Contents
Guide
Kezia Endsley is a writer and editor from Indianapolis, Indiana. In addition to editing technical publications and writing books for teens, she enjoys running and triathlons, traveling, reading, and spending time with her family and many pets.
EDITORIAL BOARD
Eric Evitts has been working with teens in the high school setting for twenty-three years. Most of his career has dealt with getting teens, especially at-risk students, to find and follow a career path of interest. He has developed curriculum for Frederick County Public Schools focusing on anti-bullying and career development. He is currently a counselor at South Hagerstown High School.
Danielle Irving-Johnson, MA, EdS, is currently the career services specialist at the American Counseling Association. She exercises her specialty in career counseling by providing career guidance, services, and resources designed to encourage and assist students and professionals in obtaining their educational, employment, and career goals while also promoting the importance of self-care, wellness, work-life balance, and burnout prevention. Danielle has also previously served as a mental health counselor and clinical intake assessor in community agency settings assisting diverse populations with various diagnoses.
Joyce Rhine Shull, BS, MS, is an active member of the Maryland Association of Community Colleges Career Affinity Group and the Maryland Career Development Association. She presently serves as an academic advisor in higher education and teaches professionalism in the workplace as an adjunct professor. Her experience also includes two decades of management and career education of vocational courses and seminars for high school students.
Lisa Adams Somerlot is the president of American College Counseling Association and also serves as director of counseling at the University of West Georgia. She has a PhD in counselor education from Auburn University and is a licensed professional counselor in Georgia as well as a nationally approved clinical supervisor. She is certified in Myers Briggs Type Indicator, Strong Interest Inventory, and Strengths Quest administration.
I n the introduction, you learned that the infosec/cybersecurity field is growing and is expected to be a strong career path for a long time. At the same time, you should understand that its a competitive industry and that to succeed in it, youll need to keep learning new techniques, languages, and technologies all throughout your career.
This book is not designed to convince you that you should pursue an infosec career. Instead, its goal is to thoroughly describe various careers within infosec to help you decide whether its something youd like to explore. Infosec is an interesting career choice, because infosec professionals work in every type and size of industry and business imaginablefrom startups to Fortune 500 companies and beyond.
The good news is that infosec analysts are hot commodities. This means that theyre in great demand, and companies are struggling to fill the slots with qualified workers. Youll learn more about the demand in the field later in this chapter.
This chapter discusses five key fields in infosec that were presented in the introduction. It covers the basic duties and tasks in each. After reading this chapter, you will have a good understanding of five different types of jobs, and you can start to determine if one of them is a good fit for you. Lets start with discussing what infosec professionals do in general.
This book contains a lot of technical jargon. If you run into unfamiliar terms and descriptions while reading this and other chapters, be sure to check out the detailed glossary at the end of the book, which defines many of these terms for you.
What Do Infosec Professionals Do?
Network security. Cybersecurity. Internet security. These terms are all related, and they describe different angles of information security (infosec). When you read about large companies and databases being hacked, you know that it was a failure of network security. But for every company whose data is breached in a security incident, thousands of companies keep their data locked up tight, away from prying eyes. This is the job of the infosec analyst.
If you have used a smartphone, purchased something online, entered a password, or even just used a computer, you are probably aware of some of the ways that companies attempt to protect your personal data so that it is secure and inaccessible to others who might use it nefariously. Infosec professionals are those people behind the scenes, working to make networks, databases, clouds, and application systems safe and secure for their users, as well as securing your personal information, tracking down bugs and leaks, and finding and fixing security breaches. In short, infosec workers attempt to secure the many systems that we use every day, as well as our personal data.
Studying and learning new things is a big part of every infosec career. Getty Images/venuestock
These specialists analyze and evaluate weaknesses in the infrastructure (this might be the software, hardware, networks, or cloud). They find the best tools and countermeasures to address those vulnerabilities. They may also assess the damage from security incidents and recommend solutions and best practices. They may also test for compliance with security policies and help the organization create, implement, or manage its security solutions.
Infosec analysts learn from each new attack, whether it was carried out on them or on another company. By knowing the tools of the hackers and data thieves, they can help their own company create better defenses. In addition to watching other companies, infosec analysts often attempt to break into their own systems, in an attempt to find holes in their own security systems and patch them before anyone else identifies the vulnerability.
The following is a list of the typical tasks of the infosec analyst:
- Monitor their companys networks/clouds/databases for security breaches
- Be familiar with firewalls and tools like encryption that keep data private
- Report any security breaches or data loss to management@
- Attempt to attack their own networks/databases to simulate a hacking attempt
- Recommend security enhancements to management or senior IT staff
- Write security documentation, policies, and procedures for the companys users
- Help the companys employees understand and properly follow the security protocols
So, where do infosec people work? Regardless of the official job title, typical employers of infosec professionals include the following:
- Technology and internet companies
- Security software companies
- Defense companies
- Many government departments and defense/intelligence agencies
- Many IT companies, and IT divisions of companies in many industry sectors
- The e-commerce sector
- Banks, financial firms, and credit card companies
- Really, any medium- to large-sized company!
Infosec has become so integrated into our lives that its hard to count how many ways it affects us. Thats one of the reasons that the industry offers so many different opportunities and different types of jobs. Likewise, the education, certification, and job descriptions for various infosec jobs can differ greatly. This is why its important to list and describe many different types of jobs in this chapter.
If you enjoy working with people, love to know how things work, are perhaps a little paranoid by nature, and like a fast-paced environment, a career in infosec may be good for you. On the other hand, you may work long hours, and sometimes youll need to be on call overnight or during the weekend. There can be a lot of stress, because the success of the company rides on the security of its systems. So consider these facets while you learn more.