Running head: STARTING THE CLIMB AS A SECURITY PROFESSIONAL

Starting the Climb as a Security Professional

Stephen J. Dekker
Delaware Technical and Community College

Starting the Climb as a Security Professional

Abstract
When starting out in any technical field, it is often hard to find a quality job that both
encourages and challenges. The field of computer and network security, also known as
information security, is no different. Those involved in computer and network security are
responsible for protecting company networks and computers from cyber attacks. In order to
become hired as a security professional, a number of things are necessary, such as education,
work experience, and certifications. Certain characteristics fit in this line of work better than
others. Those traits become extremely apparent and useful in the field of information security. A
combination of all these things culminates in a great chance at becoming the next big name in
information security.

Starting the Climb as a Security Professional

Starting the Climb as a Security Professional

Information security is a rising field that many are considering as a career option. The
responsibilities of a security professional are not necessarily common knowledge. Clearly, it is
important to know what a potential careers responsibilities might include. Some examples of
such responsibilities, as defined by the Bureau of Labor Statistics Occupational Outlook
Handbook, include the following: Monitor[ing]... organization networks for security breaches
and investigate[ing] when one occurs, install[ing] and use[ing] software, such as firewalls and
data encryption programs, to protect sensitive information, and prepare reports that document
security breaches and the extent of the damages caused by the breaches (Occupational Outlook
Handbook, 2015).While not a full summary of all duties performed by any given information
security professional, it is a useful list to someone who is looking to become a security
professional.
In addition to knowing what a professional does, it is helpful to know what kind of
person is typically drawn to this field. That way, one can understand the type of people they
would be working with on a day to day basis. Obviously, not every person in the field is the
same, but a certain character type fits in information security extremely well. Some of the
characteristics that play well with this field of study are focus on details, thinking outside the
box, and analytical tendencies (Occupational Outlook Handbook, 2015). These qualities are
important because a professional need to be able to find minor flaws that could be a sign of a
breach, determine when things can be made better with code or new hardware, and they need to
be able to keep up with the constantly changing standards of the field (Occupational Outlook
Handbook, 2015).

Starting the Climb as a Security Professional

4
When considering information security as a career, it is important to consider the
knowledge level required to be fluent in the field. There are several sources of knowledge for
information security professionals. First, education is very important, and is usually the go-to for
those looking to get started. Often, the minimum requirement is a bachelors degree in
programming, computer science, security, or a related degree (Occupational Outlook Handbook,
2015[a]). This is because an information security specialist needs to know how things work
throughout their network (Occupational Outlook Handbook, 2015[b]). If one didnt have at least
a basic understanding of how things in their network operated, a security professional wouldnt
be able to properly secure it. It could be compared to a mechanic - if the mechanic doesnt know
whether the car is front-wheel drive or rear-wheel drive, he might not install the correct wheels
or transmission that the car needs to work properly. It isnt necessary to be master of a certain
specialty, but rather the phrase jack of all trades is often associated with security professionals.
Additionally, experience is key. If the potential employee has experience in security or in
one of many fields of information technology, they are an ideal candidate for the job
(Occupational Outlook Handbook, 2015[c]). Past work experience can be helpful because it
shows that the candidate has past experience with similar systems, or that they understand the
way certain things are accomplished. Some examples of previous experiences that would help
with becoming employed would be a network administrator or computer programmer
(Occupational Outlook Handbook, 2015[d]). These experiences would all line up with the
concept of similar experience, which helps an employer know what skills someone has, what
kinds of problems they have dealt with, and more.
Lastly, certifications are extremely helpful for acquiring a job in information security.
Certifications are similar to education, but instead of providing the whole course, certifications

Starting the Climb as a Security Professional

5
only provide the final exam. While they are not the only requirement for proving oneself, they
are certainly highly regarded. In the words of the Occupational Outlook Handbook:
Certification[s] validate the knowledge and best practices required from information security
analysts. (Occupational Outlook Handbook, 2015[e]). Additionally, there are many varieties of
certifications from different vendors and companies, which helps to specialize security
professionals (Occupational Outlook Handbook, 2015[f]).
Now that the requirements to enter have been established, what kind of life can one
expect to live when employed as an information security professional? What kind of salary could
someone expect to make? It depends on what the scope is. If you are looking for purely a
security experience, lots of prior work experience is necessary, and an entry level job for a
security professional isnt really entry level at all. Think about it- if a security professional needs
to know how things work, they need to have a fair amount of experience and education.
Therefore, an acceptable pay grade for a pure security experience would be something akin to the
Information Security Analyst outlined by the Bureau of Labor Statistics Occupational Outlook
Handbook. It states that the pay grade for that career, a generalization of the information security
profession, makes a median annual salary of $90,120 (Occupational Outlook Handbook, 2015g).
Considering everything, information security is an important field that is gaining
popularity. Data analysts look at data coming in for potential breaches, and research new security
tech to implement in their networks. It is required to have a bachelors degree to get a job as a
security professional. Often, past work experience is highly preferred, as well as certifications, in
addition to a formal education. The combination of these elements make a potential employee
very diverse in their skills, which is well-sought after, and makes for a more enjoyable

Starting the Climb as a Security Professional

6
experience. Since information security professionals need to be able to identify subtle attacks and
breaches, an analytical, high-level thinker fits the mold well.
Personal Reflections
This author believes that a true entry position for a rising security professional would be
significantly less focused. True, someone looking for information security work would want
something more focused, but at the start, no one has the necessary knowledge or know-how to be
a security professional. Since the security professional requires a vast selection of knowledge and
skills, an entry level position would be one that would help gather that kind of experience. That
might be something like the State of Delawares Telecommunications/Network Technician,
which has eleven pay grades for different skill levels. Because entry level is the target, the
Telecommunications/Network Technician I would likely be an appropriate fit. The job
description states that the employee would be responsible for setting up new PCs, which includes
installing the operating system, connecting to the network, and troubleshooting problems with
PCs in a fashion similar to a help desk position, under supervision (State of Delaware Job
Titles[a]).
This is a good starting position because the employee is not responsible for too much, but
they are exposed to many problems that will propel them in their information gathering
experience. Surprisingly, one remarkable trait of this job title is that it requires no education
(State of Delaware Job Titles[b]). This would provide the rising security professional a chance to
go to school while gaining fantastic work experience. Additionally, as one rises in the ranks, they
acquire more and more responsibilities. For example, the Telecommunications/Network
Technician II is allowed to work by themselves, and can also work with network switches to
diagnose connectivity problems, and the Telecommunications/Network Technician III can assist

Starting the Climb as a Security Professional

7
in designing new networks and can also implement new switches, routers, and servers (State of
Delaware Job Titles[c]). The Telecommunications/Network Technician seems like a very good
starting position that provides a large amount of useful experience to a rising security
professional.
As I rise in my field of information security, I need to prepare for whats to come. First of
all, I need education. I am working on that right now, in fact. The Occupational Outlook
Handbook stated that the requirement was a bachelors degree in a relevant study. I am attending
Wilmington University to finish out what Ive started here at Delaware Technical and
Community College, and I begin in the autumn.
Second, I need work experience. I have been very fortunate to get a fantastic and relevant
IT internship at Delmarva Power (now Exelon Corp.) that I have been at since the summer of
2015 and should last me at least until the summer of 2017. I have been getting amazing
experience that I am very grateful for. It is similar to the Telecommunications/Network
Technician mentioned earlier. It has vastly expanded the amount of knowledge that I gleaned
from my classes here at DelTech. I have the knowledge and skill at this point that I would be
roughly equivalent to a slightly enhanced Telecommunications/Network Technician II. I would
make around 28,000 annually, but I work part time while Im in school due to company policy,
so its closer to 18,000. It may seem low compared to the figures previously shown, but not all
businesses adhere to that base salary, and I am thankful and lucky to be making more in salary
and experience than many other classmates. I am very excited for whats to come there, because
Delmarva recently got bought by Exelon, which means my title may include more
responsibilities in the new company, allowing me to further practice what I know.

Starting the Climb as a Security Professional

8
Lastly, I need to take certifications. I have not taken any yet, purely because I am of the
mindset that early certifications are not worth the expense of taking the exam. As previously
stated, certifications are like classes, but with just the final exam to take. You have to know the
content to pass. I am capable of passing numerous exams, but I have chosen not to take them
because I am comfortable explaining my skills and knowledge set on my own. I do have a few
that I plan on studying for and taking once I complete my bachelors degree at Wilmington, but
until then, I am comfortable in my own skin, so to speak.

Starting the Climb as a Security Professional

References
Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, 201617 Edition, Information Security Analysts, at http://www.bls.gov/ooh/computer-andinformation-technology/information-security-analysts.htm (visited June 27, 2016).
State of Delaware, Office of Management and Budget, Human Resource Management, Job
Titles, at http://www.jobaps.com/de/auditor/classreports.asp