Careers in Information Security: 

Letter to a Student

by M. E. Kabay, PhD, CISSP

Associate Professor, Information Assurance
Program Director, Master of Science in Information Assurance
Norwich University, Northfield, VT 05663-1035 USA

Dear Student:

Message text written by Student@college.edu: >I am interested in the security aspect of computers and information. Can you tell me how or what road I might take to get a degree to where I can focus on the security aspect or what would be the closest thing to it?<

Many security experts begin their careers in the military by volunteering or applying for training and positions in SIGINT, INTEL, COINTEL, PSYOPS, and military police. Others take on security responsibilities as part of system and network operations or management. Some security experts come from the administrative side rather than from the technical side.

Taking a computer science degree with a specialization in information security is an excellent way to enter the field. Norwich University, Eastern Michigan University, Purdue, George Washington University, and George Mason University, among others, offer undergraduate degrees with specialization in INFOSEC. Even if your preferred college does not, you can usually manage to get permission for an honors thesis in security if you try hard enough and find resources within the college or the community who can help guide and evaluate your work.

In general, a computer science or management information systems degree with as many security courses as were offered plus extensive reading will help you get a job in information security when you graduate. There are so few people interested in the field that we are much in demand.

For more information about the Norwich University Bachelor of Science in Information Assurance (BSIA) see
< http://www.mekabay.com/bsia >

An advanced degree (e.g., MSc and PhD) in IA offers the possibility of detailed study and original research, much of which you can publish in scholarly journals if you are keen on university teaching and further research. Many postgraduate students are receiving high salary offers as they complete their degrees.

For information about the Norwich University MSc in Information Assurance (MSIA) see
< http://www.msia.norwich.edu/ > and visit the Norwich University graduate portal at
< http://grad.norwich.edu > for additional information about exciting events in the MSIA.

It is not necessary, however, to insist on a computer security degree. One can also enter the field with a strong background in computer science and other disciplines.  The obvious choices for training include (but are not limited to) programming, operating systems, data structures, quality assurance, cryptography, data communications, information systems management and all information security courses that are offered by your school or by nearby schools (find out about away terms).

Less obvious choices include

  •                    artificial intelligence, neural networks;
  •                    foreign languages;
  •                    English, especially with emphasis on clear writing;
  •                    psychology:  intro, social cognition, personality (including abnormal psych), and especially organizational psych;
  •                    history:  of technology; also military studies including warfare, terrorism, intelligence, counter‑intelligence;
  •                    teaching:  learn how to teach effectively.

The wider your expertise the more successful you can be in INFOSEC B and indeed, in general.

In addition, you can acquire several types of certification in security and security‑related fields. I strongly encourages security personnel to aim for the CISSP (Certified Information Systems Security Professional) designation; see <http://www.isc2.org> for more information.

Perhaps the most important elements in successful careers in the security field are a commitment to lifelong learning and an interdisciplinary, wide ranging curiosity. Security is an interesting field because it can benefit from so many different disciplines, including not only technical fields but also aspects of the human side of security.

[Original version included a list of readings and articles which has become outdated.

See “Information Security Resources for Professional Development” at
http://www.mekabay.com/overviews/infosec_ed.pdf ]

Best wishes,

Mich

M. E. Kabay, PhD, CISSP
mailto:mkabay@norwich.edu

Get the free Network World Fusion Security e‑newsletter at
< http://www.networkworld.com/newsletters/sec/ >