If there was a single takeaway from the recent San Francisco RSA conference, it was that security threats are more ubiquitous, persistent and pernicious than ever.
According to Gartner, the financial impact of cybercrime will grow 10 percent through 2016. Worse still, according to ISACA, is that 80 percent of breaches today have a root cause in social engineering; one type of breach attempt, phishing, has become the most dangerous attack vector in cybersecurity. Why? Because even as enterprises improve their network security with technology, black hats are finding it far easier to hack users via phone, email, and specially crafted websites.
Businesses have responded to the omnipresent threat by hiring more information-security personnel; in a bid to protect intellectual property, firms are scooping up lots of techs with a CISSP or CISM. But not everyone working in information technology can work in the InfoSec department: In fact, it wasn’t until recently that InfoSec was on the corporate radar.
Today, chief security officers (CSOs) need to interoperate with a staff of IT workers who are not only familiar with security, but also work to advance it within the enterprise. That means IT workers of all stripes with some security experience on their resume have an advantage when it comes to the job hunt and promotions. So what security-related things can you place on your resume? Probably more than you think.
- Coders can stress how they used ERPM to obfuscate plaintext passwords on SQL queries.
- Application engineers can cite testing and deployment of privilege elevation software, or GP modifications to lock down the endpoint.
- Help desk technicians can cite an initiative to add security specifics into the ticketing system, or include the mundane task of issuing RSA soft tokens for smart phones, or maybe helping their operations department migrate to Duo.
- Desktop support engineers can show how they’ve physically locked down PCs and institutionalized hard drive encryption.
If you don’t have anything security-related on your resume, begin today by asking the CSO or CIO where you can help as far as researching and testing a service. Maybe you can help view the mountains of logs generated by security software, or find a Big Data solution to crunch all that data to discover behavioral trends. The field is wide open. Even if your company never purchases the service in question, you now understand it, which means you can discuss it with some authority during a job interview.
There is also a growing field of security awareness, which involves teaching people how not to get tricked by social engineering. Security awareness is a low cost solution that anyone in a technology-centric role can implement, given the time. It can range from a monthly email program to fully robust classes that demonstrate, for example, how someone can hack a PC. Many companies lack a security awareness position, and probably wouldn’t be adverse to someone volunteering to take it over.
Another good way to get security on your resume is to get a certification. CISSPs are very hard to get; CISM is designed around understanding the business needs of InfoSec; CompTIA also offers some known certifications.
Have you touched any security technologies? If so, you’d do your career a favor by highlighting them on your resume. Security is not just the latest buzzword; it can pose an existential threat to the enterprise (just ask Sony). Businesses are investing heavily in security technologies and people to protect them; a resume that is angled to show security is more likely to get noticed.