On 18 November 2013 02:05, Amit Joshi mckagan@gmail.com wrote:
Currently I am working in the Surveillance industry and was looking for a profile change to the Information Security Industry.
I tried to study the general trends people follow to get into this industry and most of them either had an in-depth knowledge of Linux / Unix / System Administration through courses like RHCE/ LPIC etc, or through direct experience.
These skillsets relate to expertise on certain technology platforms, and are generally found in people working in the security operations domain, usually as a member of a team. Together, the team might boast of expertise in the technology being deployed at a firm or site.
Information Security is a much larger umbrella term that includes not just security operations, but also a bunch of other things - application security architecture, access control systems design and management/operations, security incident handling, encryption (transport and storage), security governance & risk management, regulatory compliance matters, business continuity and disaster recovery etc. are just some of them. At senior levels, bulk of Information Security work is management and planning (ie, lots of meetings and paperwork).
Apart from the technical skills you plan to acquire by way of certifications, you also need knowledge of the administrative and regulatory matters that govern information security in your workplace. A lot of Information Security work is really skilled negotiations, so don't underestimate the soft skills requirements either.
All the best.
Binand