Home > IT Answers > Security > Suggestions needed on continuing my Informati...
Help

Question

  Asked: Apr 28 2008   5:30 AM GMT
  Asked by: Mexicanblu

Suggestions needed on continuing my Information Security Career


Career in Information Security, Certifications, IT careers

Hello...........I'm an IT professional with 5 yrs of experience in Software Quality Assurance and Information Security.............when I say InfoSec, I mean I have experience getting my organization ISO27001:2005 certified.................mostly my job was concentrated on the Process Compliance part of it................and also the entire cycle of ISMS implmentation..................as my long dreaded dream I want to continue my career in only Information Security but I dont have a specific idea as where to start from how to start from................I'm interested in safeguarding networks, database security, cryptography and encryption...................It would be highly appreciable if someone can guide me on this with respect to the courses or training to be taken so that I can be part of a real team tackling the Information Security issues..................Thanking you in anticipation...................

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
Last Answered: Apr 28 2008  12:50 AM GMT  by Labnuke99




Wow... well if you were really involved in the ISO27001:2005 certification for your organization, you should have a broad understanding of infosec. Were there any particular areas of ISO27001 that caught your interest? There are certifications like CompTia's Security+, or CISSP or CISM from ISC2. Another option to understand the technology and thought process from the hacker's viewpoint is the Certified Ethical Hacker coursework. The SANS group is another great source of infosec education. The more you understand about networks the better off you will be. Cisco security education would also be useful.

Good luck in your career!
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security, Networking and Microsoft Windows.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

KevinBeaver  |   Apr 29 2008  2:17PM GMT

I agree with Labnuke99. The understanding of networks and the technical underpinnings of security will help you more than anything. I certainly understand where you’re coming from. There are so many paths to go down. People ask me this question all the time. Check out the articles I’ve written on information security careers here:
http://www.principlelogic.com/careers.html

Also, I’d be remiss if I didn’t tell you about an audio program I developed on this very topic called Getting Started in Security.

I hope these help get you pointed in the right direction.

 

DiegoDH  |   Apr 30 2008  1:53AM GMT

Hi Mexicanblu,

It might all depend if you prefer mostly the “tech” or the “policy” side of the InfoSec coin (although ideally you should have a good understanding of both sides), and also the career development path that you might be able to choose at your current job (as jumping to a new job with new, unproven skills might be a bit hard): are you able to keep working in InfoSec where you’re currently employed?
The certifications mentioned are all quite good, maybe CISSP could give a good theoretical baseline of “all” the security domains, then as you (or your employer for you, maybe?) choose where to specialize in, more “hands-on” certifications can be added.

Good tech training can also be obtained from SANS ( <a href="http://www.sans.org/" rel="nofollow">http://www.sans.org/</a> ), among other sources.

The best for you!
Diego.