Everybody has a start in their chosen field. Sometimes this start is a calculated, deliberate choice and sometimes it is a product of both chance and luck. When I had my start in information security, it was an experience where at the end of the day I discovered that not only was information security my passion, but it was also dropped in my proverbial lap.
For those wanting to make the move from help desk to security, this move can be planned and executed without much difficulty. This article will detail how you too can make the move from help desk/service desk to a role on your organization’s security team. We’ll do this by exploring both how my move played out for me and what you should consider before making yours. By the end of the article, you will be in a much firmer position to decide whether you want to make this move too.
My move to security
My first role in information technology was a help desk analyst role. I always had an interest and general knack for knowing my way around a computer, so it seemed like a natural fit. Let’s be honest, though — unless your organization is supporting thousands of users with an unstable information technology environment, you will get bored fast. It was not more than one day on the job before I discovered my next technological calling — security.
The best starting point for making your move is finding out whether your organization has a security team. Even if it does not, if you show enough interest and some information security knowledge, your supervisor may add security responsibilities to your plate. If you are currently in help desk and there is no way to expand your role to include security responsibilities, look for them at another organization.
How to make the jump
Making the jump from a help desk role to your organization’s security team is different for everyone and comes down to building your security skill set.
A good way to build this is to look for the opportunities that your organization allows to learn these security-related skills or demonstrate that you have these skills already. Think of these opportunities as more like a chance to make the make the absolute most of the work (or other) situations that come your way.
This may sound vague, but hands-down, impressing those in IT or information security management is your best way to move to the security team.
A great example is to find a way to automate some task or process on the help desk side to demonstrate to management that you have scripting skills. If you can successfully make the help desk role easier you can better justify moving to the security team, especially if you automated yourself out of your help desk role!
When you feel stuck in your help desk role and your organization cannot use what little security skills you have, volunteering is a great way to pick up some security skills for your resume. Though the concept of working for free may not be everyone’s cup of tea, think of it like this — you are being paid with skills instead of money.
One of the best ways to do this is to contact a local company’s security or IT team and ask if they need a security volunteer. Chances are they can use the help.
Shadowing is another great way to add security skills to your proverbial skills toolbox. If you see that there is a security-related project beginning, ask if you can shadow one of the team members as they work their part of the project. If you are lucky, it will be the project lead.
Solid ideas of projects you could shadow on include when new security devices get deployed, when your organization is migrating to a new security system or solution, or even some day-to-day tasks if you simply express your interest in security. You would be surprised how helpful and open security professionals can be when they find out you share their passion for security.
Online bug bounties
Another good way to pick up security skills recognition outside of work is online bug bounties. A bug bounty is a deal offered by many organizations, software developers and websites where volunteers offer bug reporting skills in exchange for recognition and compensation.
Of course you would have to have at least some skills to uncover security vulnerabilities to successfully perform a bug bounty, but if you do, you can learn a lot from participating in a bug bounty. Remember, being a good learner is possibly the best security skill to have.
HackerOne offers bug bounties and projects, which can be found here.
Earn a certification
Earning a security certification may give you the edge you are looking for in this jump to the security team. Information security professionals on a security team need to have an advanced level of security knowledge to be most effective. Certifications will help verify your security knowledge and will help improve the chances of anyone trying to join a security team. The two certifications I would start with are CompTIA Security+ and EC-Council’s Certified Ethical Hacker (CEH).
Best of all, many organizations offer sponsorship for IT and information security certifications.
It is entirely possible to make a career move from a help desk role to a member of your organization’s security team. I made the move myself based on my interest, initiative and good luck, as my organization had the need. If you are not in the same spot I was, put yourself out there by touching as many security tasks as you can or looking for this opportunity in another organization.