The ‘Information security’ domain is growing by leaps and bounds today. While it was in a negligible state of growth even 5 years back, it has grown exponentially over the years. Schools have started introducing small bits of Information security concepts into the curriculum. Colleges in India and abroad have started introducing Information security specializations at the undergraduate and graduate level. So, what are the different career choices that are available for students who graduate with a degree in Information security and for professionals who move along their Infosec careers?
This is a list of career options that are available for professionals who are in the InfoSec field with the description of the various career choices:
Experience – Atleast 5 years of relevant experience
Certifications – CISSP, CCSP, CEH, OSCP and other certifications are always preferred.
Job description –
The security analyst is expected to:
2. Network Security Engineer
Experience – 6 or more years of relevant functional experience in network architect role or equivalent
Job description –
3. Information security analyst – Pen tester
Experience – 3-5 years experience as pen tester or Information security specialist with pen testing acumen.
Certifications such as CISSP, CEH will always be preferred.
Job description – The Information Security Analyst will be responsible for performing penetration tests on IT Solutions created in house as well as commercial off the shelf. The analyst will be responsible for creating external security testing requirements, coordination of tests performed by contracted 3rd parties and evaluation of the reports.
4. IT auditor
Desired skills – A degree in Computer Science with 6+ years of experience in IT and Operations auditing, risk management, IT Compliance, Information Security, IT program or project management,
Certifications – CISSP, CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager ) are some of the preferred certifications to secure a job as an IT auditor.
Job description – The role of an IT auditor involves developing, implementing, testing and evaluating audit review procedures. He/She will be responsible for conducting IT and IT-related audit projects using the established IT auditing standard in their organization. The audit process can extend to networks, software, programs, communication systems, security systems and any other services that rely on the company’s technological infrastructure.
5. NOC engineer
Desired skills and experience – 3+ years’ experience with MS SQL, VMware, and IIS including related technologies and standards such as DHCP, DNS, DFS, LDAP, IPSEC, CIFS, SMB, etc.
Job description –
6. SIEM – Security Information Event Management-Consultant
Mandatory skills – SIEM
Desired skills – Application Security Code Review – SAC-L1, Big Data-L1
Desired work experience – 5-8 years
Job description – The job requires the candidate to have in-depth knowledge in any one technological or industry practice / functional area and overview of 2-3 other areas. The candidate should be able to handle solution definition/ fitment for a small sized project with a medium complexity. The candidate should also be able to build a custom Function Module with medium complexity program logic.
7. Network Security Administrator
Desired skills – Experience in network configuration and administration including VLANs, ACLs, switches, routers, ISPs and firewalls (i.e. Cisco, HP, Palo Alto, SonicWALL) would be good along with other skills with Linux OS, Azure, switches, routers, firewalls
Job description –
CISO(Chief Information Security Officer) and CIO(Chief Information Officer) are the professionals who have reached the pinnacle of the IT security profession!
These are some of the career choices that are available in the area of Information security. Almost all jobs will need a degree in Computer Science or related area along with certifications such as the CISSP or CEH or other appropriate certifications.
The month of April is always a busy one for me. Two grown kids at home(oh, they are work too!! :)) , schedules all over the place, travelling, business work – all start running riot in April… 🙂 And in the midst I really wanted to do the #BlogchatterA2Z challenge as I had enjoyed doing it so much last year … so, how did I manage? Here goes the report card and my reflections on the whole journey:
My idea was to write posts in Information security(in tune with my blog’s primary objective) and proverbs.. and I did manage to complete them very well… Actually, I had a lot of Information security thoughts in my head, which got shape and a final form once I started writing… Given a deadline to finish one post per day motivated me to stay on track and write about all about what I wanted to do!! 🙂
My Information thoughts just flowed and flowed!! 🙂
What was the hard part?
Being both a technical and a personal blogger, I always wonder what is the hard part of blogging? Sometimes, it is just getting started…other times, it is just the content and yet, at other times, the flow just doesn’t seem right…but most times for me, it is just the ‘title’ of the blog topic which is the challenging part… once a suitable and interesting topic arises, everything falls into place miraculously!! 🙂
Here are my InfoSec posts which I managed to write making it both understandable and techy at the same time…
All of the posts were something that I enjoyed writing, but I particularly enjoyed researching and writing about Project Zero, YouTube Security. OWASP top 10 vulnearabilities the most!! I hope my writing shed light on some topics that you were vague about and motivated you to stay on top of Cybersecurity as well!
Until next year from A2Z…. Ciao!! 🙂