Q&A: Interview with an IT Security Analyst
(Rebecca Turner is an IT security analyst, employed by a leading global services provider. Rebecca began her career in IT as a helpdesk technician and has advanced through a number of roles. She has considerable experience as a field engineer, and also as a systems administrator.)
Q: I see from your background that you began your IT career working as a helpdesk technician. How did you get interested in IT security, and what led to you being in your current role?
A. I was an office manager for several years, and helped bring a small office into the computer age, just by reading and a few community college classes. I found that I really, really enjoyed PCs and figuring out how to set them up. I realized that I didn’t want to be a secretary the rest of my life, so I kept going in college and eventually landed a junior helpdesk role 13 years ago.
Q. What are the main duties of your current position?
A. I now work in IT Security. I scan PCs when they are infected, perform network and local vulnerability assessments, and handle patching and reporting.
Q. How well do you feel your training and education have prepared you for this position?
A. I think my early training (A+, Net+ and college) was very valuable in my technical role. It gave me a solid foundation to continue on with.
Q. What specific certifications have you earned?
A. A+, Net+, Novell CNE 6, Security+, CISSP.
Q. Looking back at your career, which of them have been the most helpful?
A. A+ and Net+ for the early years, Security+ and CISSP for my current position. Here’s a list of certification and courses I recommend to security professionals:
- Ethical Hacking
- Advanced Ethical Hacking
- Computer Forensics
- Coding for IT Security Professionals
- Reverse Engineering
- Advanced Reverse Engineering
Q. Which of them, if any, have best prepared you for your current role, and why?
A. CISSP, as the study gave me great overview of the security world
Q. Are there certain certification programs which you feel, in retrospect, weren’t all that helpful in terms of preparing you for your career?
A. My Novell CNE. I only got it to get a new job. I really never used the information.
Q. If you could take additional coursework right now, or earn an additional certification, what would it be, and why?
A. CEH, SANS 504. I want to learn more about pentesting and ethical hacking.
Q. What are the main challenges someone faces as an IT security analyst that someone who is thinking of entering the field might not think about?
A. It’s very important to have a technical background when going into the security field. At least five years would be my recommendation.
Q. What advice would you give an IT generalist who is thinking of pursuing a career in IT Security?
A. Get your technical certs, like A+ and Net+. Make sure you have at least five years of good hands-on technical troubleshooting.
Q. What do you think are the prospects for this field in terms of job growth?
A. I think the prospects are great. I think the job growth is only going to go up
Q. What changes do you expect to see in the coming years?
A. I HOPE that hiring managers learn the differences in the various certs and what they are used for. Why ask for a CISSP when you really need someone who just has a Security+? I expect to see more security generalist jobs, as companies try to cut costs. The more technical you are, the better path I think you’ll have since you’ll have the experience necessary to be that generalist. I also think we’re going to see many more compliance scanning jobs (PCI, HIPAA, SOX, etc), as more companies get into that kind of business.