Skip to content

A Day in the Life…of an Information Security Professional

September 12, 2012

Recently I was asked to answer a few questions for students who are interested in a career in Information Security. As a professional in the field, I am more than happy to answer questions and mentor those who are looking at information security and cyber security.

First, if you like problem solving, research and documentation, it’s a pretty good career. But to get a little more in depth, I’ll answer the questions that were posed to me as a starting off point prior to going into “A Day in the Life…of an Information Security Professional.

1. Tell us about yourself. (Education, certifications and other professional experience, # of years in industry/field, current title) and what you do.

I am a Navy Veteran with 20 years of experience in the Information Technology field. I completed my BS of Information Technology focused on Computer Forensics and my  MS of Information Technology focused on Internet Security. I currently work as an Information Assurance Analyst as a contractor. I have several certifications including CompTIA Security+ and awaiting results of my CISSP. My next certification will be CEH (very soon). The Security+ certification is a great way to get your foot in the door as well.

2. Describe the typical duties/functions/responsibilities of your job and what an average day is like? (e.g. What percentage of your time is doing what?)

I spend a good portion of my day reviewing security architecture and design
diagrams detailing ports, protocols. I also conduct and analyze vulnerability scans and develop mitigation strategies iaw FISMA, DIACAP and DoD IA and CND regulations, processes and technical requirements (based on who needs which regulation). I also develop, review and analyze DIACAP packages and other C&A documentation in accordance with the accreditation process (DIACAP).

3. Can you tell us about a special/cool project that you worked on that is a great example of what you do?

I am the lead for a product called CIAMS, which is basically an IA Toolbox for site security managers providing patch management, log management, and centralized backup for small to medium sized networks. It has been delivered to several DoD sites for use in simulators. I get to fly all types of simulators, drive ship simulators, and test them after our work is complete.

4. Why did this type of work interest you, and how did you get started?

I had managed smaller networks when I was in the Navy (primarily with aircraft squadrons) as one of my many hats I wore as a Sailor. When I left the Navy in 2006 I only had an Associates Degree, and was fortunate enough to work in the IT field has a Technical Support Specialist for a local municipality. I started college again in 2008, and completed my BS in 2009 followed by an accelerated program allowing me to complete by MS in 2010. I was able to network my way to the position I now hold as a contractor.

5. What are the skills that are most important for a position in this field?

Good communication skills are always a must. Documentation is a major part of what we do for our customers. A strong technical background of hardware, operating systems and networks are also required. Skills in troubleshooting, problem solving, research and multitasking are also highly recommended.

6. How well did your college experience prepare you for this job?

Without holding many certifications, having a college degree oftentimes is the “foot in the door” leading to a new job. Having a degree definitely plays a part later in the career when it comes to promotion opportunities.

7. What courses have provided to be the most valuable to you in your work?

My computer forensic courses and security design courses. Overall, all of my courses were beneficial as many involved technical papers requiring much research. If you only use one book for a class, most likely you may be missing something you need. Research, research and research followed by documentation, documentation and documentation!

What part of this job do you personally find most satisfying? Most challenging? What do you like and not like about working in this industry?

Personally, I get to travel and work in various parts of the country. The satisfaction of knowing that I am a major part of securing our country’s assets is a great motivator. The most challenging part is keeping abreast of the constantly changing vulnerabilities and how to effectively remediate them as well as keeping up to date with the latest security requirements of our customers. I like IA, there are good days and bad days just like any job.

9. What other jobs can you get with the same background?

The career options are really limitless. With a forensics background, one could work government, law enforcement, malware analyis. For cybersecurity, it really is limitless in research, analysis. Every industry that has an online presence requires cybersecurity.

10. What advice would you give to someone looking to become an IA Analyst?

Get to understand all aspects of security, not just IA. Physical Security is just as important as Information Security. Be able to come up with solutions, don’t just document the problems. The goal is systems that are both secure and usable for their purpose.

11. Any other thoughts you’d like to share?

The career is also customer driven. We provide Risk Assessment for our customers, who determine how much risk they are willing to take with their assets. Be a people person as well, no isn’t always the answer. Finding the right solution to their problem is the answer.

Find networking groups on Linkedin and join a local chapter of Information Security Professionals such as Information Systems Security Association (ISSA) that meet periodically to meet and network with peers. Oftentimes, recruiting agencies are members of these organizations as well and can help you find a job in the field.

Mentor others, volunteer as a Science, Technology, Engineering, Mathmatics (STEM) mentor at your local school or educational foundation. FIRST Robotics and CyberPatriot are two great STEM related initiatives to get involved with to encourage students to excel in STEM fields.


Comments are closed.

%d bloggers like this: