American Sentinel UniversityAmerican Sentinel UniversityCareer Webinar SeriesCareer Webinar Series

An IT Security Career PathAn IT Security Career Path

““This year and next year, bar none, security is This year and next year, bar none, security is thethe smart place to be in IT. – David Foote”smart place to be in IT. – David Foote”

Presented by Paul Capicik

866-470-3743paul.capicik@americansentinel.edu26 Jan 2010

OverviewOverview

IT Security PathsIT Security Paths What is needed to What is needed to

start or restart at IT start or restart at IT careercareer

Job OutlookJob Outlook

The Security Career PathThe Security Career Path

IT in GeneralIT in General SystemsSystems ApplicationsApplications SecuritySecurity

Security in particularSecurity in particular Risk ManagementRisk Management Fraud & ForensicsFraud & Forensics Application SecurityApplication Security Others Others

Skills, Aptitudes & Skills, Aptitudes & Competencies Competencies

Application Security Application Security Biometrics Biometrics Data Leak Prevention Data Leak Prevention Disk and File Level Encryption Disk and File Level Encryption

Solutions Solutions Ethical Hacking Ethical Hacking Forensic Analysis Forensic Analysis Governance, Compliance & Governance, Compliance &

Audit Audit Identity & Access Management Identity & Access Management Incident Handling & Analysis Incident Handling & Analysis Intrusion Detection and Intrusion Detection and

Prevention Prevention

Litigation Support (e-discovery) Litigation Support (e-discovery) Network Security Network Security Penetration Testing Penetration Testing Regulatory Compliance & Audit Regulatory Compliance & Audit Secure Code Development Secure Code Development Security Architecture Security Architecture Smart cards, Disposable Smart cards, Disposable

Passwords, Tokens Passwords, Tokens Threat/ Vulnerability Threat/ Vulnerability

Assessment Management Assessment Management VOIP Security VOIP Security Web Content FiltersWeb Content Filters

2010 Top 20

What it Takes to Start or Restart What it Takes to Start or Restart in IT Security in IT Security

AcademicsAcademics CertificationsCertifications ExperienceExperience Continuous advancementContinuous advancement

What it Takes to Start or Restart What it Takes to Start or Restart in IT Security in IT Security

AcademicsAcademics College degrees provide the needed foundation College degrees provide the needed foundation Broad BackgroundBroad Background

CertificationsCertifications ExperienceExperience Continuous advancementContinuous advancement

What it Takes to Start or Restart What it Takes to Start or Restart in IT Security in IT Security

AcademicsAcademics CertificationsCertifications

Certs provide the focused, specific training Certs provide the focused, specific training Includes basics, specific, and more complex Includes basics, specific, and more complex

and/or advancing knowledge-base and skillsand/or advancing knowledge-base and skills ExperienceExperience Continuous advancementContinuous advancement

Top 10 Security Certifications Top 10 Security Certifications for 2010for 2010

CISSP - Certified Information Systems Security Professional

CISM - Certified Information Security Manager GIAC - The Global Information Assurance Certification CSFA - CyberSecurity Forensic Analyst CEH - Certified Ethical Hacker CBCP - Certified Business Continuity Professional CPP - Certified Protection Professional CCE - Certified Computer Examiner Vendor Certifications

What it Takes to Start or Restart What it Takes to Start or Restart in IT Security in IT Security

AcademicsAcademics CertificationsCertifications ExperienceExperience

No substituteNo substitute Get all hands-on you can getGet all hands-on you can get Read related materials, listen to podcasts, attend Read related materials, listen to podcasts, attend

conferencesconferences Delve into periphery areasDelve into periphery areas

Continuous advancementContinuous advancement

What it Takes to Start or Restart What it Takes to Start or Restart in IT Security in IT Security

AcademicsAcademics CertificationsCertifications ExperienceExperience Continuous advancementContinuous advancement

““Biggest obstacles to new skills & training – too much work”Biggest obstacles to new skills & training – too much work” Applies to all 3 preparedness areasApplies to all 3 preparedness areas Required to remain relevant, advance, and migrate to other Required to remain relevant, advance, and migrate to other

areasareas Many employers continue to fund IT security education & Many employers continue to fund IT security education &

trainingtraining Know business & end-user goals & requirementsKnow business & end-user goals & requirements

Job OutlookJob Outlook PastPast

IT has been one of the top 2 stable career IT has been one of the top 2 stable career fields, Security newest of the 3 areasfields, Security newest of the 3 areas

In 2003 recession, IT unemployment same as In 2003 recession, IT unemployment same as the overall rate – 5.6% the overall rate – 5.6%

CurrentCurrent FutureFuture

Job OutlookJob Outlook PastPast CurrentCurrent

IT still a top career field, IT still a top career field, Security show signs of best IT Security show signs of best IT categorycategory

Current recession – overall unemployment rate over 10%, IT Current recession – overall unemployment rate over 10%, IT reached only 5.2%reached only 5.2%

IT hiring in general is flat yet, but IT hiring in general is flat yet, but security hiring is on the risesecurity hiring is on the rise Why IT is lower than general unemploymentWhy IT is lower than general unemployment

Economy now more dependent on ITEconomy now more dependent on IT Employers need to keep systems running & their businesses Employers need to keep systems running & their businesses

functioning.functioning. Why security hiring in specific is on the rise – the Why security hiring in specific is on the rise – the increasing increasing

threat to business survivalthreat to business survival CSIO coming onto scene – new advancement opportunitiesCSIO coming onto scene – new advancement opportunities

FutureFuture

Job OutlookJob Outlook PastPast CurrentCurrent Future Future (per BLS reports and industry surveys)(per BLS reports and industry surveys)

IT in general remains a promising career fieldIT in general remains a promising career field IT security is projected to be the most promisingIT security is projected to be the most promising

Field will continue to broadenField will continue to broaden Expanding on the technologist front and in the executive roleExpanding on the technologist front and in the executive role CSO/CISO importance on the increaseCSO/CISO importance on the increase

Steve Katz, the worlds first CISO recently said this about IT Security: " … it is an opportunity that will take you from entry level to some very challenging, very high-paying professions in very large enterprises. “

Webinar take-aways Webinar take-aways

Motivation for an exciting, promising careerMotivation for an exciting, promising career Know what you need to do to remain relevantKnow what you need to do to remain relevant Know where you need to look to keep currentKnow where you need to look to keep current Don’t dwell on the challenges Don’t dwell on the challenges – – focus on the opportunitiesfocus on the opportunities

American Sentinel UniversityAmerican Sentinel UniversityCareer Webinar SeriesCareer Webinar Series

Q & AQ & AAmericansentinel.edu/militaryAmericansentinel.edu/military

Paul.capicik@americansentinel.edu866-470-3743866-470-3743

ReferencesReferences Information Security Career Predictions - David Foote on What's Hot and Why; Information Security Career Predictions - David Foote on What's Hot and Why; Tom Field, Editorial Director, Tom Field, Editorial Director,

January 14, 2010, January 14, 2010, http://www.govinfosecurity.com/articles.php?art_id=2072

Recession Rocks IT Profession; Information Technology Unemployment Rate Soars to 5.2% in 2009; Recession Rocks IT Profession; Information Technology Unemployment Rate Soars to 5.2% in 2009; Eric Eric Chabrow, Managing Editor; Chabrow, Managing Editor; January 12, 2010, January 12, 2010, http://www.govinfosecurity.com/articles.php?art_id=2066&search_keyword=recession+rocks+IT&search_method=exact

Information Security Career Trends: New Priorities Call for New Skills; SMG Information Security Media Group; Decemeber 2009, http://www.bankinfosecurity.com/handbooks.php?hb_id=11

Top 10 Certifications for 2010; CISSP, CISM Are Most Sought by Professionals; Top 10 Certifications for 2010; CISSP, CISM Are Most Sought by Professionals; Upasana Gupta, Upasana Gupta, Contributing Editor; Contributing Editor; December 22, 2009, December 22, 2009, http://www.govinfosecurity.com/articles.php?art_id=2025 http://www.govinfosecurity.com/articles.php?art_id=2025

Information Security Career Trends: Barbara Massa of McAfee; Information Security Career Trends: Barbara Massa of McAfee; Tom Field, Editorial Director; Tom Field, Editorial Director; December 22, December 22, 2009, 2009, http://www.govinfosecurity.com/articles.php?art_id=2006&search_keyword=Information+Security+Career+Trends&search_method=exact

Learn & Earn: Balancing the Demands of Work, School; IT Security Professionals Offer Tips for Managing Learn & Earn: Balancing the Demands of Work, School; IT Security Professionals Offer Tips for Managing Jobs, Education; Jobs, Education; Upasana Gupta, Contributing Editor Upasana Gupta, Contributing Editor January 6, 2010, January 6, 2010, http://www.govinfosecurity.com/articles.php?art_id=2046

Cisco Security Report: Malware, Social Media are Top Risks; Social Media New Venue for Attacks; Cisco Security Report: Malware, Social Media are Top Risks; Social Media New Venue for Attacks; Tom Tom Field, Editorial Director; Field, Editorial Director; January 12, 2010January 12, 2010, http://www.govinfosecurity.com/articles.php?, http://www.govinfosecurity.com/articles.php?art_id=2049&search_keyword=Cisco+Security+Report%3A+&search_method=exact art_id=2049&search_keyword=Cisco+Security+Report%3A+&search_method=exact

Government Info Security Blog - 2010: A Good Time to Start an Information Security Career; Government Info Security Blog - 2010: A Good Time to Start an Information Security Career; January 8, January 8, 2010 - Tom Field, 2010 - Tom Field, http://blogs.bankinfosecurity.com/posts.php?postID=411 http://blogs.bankinfosecurity.com/posts.php?postID=411

"If I Were Starting My Career Today ..." - Interview with Steve Katz, "If I Were Starting My Career Today ..." - Interview with Steve Katz, June 8, 2009June 8, 2009,, http://www.govinfosecurity.com/articles.php?http://www.govinfosecurity.com/articles.php?art_id=1526&search_keyword=If+I+were+starting+my+career+today&search_method=exact art_id=1526&search_keyword=If+I+were+starting+my+career+today&search_method=exact