Posted by Virus Bulletin on Feb 2, 2015
To break into security, start by getting a job in the industry.
You don't have to be a regular reader of this blog to know that computer security is very important in our increasingly connected world. Unsurprisingly, this has its effect on the job market for security professionals - where there are many vacancies, and organisations report that they can't easily fill their open positions.
However, these vacancies tend to be for people who have spent a decade or more in the industry. For anyone looking for a job in IT security but who doesn't have any experience — and it's good to remember that that's where everyone started — things aren't as easy.
They could, of course, read the interviews with 'infosec rock stars' that Brian Krebs conducted a few years ago, or listen to 'How I got here', a series of podcasts from Threatpost's Dennis Fisher. And they should definitely keep up with what is happening in the world of security and improve their skills.
But there is something else you can do: get a job at an organisation that's involved in security. Even if the only job you can get is in sales or in tech support, don't worry. If you have talent — and one should always believe in one's own talents — they will no doubt be recognized, and you can 'move laterally' to a role where you'll actually be doing security.
Stories about roadies becoming rock stars, or ball boys and ball girls becoming sports stars only happen in (bad) films. In security, however, these things really can happen.
I know, because that's more or less what happened to me. I didn't even know I wanted a career in security when, eight years ago, I started at Virus Bulletin as a web developer. Experience with security was only listed as desirable in the job description. Which was good, as I didn't have any.
But I soon learned that this was actually a really interesting industry and that, in fact, I had some talents that might allow me to contribute to making the world more secure.
Of course, I am not exactly a security rock star. But I am the Editor of Virus Bulletin. For someone who barely knew anything about security eight years ago, I guess that is not too bad.
Incidentally, we are currently hiring for a position similar to the one from which I took my first steps in security. Do apply, even if you're fairly new to this security thing. Perhaps in eight years from now, you'll be VB's next Editor.