Do Whatever You Have to Do to Get Into a Security Position at Your Company

By Dino Londis

You already know security’s hot, but think of
it this way: We are a catastrophic event away from it being the hottest job on
the market. An event like an Internet outage, or a law firm’s data being
destroyed by outside forces just before trial, or a municipality held hostage
by a disgruntled tech, and companies will take more seriously the threats that
are already here.
So
position yourself now as your company’s go-to person for all things security.

Assume the Position

Do Whatever You Have to Do To Get Into a Security Position at Your CompanyStart by
becoming an expert in your current area of expertise, then branch out. If you’re
in charge of patching the workstations you’re halfway there. If not, you can
offer to test the patches before deployment. (Trust me; the WSUS Admin will
welcome it.) If you work in helpdesk, make it a habit to check the AV/EP
software of each user that calls, and log the trends. Often the antivirus
software catches the delivery vehicle, not the actual virus. Noting what has
been quarantined will detect trends. When Malware strikes, you’ll have some
ready data.

Call a Meeting

Applying
the data you’ve culled, call a meeting to address the problems you see and examine
ways to address them. For example, an often overlooked part of disaster recovery
is the desktop failing. What do users do when the local PC is unavailable? If
you’re really ambitious, create an incidence response policy.

Look for
problems. Does everyone have access to their USB port? Do you have an
application white list? Can the desktop be tightened? Does everyone need access
to the Internet? Are the mobile devices locked down? How are laptops encrypted?
The reach is everywhere.

Certifications

Nothing
beats real world experience, but a certification never prevented someone from getting a job. Remember we’re talking about positioning
yourself within your current company, so actively pursue the certification with
the same tenacity as you would attach security problems at work. CompTIA offers a vender-neutral
certification that you can independently study for. You can also take classes
at a community or online college. It depends how much you value certifications
and, of course, you need to be able to do the job. The cert will have value,
but that will evaporate in the air of experience. 

Resources

In
addition to hundreds of books on viruses, Trojan horsess and rootkits, there
are some excellent free podcasts, such as
Security Now

with Steve Gibson and Leo Leporte which details the vulnerabilities disclosed
for the week. You can also read SCMagazine.com which reviews products and consolidates the
security news links as well as providing original content. These help do the
hard work of culling the information, leaving you to introduce them to your
enterprise.

Final Words

A
watershed event is on the horizon that will make the average person think
security is more than a part of IT. Now’s the time to prepare. Don’t worry if
your pay doesn’t get bumped. What you want is the title in your job
description. The pay will come.

Dino Londis is an applications management engineer
in New York.

Post a Comment

Your email address will not be published.