the latest business technology news, follow on Twitter.

| 1 2 Page 2
Cybersecurity market research: Top 15 statistics for 2017