Selecting an area within security to start

pts.
Tags:
Access control
Application security
Biometrics
Browsers
Career Development
CCNA
CCSA
Certifications
CISSP
Compliance
configuration
CRM
Current threats
Database
Digital certificates
Disaster Recovery
Encryption
Firewalls
Forensics
Hacking
Identity & Access Management
Incident response
Intrusion management
MCSE
Microsoft Exchange
Network security
Networking
patching
PEN testing
Platform Security
Policies
Risk management
Secure Coding
Security
Security Program Management
Spyware
SSL/TLS
Trojans
Viruses
VPN
vulnerability management
Web security
Wireless
worms
Hi, I'm studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I'm also studying for the CISSP. Now, with all these qualifications, could you please tell me which would be the best position for me to apply for in order to get a start, and if I try that position what would my options be when I gain some experience. Thank you!!

Answer Wiki

Thanks. We'll let you know when a new response is added.

In a very real sense, it doesn’t matter as much what position or area you start with as what you do with it.

Unless you have the misfortune to get employed by an egotistic micromanager, you’ll always have some latitude in how you perform your duties. Here are some suggestions:

– Learn what security-related tasks, functions, areas exist within any organization. If your school has an “intern” or employer program, then ask to speak with representatives of those organizations. Interview THEM to learn how different organizations approach things.

– When you do get a first position, learn how your responsibilities relate to others. If appropriate, meet those people.

– As you learn the job, start looking for inconsistencies. Ask questions of “clarification”. Do it that way so as not to step on sensitive toes. For example: “I don’t understand why our user’s passwords are kept on the bathroom tissue in the loo.” I’ve used a ridiculous example, but the key is to to be seen as learning, not challenging. This is important when you are first starting out – because some people feel threatened by newcomers, because you will learn some things you would never have guessed at, and because (most importantly in my book) once you set yourself to the habit of ALWAYS learning about things in your environment, you will be better prepared to deal with new things.

I’m short on time now, but I hop this points you in the right direction.

Bob

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Arian Eigen Heald
    A good focus to get started with would be the area of Logical Controls. This area of security is common to almost all compliance and security functions in medium to large sized organizations. What does "Logical Controls" mean? Start with considering how a new employee is given access to the company's network and various applications. Is there a written Policy from management mandating that access will be given and approved a certain way? (If not, there needs to be one.) Who is responsible for adding that user into the systems? Giving them a username and password? Who confirms what access that user should have? Who approves giving that new person access? Now ask the same questions for changing a user's access when they move to a new position. Are the old access rights removed, or are new access rights just added on? (That's called "access creep") Finally, how are users removed from the systems when they leave the company? Who notifies whom that the user should be removed? Is it done quickly? What about applications? Remember, if it's not written down, it's not a control.
    75 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following