Exciting Computer Security Career Path

In my opinion, computer security is one of the most fascinating technology fields in existence. Now that computers are used in every facet of life and will presumably become a necessity in almost all things, formidable protection of private data requires educated experts. Information Security Professionals and related career specialties are considered one of the fastest growing and highest paid technology occupations according to a number of sources.

The salary ranges herein are the United States national averages for May 2008 courtesy of Salary.com. These figures are climbing rapidly as the demand for InfoSec professionals rise. Also note that the sector of industry has a major impact on IT salaries. For example, those working on health care systems in hospitals are making almost half the salary of IS folks in the banking industry.

Let’s explore the base information security career path

Information Security Career Positions

Systems Administrator
Information System Security Officer
Information System Security Manager
Chief Information Security Officer

I’ll talk about some specialties, such as Cyber Crime and Computer Forensics Investigators in later posts.

Systems Administrator

System Administrators and help desk positions are the entry level points for InfoSec professionals. More than likely, an organization will require some experience or a related degree to be considered.

Sys Admin responsibilities will be basic computer configuration, helping end users, managing backups, troubleshooting basic network connectivity, administering user accounts, equipment custodial duties, reviewing audit logs, monitoring network performance, managing software licenses, and learning what it takes to become an Information Security Officer.

System Administrator Salary Range

System administrator salary

Information System Security Officer

Information System Security Officers (ISSO) typically will have a bachelor’s degree, a certification or two, and a couple years experience in IT.

ISSO responsibilities include implementing security policies, securing networks, troubleshooting access problems, reviewing security logs, assisting in developing security procedures, incident response, conduct security reviews, participate in recovery efforts, and maintain security documents.

Information System Security Officer Salary Range

ISSO Salary

Information System Security Manager

Information System Security Managers (ISSM) are supervisors of an organization’s ISSO’s. I’ve noticed that one ISSM usually manages 10 – 20 ISSOs and anywhere up to 100 or more systems. If employed with a large company, there may be quite a few ISSM’s reporting directly to the Chief Information Security Officer (CISO). With smaller companies the ISSM may also be the ISSO and the CISO.

ISSM responsibilities include developing security plans, recommending configuration and security products, planning disaster recovery, risk analysis, incident response, crisis management, asset allocation, performing security audits, penetration testing, reverse engineering of malware, educating employees on security policy, serving on security advisory boards, and providing expert advice on security relevant projects.

Information System Security Manager Salary Range

ISSM Salary

Chief Information Security Officer

Chief Information Security Officers are the top dogs for enterprise security. They oversee the entire security infrastructure of an organization reporting directly to the CEO or president. The CISO will manage the Information System Security Managers and offer leadership direction and advice for them to pass onto the ISSO’s.

The CISO’s responsibilities include more business minded concepts than the persons working under him or her. The CISO will ensure organizational security is being implemented and systems function as needed. The CISO will be involved with critical decisions affecting all things security.

Chief Information Security Officer Salary Range

CISO salary

Information Security Career Review

System Administrators do basic tasks and gain experience to break into the security field. The ISSO is the first step into information security, and does the hands on implementation of security plans. The ISSM manages the ISSO, oversees security policy, and responds to critical incidents. The CISO is responsible for the organizational security posture of the entire infrastructure.

In posts to come, I’ll talk more about some specialty fields. However, you’ll never get to do cyber crime investigations or perform digital forensics without first breaking into the Information Security field. I don’t know how many interviews I’ve sat in on where recent college grads just want to jump into CSI type jobs. There is a beginning to everything.