Careers in Information Security:
Letter to a Student

by M. E. Kabay, PhD

Emeritus Professor of Computer Information Systems

School of Cybersecurity, Data Science and Computing

College of Professional Schools

Norwich University, Northfield, VT 05663-1035 USA

 

Message text written by Student@college.edu:

>I am interested in the security aspect of computers and information. Can you tell me how or what road I might take to get a degree to where I can focus on the security aspect or what would be the closest thing to it?<

Many security experts begin their careers in the military by volunteering or applying for training and positions in SIGINT, INTEL, COINTEL, PSYOPS, and military police. Others take on security responsibilities as part of system and network operations or management. Some security experts come from the administrative side rather than from the technical side.

Taking a computer science degree with a specialization in information security is an excellent way to enter the field. Norwich University, Eastern Michigan University, Purdue, George Washington University, and George Mason University, among others, offer undergraduate degrees with specialization in INFOSEC. Even if your preferred college does not, you can usually manage to get permission for an honors thesis in security if you try hard enough and find resources within the college or the community who can help guide and evaluate your work. Some of these institutions offer both in-person and online courses.

When you are in college in person, see if there are opportunities such as system-administration internships or jobs; participate actively in computing or security clubs.

In general, a computer science or management information systems degree with as many security courses as were offered plus extensive reading will help you get a job in information security when you graduate. There are still not enough people interested in the field and we are in increasing demand in all areas of society.

For more information about the Norwich University on-campus bachelor degrees in cybersecurity, data science & computing, see

·         https://catalog.norwich.edu/residentialprogramscatalog/collegeofprofessionalschools/#schoolofcomputingtext

For online bachelor degrees in these areas, see

·         https://online.norwich.edu/academic-programs/bachelors/computer-science

·         https://online.norwich.edu/academic-programs/bachelors/cybersecurity

·         https://online.norwich.edu/academic-programs/bachelors/data-analytics

An advanced degree (e.g., MSc and PhD) in IA offers the possibility of detailed study and original research, much of which you can publish in scholarly journals if you are keen on university teaching and further research. Many postgraduate students are receiving high salary offers as they complete their degrees.

For information about the Norwich University online MSc degrees in computing-related areas, see

·         https://online.norwich.edu/academic-programs/masters/cybersecurity

·         https://online.norwich.edu/academic-programs/masters/information-systems

It is not necessary, however, to insist on a computer security degree. One can also enter the field with a strong background in computer science and other disciplines. The obvious choices for training include (but are not limited to) programming, operating systems, data structures, quality assurance, cryptography, data communications, information systems management and all information security courses that are offered by your school or by nearby schools (find out about away terms).

Less obvious choices include

·         artificial intelligence

·         neural networks

·         foreign languages

·         English, especially with emphasis on clear writing

·         psychology: intro, social cognition, personality (including abnormal psych), and especially organizational psych

·         history: of technology; also military studies including warfare, terrorism, intelligence, counter-intelligence

·         teaching: learning how to teach effectively.

The wider your expertise the more successful you can be in INFOSEC and indeed, in general.

In addition, you can acquire several types of certification in security and security-related fields. I strongly encourage security personnel to aim for the CISSP (Certified Information Systems Security Professional) designation and other relevant certifications; see

·         https://www.isc2.org/Certifications

Perhaps the most important elements in successful careers in the security field are a commitment to lifelong learning and an interdisciplinary, wide ranging curiosity. Security is an interesting field because it can benefit from so many different disciplines, including not only technical fields but also aspects of the human side of security.