Know More Than the BasicsIf your tech background includes positions outside of the security space, all the better. According to Voodoo Security’s Dave Shackleford, the security industry lacks professionals with programming abilities who understand complex topics such as cryptography, and who have also used a wide range of technologies that give them an experienced perspective on risk analysis. Check out the latest security-related jobs. If you’re an absolute beginner in IT security, read Shackleford’s excellent blog post "One for the N00bs" before you send off your first resume. For those still relatively new to the field (e.g., three years or less of experience), capabilities earned in the "real world" will often earn more regard from an interviewer than whatever you learned in school. "Most college doesn’t even come close to preparing people for information security careers, sadly," he said.
Prove in DepthShackleford believes the ideal candidate for a security job should be prepared in the following ways:
- A Foundational Skill Set: That skill set should include some system and network administration/engineering, familiarity with vulnerability management, and an understanding of perimeter security (firewalls, proxies, IDS/IPS, secure architecture, anti-malware).
- Projects… Lots of Projects: Ideally, your beyond-the-classroom efforts have been infosec-focused and included participation in NCCDC or regional competitions.
- Track Record: Be prepared to demonstrate (or explain) how your work helped to secure an organization, and how you reduced its overall risk.
You Must CommunicateIn order to augment your personal narrative, Shackleford added, candidates should emphasize how well they can work with colleagues, even those not involved in IT. “Security can’t hide under a rock,” he said. “We have to get out with the other people in the organization to help them.” Given that need for collaboration, even the most technically skilled candidates should work on their communication abilities whenever they get the chance. “There really is an expectation of people skills and interaction, and they should be prepared for this,” Shackleford said. For her part, Weidman looks out for candidates with a willingness to explore and investigate. “When I used to interview for jobs,” she said, “I'd get a lot of ‘What is the syntax for this command,’ and now, when bidding on jobs for my company, I get a lot of, ‘What exactly would you do in this situation,’ but my truthful answer, unless it’s something I do all the time is, ‘First I'd do some research.’” A good candidate, in her estimation, will have the communications skills necessary to explain a security fix to others in an organization, even those without a significant tech background.
Show More Than the Whiteboard AllowsSome companies give practical exams as part of the hiring process. While it’s impressive to breeze through these tests, all hope isn’t lost for candidates who struggle a bit with the material. Weidman takes note of those who use test time to explore the problem and work through multiple options to learn what works best; that shows an aptitude for critical thinking, which is so necessary for an IT security job. “No one knows everything, even in a narrow field,” Weidman said, “and even if they did, technology is always changing, so more than being able to answer specific questions, the ability to pick up skills and figure things out is something I look for.”
Upload Your ResumeEmployers want candidates like you. Upload your resume. Show them you're awesome.