Scope:
Increased computer
attacks and subsequent losses have heightened the demand for network security
professionals. Interestingly this challenge is also an opportunity -
opportunity to enter the network security arena. As organizations of all types
aim for better competitive edge in the digital world, they are bound to invest
in more computer and network infrastructure. Nobody wants to become a dinosaur,
but who will secure these network systems? There is a need for trusted
professionals that can provide network security value and solutions.
And as in any other
field, there are those who are in the network security to make positive
contributions and there are others who are there to make some fast money. You
need to be clear on your motives. Network security is rewarding, but shortcuts
will not work in a field as intense as network security.
What does a network
security professional do?
The role of the network security professional is to use knowledge and skills to protect consumers, businesses, government agencies, and the society. The network security professional identifies all types of threats (internal, external, intentional and unintentional) and works to stop them. The professional performs by effectively applying networking and security expertise.
Skills:
Knowledge:
It follows that to get
into network security, you must equip yourself with knowledge and skills in networking
fundamentals and security basics.
A person responsible
for building network security, and protecting a network requires solid
networking knowledge. Start by mastering the fundamentals of Networking. Focus
first on building your Networking expertise - fundamental networking skills and
knowledge . Have a good grounding in the fundamentals - knowledge, skills and
experience - Local Area Networks (LANs), Wide Area Networks (WANs), network
gear and remote equipment. It also helps to have a good foundation in tech
support.
With a foundation in
tech Support / Networking - hardware and software, you can then proceed to
build on that with security experience by developing your security skills and
knowledge.
You must have knowledge
about threats to network security and how to combat them. How can you keep out
the bad guys and help secure networks. Such threats include worms,
unauthorized access, e-mail attacks, malicious code viruses, availability
issues, network vulnerabilities and social engineering. The technical aspects
of network security, includes designing, configuring, and installing security
tools.
Security professionals
need to have a good grasp of encryption technologies, authentication, network
security tools, firewalls, intrusion detection systems, virtual private
networks, identity services, security management, as well as key information
security principles and concepts.
Certifications and
academic education programs are the most popular options for acquiring the
knowledge you need. But consider don’t certification and degrees purely as
alternatives. They are best used to complement each other.
Other education –
ethics, law, non-tech-
In addition to
networking and security knowledge, I would suggest that you develop an interest
in learning about cybercrime, investigations, ethics, computer crime laws,
privacy, legal liability and other non-tech issues that are critical subjects
within information security. It’s not just about tech know-how. The security
professional should have a good grasp of the issues involved. For example, to
stop the attackers, it certainly helps to think like an attacker.
Note that education
alone is not enough to build a career in network security. Regardless of your
background, people who move into network security benefit tremendously from
real-life working experience. You simply must practice what you have learnt. As
you pursue education through your degree and certification programs, always
look for work experience opportunities. Your education works better for you if
complemented with hands-on system and network experience that helps you
reinforce and focus your interests and learning much more effectively.
Beginners in particular
should look for entry-level system or networking positions or internships - in
cybercafes, ISPS, etc. Be ready to start from the basics and work your way up.
Such opportunities can provide a solid foundation into network security.
Don't be reward-focused
but be more contribution and learning (practice) focused. Always look for such
opportunities as you develop your career. Your interest should be in increasing
your value rather than your cost - value to clients, employers, colleagues, and
to yourself.
You can also build a
home laboratory for learning key skills and for more experience. Many commonly
used technologies are easily available on the Internet as freeware or
shareware. Practice gives you a better understanding of the theories and
features of such security technologies.
For career growth, your
professional attitude and soft skills (ability to market yourself,
communications skills, presentation skills, business knowledge, leadership,
etc) are also important. Education deals strictly will technical knowledge and
skills. Start now especially to develop your communications (written and
verbal) skills, as it will be part of your responsibility to communicate
regularly with the other people (colleagues, business managers, customers,
vendors, IT staff, company management, etc).
You will need such
skills not only to get opportunity, but also to progress. For example as a
network security professional, you may need to make presentations to management
and colleagues. You’ve got the job - do you want to grow? It is essential to
build such skills now. Furthermore such skills are critical for network
security management (planning, developing and supervision). In fact expertise
with a soft skills background such as project management or
other administrative capability is required for senior positions in network
security.
Information and network
security requires an enthusiasm for lifelong learning and a lifetime commitment
to information technology. The rapid rate of change in technology and security
means nobody can afford to be “mister-know-it-all”. Keep sharp. Keep up-to-date
and sharp. Don’t get complacent. Earning your security certification isn’t
enough. Monitor trends and attend forums that provide you with what you need to
comprehend the threats and secure the networked systems of today and tomorrow.
Information security is a continual learning process.
Professionalism,
Trustworthiness:
The network security
position is a hot seat that carries huge responsibility. Ethics and
professionalism can’t be compromised. Degrees and certification are great but
trustworthiness must be in the equation. Can you be trusted, what is your
record like when it comes to integrity?
-->A degree program in computer science, electrical and
electronic engineering or similar fields of study is a good starting point when
using the formal education academic option. In such a discipline, always look
for opportunities to choose network and security electives.
References:
Challenges:
As threats become more sophisticated and workplace data leaks
grow more prevalent, today’s security solutions struggle to keep up.
Conventional technologies like firewalls, IDS systems, and VPNs may prevent
outside threats but fail to protect “inside threats” from employees who
accidentally infect the network.
Security solutions such as Network Access Controls (NAC) focus on
initial posture assessment and authentication of the employee’s endpoint. Once
a user is authenticated, he or she is no longer monitored and can act in ways
harmful to the network. In addition, today’s "borderless"
organizations freely share information globally between employees and partners.
These enterprises attempt to balance openness and flexibility with security
risks as employees work
from home, airports, and from other, non-secure, off-site locations.
Other important challenge in security field is to update yourself,i.e get yourself acquainted to new technologies,new threats and their protection.This is the field where you can daily find a new virus or a new mall-ware,so to be in the industry you should know all these and act accordingly.
Certification:
According to recent
salary surveys by ZDNET's Tech Republic organization, the following are the
highest paying certifications to have in the technology industry.
Following each
certification is the average annual salary being paid to individual responders
that hold the certification. I have also listed training resources to learn
more information about how to acquire each of the highest paying
certifications.
1. PMI Project Management Professional (PMP)
With an average annual
salary of $101,695, the PMP certification from the Project
Management Institute (PMI) organization tops the list of highest paying
certifications for the current year.
2. PMI Certified Associate in Project Management (CAPM)
Next highest on the
list of highest paying certifications is PMI's Certified Associate in
Project Management(CAPM). The average annual salary for CAPM holders that were
surveyed is $101,103.
With an annual average
salary of $95,415 the ITIL v2 Foundations certification came up third on the
list of highest paying certifications. ITIL stands for the IT Infrastructure
Library. The ITIL certification is designed to show expertise in ITIL service
support and service delivery.
4. Certified Information Systems Security Professional
(CISSP)
Coming in at a close
4th on the list of highest paying certifications is the Certified Information
Systems Security Professional or CISSP certification from (ISC)2. The
average annual reported salary was $94,018.
5.Cisco CCIE Routing and Switching
At $93,500 per year
average annual salary, the Cisco CCIE Routing and Switching
certification came in 5th on the list of highest paying certifications in
the technology industry.
6. Cisco CCVP - Certified Voice Professional
Number six on the list
of the highest paying certifications is the Cisco CCVP or Cisco
Certified Voice Professional. The average annual salary of CCVP respondents was
$88,824.
The ITIL v3
certification - the ITIL Master - came in 7th on the list of the highest paying
technical certifications. The average annual salary for ITIL Master
certification holders was $86,600.
8. MCSD - Microsoft Certified Solution Developer
The MCSD or Microsoft
Certified Solution Developer certification pays an average of $84,522. This
puts the MCSD certification at number 8 on the list of highest paying
certifications in technology.
9. Cisco CCNP - Cisco Certified Network Professional
Cisco Certified Network
professional or CCNP certification is number 9 on the list of highest
paying technical certifications. The average annual salary reported by CCNP
holders is $84,161.
10. Red Hat Certified Engineer
The Red Hat Certified
Engineer (RGCE) came in at number 10 on the list of highest paying
certifications. The average annual salary reported by Red Hat Certified Engineers
is $83,692.