Higher Education Needed for a Job in Information Security - dummies

Higher Education Needed for a Job in Information Security

By Peter H. Gregory

What kind of education do you need for a job in information security? Undergraduate and graduate degrees in management information systems, computer science, and similar subjects have been offered for decades. More recently, many colleges and universities are offering degree programs in one or more aspects of information security. Colleges and universities also offer continuing education programs in information technology and security.

Undergraduate programs in information security

Universities around the world offer undergraduate degrees in information security. You can probably find a university near you that offers a degree in information security. Many universities are also offering online degrees.

Typical degrees being awarded include the following:

  • Bachelor of Science in Information Security

  • Bachelor of Science in Security and Risk Analysis

  • Bachelor of Science in Security Engineering

  • Bachelor of Science in Information Technology — Security

  • Bachelor of Science in Computer Science and Information Security

The variety of degree programs will help you build the foundation of your career as you begin your formal education.

Your best long-term strategy should include the completion of an undergraduate degree in a technical field. The more college education you have, the more you will enjoy more opportunities for jobs and career growth.

Graduate degrees in information security

Like undergraduate degrees, graduate-level degrees in information security are offered by many universities. A graduate degree is a great path for advanced studies and will help you compete for advanced positions in information security. Many middle- and upper-management jobs in information security require advanced degrees.

Graduate degrees being awarded include the following:

  • University of Washington: MS in Cyber Security Engineering

  • Western Governors University: MS in Information Security and Assurance

  • Champlain College: MS in Digital Forensic Science

  • Lewis University: MS in Information Security — Technical

  • Capella University: MS in Information Assurance and Security

  • Northcentral University: Ph.D. in Business Administration — Computer and Information Security

Some security organizations also offer graduate degrees, including these two:

  • SANS (SysAdmin, Audit, Networking, and Security) Institute: MS in Information Security Engineering, and MS in Information Security Management

  • International Council of E-Commerce Consultants (also known as EC-Council), Master of Security Science

A good reference for locating graduate-level education can be found at Gradschools.com.

Continuing education

Continuing education is the practice of continually obtaining training courses to expand one’s knowledge and skills. In the information security profession, continuing education is essential to our success for several reasons:

  • High rate of change: The information security business is undergoing an extremely high rate of change. New threats, vulnerabilities, techniques, and security breaches happen daily. Unlike many other professions that move much more slowly, InfoSec undergoes constant

  • Certification requirements: You’ll need to earn one or more vendor or nonvendor certifications. Many of these certifications require that you undergo continuing education to remain in good standing.

Certificates from colleges and universities

Many colleges and universities have continuing education programs designed for working professionals. Often these are evening or weekend programs in which students earn certificates. Many are offered online, which gives you a wider choice of certificate offerings.

Examples of these certificates include the following:

  • Certificate in Information Security and Risk Management, from the University of Washington

  • Certificate in Computer and Network Security, from Stanford University

  • Certificate in Information Systems Cybersecurity, from Penn State University

Courses from professional organizations

Many professional organizations offer training courses in different fields in the information security profession. These courses are offered in a variety of formats and timelines, including:

  • Training weeks or boot camps

  • Training day or days immediately before or after a professional conference

  • Self-paced online training

  • Classroom training

Examples of these types of education courses include:

  • RSA Conference: SANS and (ISC)2 certification training offered the two days before the main conference

  • SANS Institute: Training weeks offered in several cities worldwide each year

  • ISACA: Training weeks, plus one and two-day workshops offered immediately before conferences

  • BlackHat: Several days of training offered immediately before the main conference

Other continuing education opportunities

Besides certifications and formal training courses, you can continue your information security education in other ways, including the following:

  • Vendor product training

  • Vendor product demos

  • Security organization chapter lectures

  • Lectures at security conferences

Military education

Today’s military organizations still have their traditional weapons: guns, warships, submarines, fighter planes, and bombers. These large organizations require a lot of information technology to support them. So that they can protect their own networks, military organizations train many of their personnel in different facets of information security.

The internal networks in military organizations utilize the same technologies as commercial networks, so most of the skills learned while in the military will translate directly into private sector or public sector jobs.

Military organizations also have offensive and defensive cyberwarfare capabilities. Specialists who work in these areas will also learn valuable skills that will translate nicely into information security jobs in private organizations and as security consultants.

Examples of military training in information security include the following:

  • U.S. Army School Cyber Leader College: Information Assurance and Computer Network Defense training and certification

  • U.S. Navy: training in information warfare, cyberwarfare engineering, and cryptography

  • U.S. Air Force: training in cybersurety and cybersystems operations