Moving into network security -- did I make the right choice?
I have over 23 years of physical security experience and am getting ready to finish up a BSIT in about six months. I have no real experience in the IT field, although I am really interested in network security type stuff. I know that I have an uphill climb due to the fact that I have no IT experience... my question is, should I go for certifications in order to expand my chances for being hired into this new field? This degree actually comes at a time when I am about to retire from my present position as Manager Security Operations.
I am thinking I may have to take a pay cut in order to get some experience in. What do you recommend? I certainly hope I haven't made a costly mistake in obtaining a degree with no work experience.
This is actually a pretty familiar dilemma, and one in which you have a substantial leg up in terms of your prior experience. You won't need to learn how to think like a security professional -- you can already claim with complete confidence that you already are one. What you'll need to learn how to do is to apply what you already know to working in IT. And indeed, nothing will help you like experience. If you need a systematic survey of the theory, literature and best practices in information assurance or information security (as the field is sometimes called, one way or the other) you may benefit from certification. In that case, I'd recommend you start with CompTIA Security+, and then pursue something like the SANS GIAC (www.giac.org) crednetials or the ISC-squared CISSP (www.isc2.org) certification. Longer term, you might also want to think about pursuing the ASIC International (formerly known as the American Society for Industrial Security) PSP, or Physical Security Professional certification (http://www.asisonline.org/certification/psp/pspabout.xml) as well.
Whether or not you have to take a pay cut depends on how well you can position yourself as a capable information security person (and of course, on how much you were making in your previous incarnation). If you're prepared to understand what prospective employers are looking for in security professionals and position yourself as to how you meet those requirements, given your degree, your prior experience, and your willingness to demonstrate your interest in the field with more certifications, I don't think you're going to have too much trouble finding work.
This was first published in March 2004