If, like me, you spent a significant amount of time during the late 1990s watching and re-watching Acid Burn and Crash Override in the movie Hackers, then you too may have felt a twinge of déjà vu when the news broke that the TalkTalk hacker was a teenage boy.
The hacking of TalkTalk’s data has put IT security on the front pages again, globally. It has led to the general public questioning the integrity and security of the data they provide to organisations, and how those organisations are protecting it.
But that particular conversation is for another day. Here, we will focus on the recent trends in employment in the IT security space and how you can grow your career in information security (infosec).
If you currently work in the IT security space, or have ambitions of stopping the future Acid Burns and Crash Overrides of the world, then now is as good a time as any to move into infosec.
Recruitment in the IT security industry is buoyant, but it has become more mature when it comes to the demands and requirements on each position within this space. Below is a snapshot of the most in-demand IT security positions.
It is now not enough to just look for a career in infosec, you need to choose an area of expertise, and requirements for each differ. Relevant IT security certifications such as CEH, CISSP, CISA or CISM, though, are either essential or, at a minimum, highly advantageous for these roles.
This position is the most technically-focused of the positions in the IT security area, with a strong focus on securing the network, on firewall design and on implementation.
There is now increased demand on security engineers to combine short-term and long-term strategic views with their technical skills.
Security engineers tend to come from a strong network-engineering background and possess a strong passion for security.
Security analyst/SOC engineer
This position is focused on maintaining and innovating the security practices of an organisation’s network.
Successful people in this area tend to have commercial experience in working with networking protocols such as TCP/IP, and an ability to support and script on applications.
This position is usually the first IT security job that a professional will undertake during the course of their infosec career.
The role of the penetration tester requires a strong mix of technical ability in IT security, an ability to script and configure on applications, and a willingness to challenge and innovate IT security architecture and strategy.
These professionals have a strong knowledge of the OWASP Top 10 vulnerabilities and conduct a wide range of research into infosec changes.
Risk and compliance officer
A risk and compliance officer tends to take more of a governance role when it comes to IT security. The position focuses on IT security practices across an organisation, looking at data loss prevention and the creation of strategies to improve data protection and IT security processes.
The position is process-orientated, but technical knowledge is essential.
The IT audit position is an investigative position with a focus on challenging and identifying weaknesses in an organisation’s IT security strategy and processes. Like any traditional audit role, the position involves risk assessment. IT auditors will create reports on the current processes and give recommendations for improvements.
There is demand for IT auditors to assist in the implementation of the recommendations, so an understanding of infrastructure and applications is advantageous in this area.
How do I get into IT security?
There are various routes you can take to start a career in IT security, depending on the role you’re aiming for.
If you wish to develop a career in security engineering or security analysis, commercial experience and an understanding of the technical aspects of networking are essential. In addition to this, relevant certificates in this field and a passion for IT security are also required.
Risk and compliance officers tend to grow within a company, having started off in infrastructure support or network support positions. These employees gradually start taking ownership of the internal IT security and governance processes and, eventually, develop their responsibilities further. Risk and compliance officers will ideally hold CISSP and CISA certifications, linking both the technical and governance aspects of the position.
Penetration testers and IT auditors tend to have relevant academic backgrounds in IT security. From education, the career path tends to pass through consultancy and into businesses, where qualified persons can utilise their expertise across multiple sites.
Stephen Killilea is a senior consultant with Hays Recruitment.
Looking for tech jobs in Ireland? Check out our Featured Employers section for information on companies hiring right now.
Main image via Shutterstock