Selecting an area within security to start

Access control
Application security
Career Development
Current threats
Digital certificates
Disaster Recovery
Identity & Access Management
Incident response
Intrusion management
Microsoft Exchange
Network security
PEN testing
Platform Security
Risk management
Secure Coding
Security Program Management
vulnerability management
Web security
Hi, I'm studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I'm also studying for the CISSP. Now, with all these qualifications, could you please tell me which would be the best position for me to apply for in order to get a start, and if I try that position what would my options be when I gain some experience. Thank you!!

Answer Wiki

Thanks. We'll let you know when a new response is added.

In a very real sense, it doesn’t matter as much what position or area you start with as what you do with it.

Unless you have the misfortune to get employed by an egotistic micromanager, you’ll always have some latitude in how you perform your duties. Here are some suggestions:

– Learn what security-related tasks, functions, areas exist within any organization. If your school has an “intern” or employer program, then ask to speak with representatives of those organizations. Interview THEM to learn how different organizations approach things.

– When you do get a first position, learn how your responsibilities relate to others. If appropriate, meet those people.

– As you learn the job, start looking for inconsistencies. Ask questions of “clarification”. Do it that way so as not to step on sensitive toes. For example: “I don’t understand why our user’s passwords are kept on the bathroom tissue in the loo.” I’ve used a ridiculous example, but the key is to to be seen as learning, not challenging. This is important when you are first starting out – because some people feel threatened by newcomers, because you will learn some things you would never have guessed at, and because (most importantly in my book) once you set yourself to the habit of ALWAYS learning about things in your environment, you will be better prepared to deal with new things.

I’m short on time now, but I hop this points you in the right direction.


Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Arian Eigen Heald
    A good focus to get started with would be the area of Logical Controls. This area of security is common to almost all compliance and security functions in medium to large sized organizations. What does "Logical Controls" mean? Start with considering how a new employee is given access to the company's network and various applications. Is there a written Policy from management mandating that access will be given and approved a certain way? (If not, there needs to be one.) Who is responsible for adding that user into the systems? Giving them a username and password? Who confirms what access that user should have? Who approves giving that new person access? Now ask the same questions for changing a user's access when they move to a new position. Are the old access rights removed, or are new access rights just added on? (That's called "access creep") Finally, how are users removed from the systems when they leave the company? Who notifies whom that the user should be removed? Is it done quickly? What about applications? Remember, if it's not written down, it's not a control.
    75 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: