Starting a Career in Information Security
At current projections, it is estimated there will be a shortfall of 1.8 million information security workers by 2022. If cybersecurity is of interest, this is definitely a growing field. It is vitally important that as a current student, you will graduate ready to enter the workforce to fill one of the vast numbers of positions available.
From the Math and Computer Science Department, the general requirements for a computer science degree are listed online. Be sure to discuss the specific courses needed for specialization with your academic adviser. Some of the courses which will provide an emphasis on security include:
- MATH 178 - Cryptography; CSCI 181 - Applied Cryptography: theory and management of cryptographic systems.
- COEN 152 and 152L - Computer Forensics: Extremely valuable techniques for collecting and preserving digital evidence
- COEN 161 - Web Programming; COEN 146 - Computer Networks: knowing the landscape that is often the target of attack
The Computer Engineering Department at SCU also offers a degree with a concentration security. It is called Information Assurance, and it is certified by the National Security Agency as meeting the standards of the National INFOSEC Education and Training Program. The general requirements are listed online. Be sure to discuss the specific courses needed for specialization with your academic advisor. Some of the courses which will provide an emphasis on security include:
- MATH 387 - Cryptology: Cryptography, Encryption systems, Cryptanalytic techniques.
- COEN 150, COEN 250 — Introduction to Information Security: legal and ethical issues, introduction to malware, managerial aspects, designing security programs.
- COEN 252, COEN 253, COEN 350: Computer forensics, secure system design, network security
- COEN 351 - Intrusion Prevention Strategies
The value of certifications can be a controversial topic in the security world, but studying for some beginning certs will give students a good start on the basics. If you can’t afford the certs or if you are not sure they will be valuable to you, using their study books to learn the topic is a good strategy as well.
Daniel Miessler, a security professional and writer, recommends that beginners start with these:
A+ is an entry-level computer certification for PC computer service technicians. The exam is designed to certify the competency of entry-level PC computer service professionals in installing, maintaining, customizing, and operating personal computers. https://kb.iu.edu/d/aidn cost: $205
Network+ is a mid-level certification for network technicians. This certification is designed to test the competency of a mid-level network technician in supporting and configuring TCP/IP clients in terms of network design, cabling, hardware setup, configuration, installation, support, and troubleshooting. https://kb.iu.edu/d/aido cost: $294
Linux+ covers common tasks in major distributions of Linux, including the Linux command line, basic maintenance, installing and configuring workstations, and networking. Linux+ is comprised of two exams – LX0-103 and LX0-104. https://certification.
comptia.org/certifications/cost: $200 linux
Security+ certification covers network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Also included are access control, identity management, and cryptography. https://certification.comptia.
Others recommend starting with Brain Bench’s Internet Security and Network Security certifications, which are cheaper at $50. After working your way through mid and lower level certs, it will be easy to find opportunities to earn more advanced certifications.
Hands-on experience and exploration are the best ways to gain experience in information security, but while you are starting out, security and ethical hacking courses will be helpful to you. But it doesn't stop there! The cybersecurity landscape is constantly changing; even the most seasoned professional will still spend some time researching education options, reading reviews, and tracking down formal training or resources online.
There are free courses - see this huge list at multiple skill levels from Cybrary, or do complete free courses from EH Academy on The Complete Cyber Security and Hacking Course or Computer Hacking Forensics Training Course, or similar from Infosec Institute Introduction to IT security and Computer Forensics. Paid course aggregators like Udemy have huge catalogs as well.
Pluralsight is another company that offers courses, and also defines paths to get you to what skill set you want to have, as well as often having interesting articles on new cybersecurity issues, and on the skills most in demand.
Cybersecurity is such a fast-growing field, that constant training is crucial. This is not a field where you learn skills and then incrementally improve them - you are facing a constantly changing environment, a constant game of move-and-countermove. Once you learn how to thwart a bad actor, their techniques will change - often radically. Your opponents are learning all the time as well - including from the same articles and courses listed here. To be effective in cybersecurity, you will not only need an understanding of the techniques and technical environment where you are operating, but also need to know how the bad actors think. Get used to constant upskilling and education if you want to be effective in cybersecurity!