By Dino Londis

You already know security's hot, but think of it this way: We are a catastrophic event away from it being the hottest job on the market. An event like an Internet outage, or a law firm's data being destroyed by outside forces just before trial, or a municipality held hostage by a disgruntled tech, and companies will take more seriously the threats that are already here. So position yourself now as your company's go-to person for all things security.

Assume the Position

Do Whatever You Have to Do To Get Into a Security Position at Your CompanyStart by becoming an expert in your current area of expertise, then branch out. If you're in charge of patching the workstations you're halfway there. If not, you can offer to test the patches before deployment. (Trust me; the WSUS Admin will welcome it.) If you work in helpdesk, make it a habit to check the AV/EP software of each user that calls, and log the trends. Often the antivirus software catches the delivery vehicle, not the actual virus. Noting what has been quarantined will detect trends. When Malware strikes, you'll have some ready data.

Call a Meeting

Applying the data you've culled, call a meeting to address the problems you see and examine ways to address them. For example, an often overlooked part of disaster recovery is the desktop failing. What do users do when the local PC is unavailable? If you're really ambitious, create an incidence response policy.

Look for problems. Does everyone have access to their USB port? Do you have an application white list? Can the desktop be tightened? Does everyone need access to the Internet? Are the mobile devices locked down? How are laptops encrypted? The reach is everywhere.

Certifications

Nothing beats real world experience, but a certification never prevented someone from getting a job. Remember we're talking about positioning yourself within your current company, so actively pursue the certification with the same tenacity as you would attach security problems at work. CompTIA offers a vender-neutral certification that you can independently study for. You can also take classes at a community or online college. It depends how much you value certifications and, of course, you need to be able to do the job. The cert will have value, but that will evaporate in the air of experience. 

Resources

In addition to hundreds of books on viruses, Trojan horsess and rootkits, there are some excellent free podcasts, such as Security Now with Steve Gibson and Leo Leporte which details the vulnerabilities disclosed for the week. You can also read SCMagazine.com which reviews products and consolidates the security news links as well as providing original content. These help do the hard work of culling the information, leaving you to introduce them to your enterprise.

Final Words

A watershed event is on the horizon that will make the average person think security is more than a part of IT. Now's the time to prepare. Don't worry if your pay doesn't get bumped. What you want is the title in your job description. The pay will come.

Dino Londis is an applications management engineer in New York.