Breaking into InfoSec: Tips for career changers and new grads
June 19, 2017 | By Andrew Whitt
With high pay, a bright outlook and challenging work, InfoSec may be the most coveted IT career right now. There are lots of jobs but also lots of competition for them, and no easy pathway in. Here’s how you can get that first InfoSec job, whether you’re a new grad or experienced IT pro.
I’ve seen people with a great attitude and relevant certification go right into an InfoSec job out of college.
Information security career paths
The single best route into information security is through networking or systems administration. If you’re already in that role, and understand how complicated systems interact, you’re going to be very attractive to a hiring manager. Recent grads from computer science or related programs should be able to achieve that systems or networking position after two or three years of hard work.
While most of my customers want to hire someone with a couple of years of IT experience, I’ve seen people with a great attitude and relevant certification go right into an InfoSec job out of college. If you’re a new grad with a cybersecurity degree and ability to articulate security principles really well, look at entry-level positions in a security operations center or an auditing compliance role.
The single best route into information security is through networking or systems administration.
Coming from tech support is a harder transition than networking but getting a certification can really help. Hiring managers like to see that customer-facing experience and a clear knowledge of the systems you’ve been troubleshooting.
The right certifications
I really can’t over-emphasize the importance of information security certifications in helping you get the first job. First, there’s a ton to learn about InfoSec that you’re not going to pick up in another role. Second, the certification shows you’re serious about entering the field, not just seeking that next job. Finally, it demonstrates the drive to learn and improve that will make you successful.
Definitely consider getting your CompTIA Security+. Some workers discount it because they associate CompTIA with the basic A+, but employers take it seriously. It actually covers a lot of the same content as the CISSP, which is the gold standard for InfoSec certifications, but one you can’t obtain without prior experience.
Information security certifications show you're serious about entering the field, not just seeking the next job.
Also look at the GSEC (GIAC Security Essentials), a well-respected entry-level information security credential.
Never neglect networking
User groups and professional organizations provide seminars to learn about relevant topics, and more importantly, expose you to people who can help your career.
Highlight the mindset
If you’re tempted to impress an interviewer by listing all the shiny InfoSec toys you’ve played with, don’t. InfoSec is a mindset rather than a skillset. Being able to articulate your solid grasp of IT fundamentals and security principles will go a lot further.
Consider the cloud
Organizations are moving to the cloud but many haven’t really figured out their security strategy yet, including what happens when there’s a breach. Cloud security pros are going to be highly in demand, so do what you can to learn about the cloud now. And consider adding the Certificate of Cloud Security Knowledge (CCSK) to your arsenal.
Cloud security pros are going to be highly in demand, so do what you can to learn about the cloud now.
Have InfoSec career questions? Our InfoSec recruiters are happy to help. Contact your nearest TEKsystems office to speak to a recruiter.