Webinar 2 IT Security


Published on

IT Security careers - various paths, what it takes to suceed, and 2010 job outlook. (Jan 2010)

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Not everyone that signed up has joined yet so we will give them another minute before we start. Our marketing partner David Berger will provide some webinar administrative comments. Welcome to the 2 nd American Sentinel University IT webinar. Today we’lll be talking about “An IT Security Career Path” As I prepared for this session, the quote shown here hit me a as the perfect way to peak your interest to listen to what will be covered. “This year and next year, bar none, security is THE smart place to be in IT.” Certainly there are qualifiers for this statement and it won’t apply to everyone, but for some it can provide an incentive to enter this field or reason to continue your personal quest for improvement in the security field. My name is Paul Capicik and I am the Military Program manager for American Sentinel University. I spent over 26 years in the Air Force followed by 12 years in the civilian corporate world in various director level positions including as a CIO Our intent for these webinars is to provide information that will assist you in making appropriate decisions about your education and career, and motivate you to reach your objectives as well as advance in your chosen career.
  • As mentioned, this webinar will focus on the IT security path: I’ll mention a number of sub-paths and directions you can head in the security area Cover what employers are looking for And the current and near future Job outlook I want you to know I am not a security “Expert”, however in my CIO and IT director positions I was responsible for enterprise IT security so I am very familiar with general security requirements, methods, and resources. What you will hear in this webinar is based on that experience and recent references I have researched which I will provide to you at the end of the presentation.
  • Those of you who participated in the 1 st seminar or read the security article know that IT can be broadly broken into 3 general areas: Systems, applications, and security. You will notice in this discussion that security is an integral part of the first two areas. But the field is now so broad and with very specific disciplines in many branches that it has become its own main field. When speaking of security in specific, it is often viewed today in 3 main areas: Risk management This is not just IT technology related; it affects business survival It deals with business and technology weaknesses, compliance, and liability And it deals with internal, external, and interfaces of people, processes, and resources. (It is not only about the hackers, but regulation compliance, litigation, internal threats, and other things, that can affect the business brand name, and financial status, as well as the IT environment itself.) Security is so important that large companies have appointed Chief Information Security Officers which can report to the CEO Fraud & Forensics Fraud is becoming an increasing threat, and is often internal to the organization Forensics is the investigative side of security And Application security This deals w/ the automated processes software (such as the financial, Customer Resource Management & logistics applications among others. More and more it deals w/ the web applications that interface w/ customers and B2B partners via the internet
  • Here is a of the top 20 skills, aptitudes, and competencies employers will be looking for in the next 2 years according to some surveys. As you can see, the 3 main areas mentioned on the previous slide are represented here, as are some very focused areas such as biometrics, VOIP, and smart card and token security. These are all security measures and practices that are either currently in general use in business for IT security purposes, or they are new measures that show promise so companies/government will be wanting to implement these in their overall security measures program. This slide will be available later to download so don’t worry about copying this down.
  • So if you are still interested in getting into the security arena, or get back into it, or continue on in this career path here is what you need to consider. For those that have attended the last webinar or read several of my articles this won’t be new: Academic Degrees, industry certifications and experience, all to be followed by “continuous updating” in all of these areas are what it will take to succeed.
  • If you are trying to break into IT with an interest in security, it is often best to get the basics through a general IS (systems) or CS (application development) degree, which often speak to basic security, and then go to the specific security courses or degrees to supplement the “foundation” degrees. Don’t forget - IT in general and security paths in particular all cover a broad range of the IT world, and having that foundation knowledge-base will be very useful in whatever path you pursue. Not only that but many employers require degrees. For some of the higher skill level and salary level positions, a master’s or even a doctoral degree can be a requirement. American Sentinel has a general associate and bachelor’s degree in Information Systems and Computer Science as well as an Information Systems Security bachelor’s and an Information Systems Security concentration Master’s in Computer Science that can help you advance your degree needs.
  • Certifications provide the focused and specific training and knowledge-base used in a specific environment. Some certifications deal with the basics (examples are several of the CompTIA certs like Network+ and Security+) Some deal with particular type paths (such as the CSSIP), some deal with certain type of resources (such as CISCO certs for those companies that use CISCO equipment, and Microsoft certs for those companies that use MS software). The path you take, and/or the company you work for, generally determine what certs you need or should consider taking. Again, American Sentinel has online certification training available in any of these and many more that you can start anytime. They provide 24/7 technical support and you use our partner’s servers and equipment in the training so you are not jeopardizing screwing up your computer in course exercises.
  • Here is a recent survey list of the top 10 certifications employers will be looking for in 2010. This is not a list of certs you should run out to try to complete a bunch of. These are very focused certs that deal with a specific skill sets that many of today’s employers need to fill a specific higher/advance security level areas. If you have the background that complements what these certs are for and you are looking for a job or career change, having or getting one or more of these certs can enhance your hiring potential. Notice there are no basic or entry level certs mentioned here. For a services or hardware management firm, they may be looking for an entry level employee that can help set up computer stations to include setting security policies, and managing end-user password accounts, a CompTIA A+, network+ and/or Security+ may be all they require. But make no mistake, certs, just like degrees can be an important part of your personal portfolio that will be considered in the hiring or advancement process.
  • Experience is often thought to be the most important ingredient an employee can have and much can be said to support that. There is no substitute for hands-on experience especially in a crisis as that knowledge is often readily available to be applied to the situation. So get all the experience you can, not just in your little corner of the world but in everything that touches your world or that your world may affect down stream. But a person rarely can “experience” all the parameters that are possible with a piece of equipment, software, or process. So read about, discuss with fellow employees, and think about what all the possibilities you could face. And add that to your actual experience toolbox. For those that are breaking into a new field, supplement actual on-the-job experience with that which you can pick up through other means like providing volunteer help to non-profits, family, or a second or temporary job. All experience is good experience. Some say bad experiences can be the best experience since it prepares you for the next crisis so you can minimize its impact.
  • When you think you have covered all the academic, certification and experience bases, all I can say is that in the IT arena , you’ve just started. While I truly believe IT is an exciting field, it is also fast paced. And fast paced in this case prepare for change . 5 or 6 years ago, security wasn’t even considered a major IT area. Today we are looking at many new specialties and niches and a new functional corporate positions - the CSO and CISO. The CISO as I already mentioned is now being considered on the same level as other corporate “C” positions and reporting directly to the CEO. And the bad-guys are moving at break-neck speed to fleece people and global corporations that threaten their survival. I’m sure you have read or heard instances that security efforts right now are often loosing the battle or at least having a hard time keeping up. So your challenge is to keep to up or ahead of the threat and remain relevant. To do that you have to keep learning: A huge obstacle often heard is “I have too much work – I don’t have time!” Advancing your learning applies to all the security areas You must advance to not only to over come the threat but also to be able to evaluate new technologies and methods Many employers provide funding for you education and training even during the recession they have done this. And advancing means not only in technology but also knowing your employer’s company and business needs. If you do all this, you will likely have a secure job for the foreseeable future. If you don’t - IT security or IT in general may not be for you.
  • For many years IT has been a great field to be in – often as one of the top 2 stable career fields. Security is the newest of the 3 main careers in IT and is really gaining traction. IT in general has had its booms and busts. For instance in 2003 recession unemployment for IT matched that of the general economy at 5.6%.
  • In current times, IT is still often viewed as one of the top 2 career fields – HC being the other. But now SECURITY is the IT area in the spot light As for the current recession, general unemployment is over 10% while IT in general has only hit 5.2% Not the best but a lot better than average. While IT hiring in general is still fairly flat, Security hiring is on the rise. Not only that, but as I mentioned, even during the recession, many employers continued to fund advanced training for their security people IT unemployment has been lower in this recession because the economy continues to depend more and more on IT and employers need to keep these systems running so their business keeps functioning. As for security, the threat continues to increase to the point where business survival is at stake. Companies are taking this serious and are hiring high level security managers – and appointing security focused management people such as CSO’s & CISO’s to head up a specialized department. This is opening additional opportunities at the expert levels.
  • For the future, the BLS and industry surveys show the IT career field remains promising, with SECURITY taking the lead. Remember the quote on the introduction slide: “This year and next year, bar none, security is the smart place to be in IT. – David Foote” This field will continue to broaden and become more specialized. It will be managed more centrally as seen with the institution of CSOs/CISO’s and placing of those individuals at higher reporting levels such as under CEOs. Steve Katz, the worlds first CISO recently said speaking of the IT security : " … it is an opportunity that will take you from entry level to some very challenging, very high-paying professions in very large enterprises.” He also said you have to “know your company and know your business” So you can’t just stick to the technology side of learning – get business background also. A significant shortage of “experts” exists today. However, security positions at all levels should increase. As companies higher back the normal work force, with the new emphasis on security, even the end-user IT support and employee security training levels (which deals with security basics) will help open entry level positions. A point brought out in several of the articles I’ve read recently is that initially the contractors and consulting firms will see the biggest growth rate as companies move ahead with security initiatives, but don’t want to commit to in-house staff until they have a better understanding of the economic recovery cycle. So if you are currently in the military and been working in the security area and can be considered an expert, your prospects should be bright. (I just read an article that the government alone is looking for a 1000 security experts to hire now and they think they will have a hard time filling those positions because of shortages of “security experts” and the competition from the civilian sector.
  • So these are the take-aways I hope you got out of this session: As always I try to motivate people to pursue an IT career because it is exciting and can be a very gratifying and fulfilling career. Know what it takes to succeed and remain successful in this career path. Also know that it is a never ending challenge to keep relevant and ahead of the bad guys to help your employer survive . If you do that – you also will survive. Know “where” to look to keep yourself current and knowledgeable of future needs. American Sentinel is one place that has several of the degree and certification programs that can help you meet your goals and objectives. Finally don’t dwell on the challenges – focus on the opportunities that will open up to you as you meet and exceed those challenges.
  • Now I will be happy to try to answer any questions you may have. and I also invite comments from the group on what you have experienced that may help or even caution others in pursuing an IT Security career path. And when the webinar is over you are welcome to call or email me at my contact information above.
  • This is a list of references that back up what I discussed today. Note the date that these articles were published - all but 1 are within the last month and a half. I have included links to these so you can read the entire article of those that interest you. I hope you continue to participate in our article and webinar series and please - be a vocal participant. You more than me can provide peers with the most recent experiences that can help your fellow service members and families succeed. As a military person you know that teamwork is the best way to succeed. The audio and slides from this webinar have been recorded and a link to it will be available on the American Sentinel blog page. Again ,this is Paul Capicik and you have a great day!
  • Webinar 2 IT Security

    1. 1. American Sentinel University <ul><li>Career Webinar Series </li></ul><ul><li>An IT Security Career Path </li></ul><ul><li>“ This year and next year, bar none, security is the smart place to be in IT. – David Foote” </li></ul>Presented by Paul Capicik 866-470-3743 [email_address] 26 Jan 2010
    2. 2. Overview <ul><li>IT Security Paths </li></ul><ul><li>What is needed to start or restart at IT career </li></ul><ul><li>Job Outlook </li></ul>
    3. 3. The Security Career Path <ul><li>IT in General </li></ul><ul><ul><li>Systems </li></ul></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><li>Security </li></ul></ul><ul><li>Security in particular </li></ul><ul><ul><li>Risk Management </li></ul></ul><ul><ul><li>Fraud & Forensics </li></ul></ul><ul><ul><li>Application Security </li></ul></ul><ul><ul><li>Others </li></ul></ul>
    4. 4. Skills, Aptitudes & Competencies <ul><li>Application Security </li></ul><ul><li>Biometrics </li></ul><ul><li>Data Leak Prevention </li></ul><ul><li>Disk and File Level Encryption Solutions </li></ul><ul><li>Ethical Hacking </li></ul><ul><li>Forensic Analysis </li></ul><ul><li>Governance, Compliance & Audit </li></ul><ul><li>Identity & Access Management </li></ul><ul><li>Incident Handling & Analysis </li></ul><ul><li>Intrusion Detection and Prevention </li></ul><ul><li>Litigation Support (e-discovery) </li></ul><ul><li>Network Security </li></ul><ul><li>Penetration Testing </li></ul><ul><li>Regulatory Compliance & Audit </li></ul><ul><li>Secure Code Development </li></ul><ul><li>Security Architecture </li></ul><ul><li>Smart cards, Disposable Passwords, Tokens </li></ul><ul><li>Threat/ Vulnerability Assessment Management </li></ul><ul><li>VOIP Security </li></ul><ul><li>Web Content Filters </li></ul>2010 Top 20
    5. 5. What it Takes to Start or Restart in IT Security <ul><li>Academics </li></ul><ul><li>Certifications </li></ul><ul><li>Experience </li></ul><ul><li>Continuous advancement </li></ul>
    6. 6. What it Takes to Start or Restart in IT Security <ul><ul><li>Academics </li></ul></ul><ul><ul><ul><li>College degrees provide the needed foundation </li></ul></ul></ul><ul><ul><ul><li>Broad Background </li></ul></ul></ul><ul><ul><li>Certifications </li></ul></ul><ul><ul><li>Experience </li></ul></ul><ul><ul><li>Continuous advancement </li></ul></ul>
    7. 7. What it Takes to Start or Restart in IT Security <ul><ul><li>Academics </li></ul></ul><ul><ul><li>Certifications </li></ul></ul><ul><ul><ul><li>Certs provide the focused, specific training </li></ul></ul></ul><ul><ul><ul><li>Includes basics, specific, and more complex and/or advancing knowledge-base and skills </li></ul></ul></ul><ul><ul><li>Experience </li></ul></ul><ul><ul><li>Continuous advancement </li></ul></ul>
    8. 8. Top 10 Security Certifications for 2010 <ul><li>CISSP - Certified Information Systems Security Professional </li></ul><ul><li>CISM - Certified Information Security Manager </li></ul><ul><li>GIAC - The Global Information Assurance Certification </li></ul><ul><li>CSFA - CyberSecurity Forensic Analyst </li></ul><ul><li>CEH - Certified Ethical Hacker </li></ul><ul><li>CBCP - Certified Business Continuity Professional </li></ul><ul><li>CPP - Certified Protection Professional </li></ul><ul><li>CCE - Certified Computer Examiner </li></ul><ul><li>Vendor Certifications </li></ul>
    9. 9. What it Takes to Start or Restart in IT Security <ul><ul><li>Academics </li></ul></ul><ul><ul><li>Certifications </li></ul></ul><ul><ul><li>Experience </li></ul></ul><ul><ul><ul><li>No substitute </li></ul></ul></ul><ul><ul><ul><li>Get all hands-on you can get </li></ul></ul></ul><ul><ul><ul><li>Read related materials, listen to podcasts, attend conferences </li></ul></ul></ul><ul><ul><ul><li>Delve into periphery areas </li></ul></ul></ul><ul><ul><li>Continuous advancement </li></ul></ul>
    10. 10. What it Takes to Start or Restart in IT Security <ul><ul><li>Academics </li></ul></ul><ul><ul><li>Certifications </li></ul></ul><ul><ul><li>Experience </li></ul></ul><ul><ul><li>Continuous advancement </li></ul></ul><ul><ul><ul><li>“ Biggest obstacles to new skills & training – too much work” </li></ul></ul></ul><ul><ul><ul><li>Applies to all 3 preparedness areas </li></ul></ul></ul><ul><ul><ul><li>Required to remain relevant, advance, and migrate to other areas </li></ul></ul></ul><ul><ul><ul><li>Many employers continue to fund IT security education & training </li></ul></ul></ul><ul><ul><ul><li>Know business & end-user goals & requirements </li></ul></ul></ul>
    11. 11. Job Outlook <ul><li>Past </li></ul><ul><ul><li>IT has been one of the top 2 stable career fields, Security newest of the 3 areas </li></ul></ul><ul><ul><li>In 2003 recession, IT unemployment same as the overall rate – 5.6% </li></ul></ul><ul><li>Current </li></ul><ul><li>Future </li></ul>
    12. 12. Job Outlook <ul><li>Past </li></ul><ul><li>Current </li></ul><ul><ul><li>IT still a top career field, Security show signs of best IT category </li></ul></ul><ul><ul><li>Current recession – overall unemployment rate over 10%, IT reached only 5.2% </li></ul></ul><ul><ul><li>IT hiring in general is flat yet, but security hiring is on the rise </li></ul></ul><ul><ul><li>Why IT is lower than general unemployment </li></ul></ul><ul><ul><ul><li>Economy now more dependent on IT </li></ul></ul></ul><ul><ul><ul><li>Employers need to keep systems running & their businesses functioning. </li></ul></ul></ul><ul><ul><li>Why security hiring in specific is on the rise – the increasing threat to business survival </li></ul></ul><ul><ul><li>CSIO coming onto scene – new advancement opportunities </li></ul></ul><ul><li>Future </li></ul>
    13. 13. Job Outlook <ul><li>Past </li></ul><ul><li>Current </li></ul><ul><li>Future (per BLS reports and industry surveys) </li></ul><ul><ul><li>IT in general remains a promising career field </li></ul></ul><ul><ul><li>IT security is projected to be the most promising </li></ul></ul><ul><ul><ul><li>Field will continue to broaden </li></ul></ul></ul><ul><ul><ul><li>Expanding on the technologist front and in the executive role </li></ul></ul></ul><ul><ul><ul><li>CSO/CISO importance on the increase </li></ul></ul></ul>Steve Katz, the worlds first CISO recently said this about IT Security: &quot; … it is an opportunity that will take you from entry level to some very challenging, very high-paying professions in very large enterprises. “
    14. 14. Webinar take-aways <ul><li>Motivation for an exciting, promising career </li></ul><ul><li>Know what you need to do to remain relevant </li></ul><ul><li>Know where you need to look to keep current </li></ul><ul><li>Don’t dwell on the challenges </li></ul><ul><li>– focus on the opportunities </li></ul>
    15. 15. American Sentinel University <ul><li>Career Webinar Series </li></ul><ul><li>Q & A </li></ul><ul><li>Americansentinel.edu/military </li></ul><ul><li>[email_address] </li></ul><ul><li>866-470-3743 </li></ul>
    16. 16. References <ul><li>Information Security Career Predictions - David Foote on What's Hot and Why; Tom Field, Editorial Director, January 14, 2010, http://www.govinfosecurity.com/articles.php?art_id=2072 </li></ul><ul><li>Recession Rocks IT Profession; Information Technology Unemployment Rate Soars to 5.2% in 2009; Eric Chabrow, Managing Editor; January 12, 2010, http://www.govinfosecurity.com/articles.php?art_id=2066&search_keyword=recession+rocks+IT&search_method=exact </li></ul><ul><li>Information Security Career Trends: New Priorities Call for New Skills; SMG Information Security Media Group; Decemeber 2009, http://www.bankinfosecurity.com/handbooks.php?hb_id=11 </li></ul><ul><li>Top 10 Certifications for 2010; CISSP, CISM Are Most Sought by Professionals; Upasana Gupta, Contributing Editor; December 22, 2009, http://www.govinfosecurity.com/articles.php?art_id=2025 </li></ul><ul><li>Information Security Career Trends: Barbara Massa of McAfee; Tom Field, Editorial Director; December 22, 2009, http://www.govinfosecurity.com/articles.php?art_id=2006&search_keyword=Information+Security+Career+Trends&search_method=exact </li></ul><ul><li>Learn & Earn: Balancing the Demands of Work, School; IT Security Professionals Offer Tips for Managing Jobs, Education; Upasana Gupta, Contributing Editor January 6, 2010, http://www.govinfosecurity.com/articles.php?art_id=2046 </li></ul><ul><li>Cisco Security Report: Malware, Social Media are Top Risks; Social Media New Venue for Attacks; Tom Field, Editorial Director; January 12, 2010 , http://www.govinfosecurity.com/articles.php?art_id=2049&search_keyword=Cisco+Security+Report%3A+&search_method=exact </li></ul><ul><li>Government Info Security Blog - 2010: A Good Time to Start an Information Security Career; January 8, 2010 - Tom Field, http://blogs.bankinfosecurity.com/posts.php?postID=411 </li></ul><ul><li>&quot;If I Were Starting My Career Today ...&quot; - Interview with Steve Katz, June 8, 2009 , http://www.govinfosecurity.com/articles.php?art_id=1526&search_keyword=If+I+were+starting+my+career+today&search_method=exact </li></ul>