Graduates trying to get started in information security face a hard time getting the experience employers demand. We talk to some who succeeded.
In March 2006, a graduate of Royal Holloway's MSc in information security said in a discussion on the future of the profession that graduates were having difficulty finding work in the field. Being trusted to work in information security required experience, and graduates often had to accept a first position in general IT. Two years later, he has never worked in the field and doesn't expect he ever will.
Here, three newcomers tell us how they managed to break into the infosec sector.
Matthew Lomas, 24, got an MSc in e-commerce at Leeds Metropolitan University in 2005. He had a real interest in information security but was discouraged by the lack of positions available at the right level. “All of the advertised positions were for senior jobs. There didn't appear to be an entry level for this field,” he recalls. “I wish I had taken the option of the sandwich year during my BSc Business Information Systems degree to do a year of paid work.”
He eventually secured a position as a systems engineer. “The company was developing a focus on data management, which allowed me to get some experience administering security systems as I worked with networks.” Eighteen months later, Lomas moved more directly into the field as a logical security auditor with Meridian Services International.
With a BSc in mathematics from the University of Warwick in 2004, Victoria Savage, 25, was seeking a start in IT. Having written an essay on public/private key cryptography opened the door for an interview with the BT Cryptograghic Module Testing Laboratory. “The project indicated that I had an interest in the subject, even if I wasn't an expert, and they were looking for people skills,” she recalls. Savage started in a junior role in the lab and was supported to develop in an area that few pursue. Now a consultant with NCC Group, she still works in cryptography and on broader information assurance projects. “I occasionally come across people concerned that I am too young to know what I am talking about. It's a personal challenge for me to convince them otherwise,” she says.
Facing his final exams for a MSc in management information systems from the London School of Economics, Dan Harris was free of the stress of finding a job after being accepted into the Deloitte & Touche summer internship programme. This rotated him across various areas covering his interest in information technology, which is how he chose to specialise in this field. From there, he was able to develop an educational path to go with his choice, with Deloitte supporting him in achieving another MSc in information security from Royal Holloway.
“An internship program could be a more challenging route to finding a job: – the selection process is very hard, you have to demonstrate a real commitment to the company, and the programme itself is a lot of work,” says Harris, now a senior manager within Deloitte's enterprise risk services department. “Once accepted, however, you know that the company is investing in you, and my experience is that opportunities truly followed.”