Rook Uncut: How to Shift from an IT to a Security Career

With new data breaches or information security concerns making headlines each day, we are often approached by peers, friends, family, and the media to provide insight. Rook Uncut gives you our quick and raw answers to security questions. If you missed the last edition of Rook Uncut, check it out here.

In this post, I answer questions about how to use your IT experience to break into an IT security career. I also address how to move up the ladder once you’ve switched to the field.

Starting with an IT Background

How does having a general background in IT help you in a career in IT Security?
General IT skills benefit you because roles in cybersecurity usually cover all the facets of IT, from networking, to systems administration, app support, and so on. If you can come to the table with knowledge in a few of these areas, you will have an upper leg. You will have the chance to get involved with a more diverse project set from the start and then find the area in security that piques your interest the most.

What do you think the most important skills are for someone working in information technology who hopes to move on to cyber security? What should they focus on adding to their resume to be attractive to employers?
First, you should have a technical understanding of how a network works and how to perform basic systems administration tasks. Being able to demonstrate hands-on experience is a huge boost to a resume. I realize that not everyone may have the chance to work with certain systems, or in a large corporate IT environment. But you can set-up a home lab to experiment with tools just as easily. Try to be able to walk into an interview and have answers to questions like these:

• Have you ever set up and configured an IDS, or analyzed alerts from an IDS?
• Have you ever configured a firewall?
• Do you know how to analyze packet captures?
• What experience do you have reviewing system or application logs?

Just showing the employer that you have done these (especially on your personal time), will get you a lot of points. Security is a tough environment to be in, so candidates that have demonstrated interest and curiosity around the infosec world/community will always catch my attention.

Working Your Way Up the Ladder

How do you work your way up in the security field?
I’ve always been an advocate for the “you get out what you put into it” method, so I have dedicated a large amount of my time to increasing my skill set. When I first started in the security field, it was very overwhelming because EVERYTHING interested me. One week it would be network security, the next appsec, then incident response and forensics, and so on. I finally found my niche in the security space, but there is no doubt that my interest in all of the IT realms has made me a better security professional. In short, the way I worked my way up in the IT field was putting the time and effort into what I had a passion for. When you spend the time immersing yourself in all the interesting topics, you take more than a few things away, and peers/coworkers start to notice.

How much opportunity is there to climb the ladder once you begin gaining experience?
There is quite a bit of room to grow in the security field. Once you dedicate your time to that particular niche you enjoy the most, it becomes easy to grow into more senior roles. You become the person that everyone goes to when there are problems, good or bad. The thing that always interested me was that if someone in security wanted to stay in a technical role their entire career, that is completely possible. On the other hand, you have those people that want to move into more of a managerial role, and it is also possible to step down that path if desired.

Would you advise a rookie to take a low-level position in order to work their way up?
Absolutely. People often forget the amount of knowledge that can be gained from on the job. It’s a great way to get your feet wet, and get comfortable in a position. If there is ever downtime in your role, it’s a perfect time to do some research and development. Even in a low-level position you can show and generate value to an organization. If you get the opportunity to get involved with a major project right out of the gate, jump at it! This is a great way to position yourself as someone that is eager and excited to take on new challenges.

If you are interested in a career in security, we do have open security roles at Rook. Be sure to check them out!