How To Get A Job In IT Security

Technical expertise is obviously vital if you want to work in the security field, but it's not the only requirement. Looking to get ahead? Start by learning a second language (and we don't mean C++).

Picture by Sean Gallup/Getty Images

At the opening of Symantec's Sydney Security Operations Centre expansions last week, the topic of how to get a job in the centre (and by extension, in the security field) came up repeatedly. Fluency in multiple languages quickly emerged as a key skill, and was a contributing factor to Symantec setting up the centre — part of a network around the globe to enable 'follow-the-sun' support — in Sydney.

"In Australia we can tap into the very rich and very high calibre of local talent here, not only in the technical sense but also the multilingual capabilities," said Bernard Kwok, Symantec senior vice president for Asia-Pacific and Japan. "We are able to find some very highly capable professionals who speak three or four languages."

While much of the work of the SOC is automated (it monitors more than 744,000 devices for 1100 large enterprise customers), it still requires highly-trained staff. "In the end, there's still a human element in doing security operations," said Peter Sparkes, regional director of managed security services (MSS) at Symantec.

A university education is a pre-requisite, and the field remains competitive. "In Australia, we have a lot of very good high quality security professionals," Sparkes noted.

Positions are rarely advertised, so socialising and attending security-related events is essential if you want to hear of new opportunities. "A large proportion of recruitment comes from networking," said Sean Kopelke, director of specialist solutions for Symantec's Pacific region.

The process is intensive: there is six months of in-house training for an analyst in the Symantec SOC before they begin working with customers. before going in-house. Fortunately, there's also a healthy salary. Kopelke wouldn't discuss specifics, but noted: "Security people are paid well because they have some very strong skill sets."

Flexibility is a vital requirement, as security roles evolve rapidly. "Security is getting hard. I still get those odd Nigerian emails, but the reality is emails a getting a lot more targeted and a lot harder to detect. You need to constantly change operational parameters."

Got your own tips for getting ahead in an IT security career? Share them in the comments.

Evolve is a weekly column at Lifehacker looking at trends and technologies IT workers need to know about to stay employed and improve their careers.


    The only way I found, was to have already had a job in IT Security or be very lucky. Even with a University education in IT security, IT experience, some IT and IT sec certs, most employers wont even consider you if you dont already have some working exp in IT Security. Many of them are even exclusive enough that they want experience in IT Sec within a similar organization/structure.

    Hello IT Security, Dwane Speaking..
    Hi someone has stolen my laptop....

    This discussion is 'ok' when it comes to talking about security in regards to malware and scam analysis. I would say that this is a significant proportion of what Symantec does in its day to day operations. However the security field is somewhat broader than this. Off the top of my head in my role I have done the following:

    Application security analysis by using an international security criteria, IT security governance analysis and security risk analysis for IT systems both in the government and private sectors.

    The company that I work for also includes IT / network infrastructure analysis (and improvements to make it secure), penetration testing , digital forensics, physical security analysis, on top of malware analysis and research.

    I can say that while being able to code in numerous coding languages and being able to speak multiple languages is useful, depending on what area interests you will largely determine what you will need. Definitely get a degree, it is very necessary - moreso if risk analysis is offered as part of the course. At least learn a coding language - even if you aren't able to code well, being able to understand vaguely the logic behind it is *very* useful. Having a knowledge of IT infrastructure would also be another big thing - from basic switching technology through to gateways. Knowing how cryptography works - even at a basic level.

    If you intend to get into a governance or risk type role, being able to communicate effectively is a very good skill. Being able to get to core issues to solve problems (while also a good general rule) is definitely useful in this area. Also being able to balance political influences within an organisation.

    I suggest taking an interest in a particular/multiple areas will make you a particularly useful resource. For example wireless security. There are courses that provide training testing the security of a wireless network. On this theme - there are certifications that you can go for - APMG or SANS courses to name a few. Though experience is generally always favoured here - even if you do that in your own home or get an intern-ship / graduate role somewhere.

    Lastly, I suggest you always be up to date with the current news in security. I personally have a Google Reader that I receive articles on through RSS - ComputerWorld, iTnews, Symantec, The Hacker Network , just to name a few.

    Note: Sorry for the wall of text.

    Well, you could hack into their systems and leave your resume there, I think that's your best chance without experiece!

    Just be wary of getting criminal charges if it backfires :P

Join the discussion!

Trending Stories Right Now