Professional development

Q&A: Interview with an IT Security Analyst

December 24, 2012 by Tim Heard

(Rebecca Turner is an IT security analyst, employed by a leading global services provider. Rebecca began her career in IT as a helpdesk technician and has advanced through a number of roles. She has considerable experience as a field engineer, and also as a systems administrator.)

Q: I see from your background that you began your IT career working as a helpdesk technician. How did you get interested in IT security, and what led to you being in your current role?

A. I was an office manager for several years, and helped bring a small office into the computer age, just by reading and a few community college classes. I found that I really, really enjoyed PCs and figuring out how to set them up. I realized that I didn’t want to be a secretary the rest of my life, so I kept going in college and eventually landed a junior helpdesk role 13 years ago.

Q. What are the main duties of your current position?

A. I now work in IT Security. I scan PCs when they are infected, perform network and local vulnerability assessments, and handle patching and reporting.

Q. How well do you feel your training and education have prepared you for this position?

A. I think my early training (A+, Net+ and college) was very valuable in my technical role. It gave me a solid foundation to continue on with.

Q. What specific certifications have you earned?

A. A+, Net+, Novell CNE 6, Security+, CISSP.

Q. Looking back at your career, which of them have been the most helpful?

A. A+ and Net+ for the early years, Security+ and CISSP for my current position. Here’s a list of certification and courses I recommend to security professionals:

  1. A+
  2. Network+ 
  3. Security+
  4. MCITP
  5. CCNA
  6. CCNP
  7. Ethical Hacking
  8. Advanced Ethical Hacking
  9. Computer Forensics
  10. Coding for IT Security Professionals
  11. Reverse Engineering
  12. Advanced Reverse Engineering

Q. Which of them, if any, have best prepared you for your current role, and why?

A. CISSP, as the study gave me great overview of the security world

Q. Are there certain certification programs which you feel, in retrospect, weren’t all that helpful in terms of preparing you for your career?

A. My Novell CNE. I only got it to get a new job. I really never used the information.

Q. If you could take additional coursework right now, or earn an additional certification, what would it be, and why?

A. CEH, SANS 504. I want to learn more about pentesting and ethical hacking.

Q. What are the main challenges someone faces as an IT security analyst that someone who is thinking of entering the field might not think about?

A. It’s very important to have a technical background when going into the security field. At least five years would be my recommendation.

Q. What advice would you give an IT generalist who is thinking of pursuing a career in IT Security?

A. Get your technical certs, like A+ and Net+. Make sure you have at least five years of good hands-on technical troubleshooting.

Q. What do you think are the prospects for this field in terms of job growth?

A. I think the prospects are great. I think the job growth is only going to go up

Q. What changes do you expect to see in the coming years?

A. I HOPE that hiring managers learn the differences in the various certs and what they are used for. Why ask for a CISSP when you really need someone who just has a Security+? I expect to see more security generalist jobs, as companies try to cut costs. The more technical you are, the better path I think you’ll have since you’ll have the experience necessary to be that generalist. I also think we’re going to see many more compliance scanning jobs (PCI, HIPAA, SOX, etc), as more companies get into that kind of business.

Posted: December 24, 2012
Tim Heard
View Profile

Tim Heard is the founder and president of eSearch Associates, a recruiting and staffing firm operating in technology and legal services job sectors. He has worked in a variety of HR and recruiting roles since the late 80’s, when he began his HR career in the hospital division of Humana Inc. He founded eSearch Associates in 2009, reasoning that if he could survive the brilliant strategy of starting a search firm at the peak of one of the nation’s worst recessions, he could survive and thrive anywhere. (Besides which, there were no HR jobs to be had at the time.) Tim has been a freelance writer since 2001, primarily offering advice and opinions related to career advice, management advice, and technology. He has regularly volunteered for a number of years with a local prison ministry, including having served on the board of directors, and currently serves on the board of directors of a local community ministry and food bank. He can be contacted directly at