Category Archives: Jobs

How to Break Into Security

Excellent interview over at “Krebs on Security” with security rock star, Christian Schneier.

First, know that there are many subspecialties in computer security. You can be an expert in keeping systems from being hacked, or in creating unhackable software. You can be an expert in finding security problems in software, or in networks. You can be an expert in viruses, or policies, or cryptography. There are many, many opportunities for many different skill sets. You don’t have to be a coder to be a security expert.

In general, though, I have three pieces of advice to anyone who wants to learn computer security:

Read the entire interview:  How to Break Into Security, Schneier Edition — Krebs on Security.

Advertisements

How to Break Into Security

Great series starting over at Krebs on Security on how to get into the field.

At least once a month, sometimes more, readers write in to ask how they can break into the field of computer security. Some of the emails are from people in jobs that have nothing to do with security, but who are fascinated enough by the field to contemplate a career change. Others are already in an information technology position but are itching to segue into security. I always respond with my own set of stock answers, but each time I do this, I can’t help but feel my advice is incomplete, or at least not terribly well-rounded.

I decided to ask some of the brightest minds in the security industry today what advice they’d give. Almost everyone I asked said they, too, frequently get asked the very same question, but each had surprisingly different takes on the subject. Today is the first installment in a series of responses to this question. When the last of the advice columns have run, I’ll create an archive of them all that will be anchored somewhere prominently on the home page. That way, the next time someone asks how they can break into security, I’ll have more to offer than just my admittedly narrow perspectives on the matter.

Read the whole interview:  How to Break Into Security, Ptacek Edition — Krebs on Security.

What constitutes a “qualified” IT candidate?

Interesting what General Dynamics looks for in determining if  a candidate is “qualified”.

General Dynamics Information Technology (IT) Staffing Lead Robert Cellich, based in Tampa, Fla., seeks qualified individuals to fill on average 300 positions a year to support General Dynamics IT’s military services sector. But what constitutes a candidate as “qualified”? The right combination of hard and soft skills, credentials and attitude.

Roughly nine out of 10 jobs that Cellich fills require security clearances, a determination by the United States government that a person or company is eligible for access to classified information. “Cleared individuals aren’t hard to find,” he says. “What’s difficult to find is a cleared individual who has the right qualifications for the position.”

“I’m looking for individuals who have polished hard and soft skills,” he says.

For ‘hard skills,’ Cellich looks for demonstrated, hands-on proficiency in the technical areas the job he is seeking to fill. When considering a candidate for a higher level role, he scrutinizes the positions listed in the candidate’s resume—the type of position, the type of company, and length of tenure—to see if the person has relevant, quality experience.

“I’m not going to hire somebody for a senior role who has only a year or two of experience because they’re just not ready for that type of role yet,” Cellich says. When filling a system administrator position, for example, Cellich will prefer candidates who have performed that role. “Whereas the person who has been in a help desk role for 10 years—whose resume shows no discernable system administration experience, lacks steps taken to grow into system administration, fails to demonstrate an effort to get their MCSA (Microsoft Certified Systems Administrator certification)—is still at the help desk level and is unlikely to be prepared for system administration.”

Training and certifications can be huge, especially if a candidate lacks experience.

IT-related training, certifications and degrees can help candidates with less experience. For Cellich, an IT certification gives the candidate credibility by demonstrating that the individual has the capacity and the motivation to learn the trade. “Our customers often want individuals with certifications, because it shows that the person has the capability of doing a specific type of work.”

Cellich has one caveat: “Don’t just go and take the training and not get the certification. It’s almost a negative, because my first question will always be ‘Why didn’t you get the certification?’”

Entry level candidates with an IT certification can still have difficulty obtaining full-time IT work experience in a tough economy, and Cellich recommends that IT job hunters volunteer or obtain a part-time position working with IT as an alternative. “Anything you can put down on resume shows that you have used some of the things you have learned will put you a step ahead of the person who hasn’t done that.”

It’s highly likely that the way General Dynamics defines “qualified” is the way many companies do.  So be sure to stay-up-to-date on skills and knowledge.  At the same time utilize various avenues to gain experience if you don’t have it.

Head over to the source for some tips on that resume.

Enhanced by Zemanta

Tips to a successful IT job interview

So you’ve applied for that IT job and you’ve made it to the interview stage.  Here are some tips from Venture Loop CEO Jeremy McCarthy on how to make it a successful interview.

Regardless of how you view this prospective opportunity, always do your best in the interview for you never know where it may lead you. Some of his other suggested tips:

1) Research: With everything literally at our fingertips today, it’s close to blasphemy to enter an interview without having searched and studied as much about the history, fact and figures of the company with whom you are interviewing as possible. Savy online searching can turn up valuable information to prove to an employer they’d be hiring an expert in their industry.

2) Review your triumphs and faults: You can almost guarantee that typical questions such as your vision for five years down the road, strengths, weaknesses, tough work situations and best type of person to work for will be asked, so why not write down your answers ahead of time to review rather than spin your wheels while sitting in ‘hot seat.’

3) Behavioral question awareness: More firms rely on behavioral interviewing techniques to see how candidates answer when asked for specific examples of past professional situations. McCarthy presents some typical queries to prepare for ahead of time:

  • How you handled not meeting a deadline
  • How you dealt with conflict with a co-worker or boss
  • What you did when someone else’s actions caused failure
  • When did you show initiative
  • What did you do when a customer was upset with you
  • What did you do when a co-worker blamed you unfairly for something

For the rest of Mr. McCarthy’s tips check out the source.

Enhanced by Zemanta

“Private cloud” skills

Diagram showing three main types of cloud comp...

Image via Wikipedia

Great piece over at the CompTia blog regarding the “private cloud”:

What is the “private cloud?” Well, it’s where the IT department is where the company itself provides all of the cloud-based services, but from within its own firewall. Remember when the term “Intranet” was coined to describe how IT could provide the best Internet-based services behind the firewall? Private cloud computing is basically the same sort of approach. Again, some folks think that private cloud computing is an oxymoron. Like Eric Knorr over at InfoWorld, I think the definition of the “private cloud” is a bit fuzzy, but it’s worth talking about.

The private cloud involves virtualized services offered as a service independent of any single hardware platform, usually through a Web browser. When offered privately, cloud services remain behind the firewall, and they are offered on a metered basis. This means that the IT department becomes the “X as a service” provider.

As well as skills that one should have to be an expert in the “cloud”:

If you want to become a private cloud computing expert, check out the following skills you should learn:

  • Understand business issues, including the concepts of the Service Level Agreement (SLA), and chargeback. Yes, chargeback. Yeah, it’s kind of a weird word. The first time I heard it back in 1997, I thought someone was talking about some sort of new defensive lineman position for the NFL. Basically, chargeback means metering services and then charging departments, making your IT department a business within your business. This way, your IT department becomes less of a cost center and more of a revenue generator, in a sense. Pretty cool idea if you can get it to work.
  • Know how to read a bill from a cloud provider, no matter which side of the firewall it comes from. From the people I’ve talked to, the numbers change pretty radically
  • Learn virtualization.
  • Get some consulting skills.

 

Enhanced by Zemanta

The importance of the online image …

when it comes to the all-important job search.  Know what is out there and how it can help or hurt.

Find Yourself (on the Internet)

If you have any Web presence at all–even an anonymous blog or a habit of forwarding annoying e-mail messages to relatives–you should google yourself regularly. Occasionally, you’ll also want to run an in-depth online background check. And depending on the industry you want to work in, you may want to pay for a professional online background check. Here are some tips for finding yourself:

1. Search for your name in quotation marks (such as “Steven Smith”) and without them (Steven Smith) to see what comes up. Also search any variations of your name (like “Steve,” “Steve-o,” and “Stephen”) as well as all the usernames you use for any online service, in case hiring managers try to be clever.

2. Use site-specific searches for the Websites of companies you have worked for and schools you have attended. This is especially important if you’re looking for jobs that require a certain presence. For example, searching Google for site:pcworld.com Sarah Jacobsson Purewal proves that I’m not lying when I say I write for PCWorld.

3. Use keywords. Hiring managers will most likely look for information relevant to the job you’re applying for–such as “Sarah Jacobsson Purewal” freelance writer, but go ahead and search for your name along with worst-case-scenario terms–such as “drunk,” “arrested,” or “wanted”–just in case. This is also a good way to find out if you share a name with a criminal or otherwise unsavory character. In one sense, this may be better for you, since you can attribute any bad search results to the other person; on the other hand, it’s probably no treat to look for a job if your name happens to be Ted Kaczynski.

Head over to the source for more on this important subject.  And if you still think that it isn’t important, remember this tidbit from the article:

Then my mother sent me an e-mail with a photo she’d found of me–not an embarrassing one, but still not terribly professional. If my mother–whose most advanced technological skill is hitting Ctrl-C to copy text–could find that photo, what could a hiring manager with a middle-schooler’s level of technological savvy unearth?

A whopping 70 percent of human resources professionals have rejected potential candidates because of their online information, according to a Microsoft study. The good news: 86 percent of HR professionals said that a positive online reputation favorably influenced a candidate’s application to “some extent.”

 

Enhanced by Zemanta

Secrets of Successful Tech Contractors

Very interesting.  If you are an IT contractor what are your thoughts?  Would you agree?

Powered by ScribeFire.

Enhanced by Zemanta

 

Job board launched

More proof that Linux is gaining ground?

The foundation’s Linux Jobs Board is available on Linux.com. It features two options for posting: Jobs can be posted on Linux.com only, with prices starting at $99 for 15 days, or jobs can be posted on both Linux.com and with JobThread Network, which reaches more than 50 additional publishing sites with a combined total of 9.8 million visitors per month. The Linux.com and JobThread Network option costs 49 cents per matching view.

“Linux’s increasing use across industries is building high demand for Linux jobs despite national unemployment stats,” said Jim Zemlin, executive director at the foundation, in a statement released by the foundation. “Linux.com reaches millions of Linux professionals from all over the world. By providing a jobs board feature on the popular community site, we can bring together employers, recruiters, and job seekers to lay the intellectual foundation for tomorrow’s IT industry.”

Job postings can be submitted on Linux.com.

JobThread Network, according to the foundation, has found that demand for Linux-related jobs has grown 80 percent since 2005.

Job seekers, meanwhile, can include LinkedIn details on their Linux.com profile, including resumes. They also can subscribe to the Linux.com Jobs Board RSS feed and receive e-mail alerts. Additionally, they can follow Linux-related job opportunities on Twitter. (Source: InfoWorld)

Reblog this post [with Zemanta]

Strong IT job outlook

It looks like the IT security field is the place to be for 2010 and beyond when it comes to the job market.

“Security is the place to be in 2010 and for the foreseeable future,” says David Foote, CEO of Foote Partners, an IT research firm in Vero Beach, Florida. At a time when the average values of most certifications are falling, security-related certifications have continually increased in average value and pay, he says.

Job growth in this area has also been driven by corporations separating operational security and strategic risk management tasks. “All of a sudden, you have to have IT people in the room when you’re talking about overall enterprise risk,” Foote says.

Robert Half Technology data suggests the starting salary range for an information systems security manager will be $96,500 to $130,750 in 2010. Foote’s data says the job is averaging $102,200 to $143,700.

Web/application development and network administration are going to be hot fields as well.

Application developers and Web developers will be in demand in 2010 as companies try to leverage social media and interactive Web sites.

Starting salaries for senior Web developers will be $78,000 to $109,500 in 2010, Robert Half Technology predicts. The hottest skills related to social media include: Microsoft Commerce Server, Java, SOAP, Python, Microsoft SharePoint, C, SQL and Sybase Adaptive Server, Foote says.

Social media initiatives also generate jobs for support technicians and help-desk pros, says Kathy Northamer, Robert Half Technology senior vice president. The staffing firm’s survey projects starting salaries of $28,500 to $39,000 for entry-level help-desk jobs, while Foote says the range will be $38,600 to $54,250.

Cloud computing, Voice over Internet Protocol (VoIP) and Software as a Service (SaaS) have significantly increased the complexity of networks. That trend will continue in 2010.

Chief information officers interviewed for the first-quarter Robert Half Technology IT Hiring Index and Skills Report cited network administration as the most in-demand skill set.

Network administrators can expect to see starting salaries ranging from $54,500 to $80,250 in 2010, Robert Half Technology predicts. (Source: 2010 IT Salary & Jobs Outlook – Monster.com)

Looks like there should be numerous opportunities once I finish the Bachelor degree in Information Systems Security in a few months.

Reblog this post [with Zemanta]
%d bloggers like this: