Justin Hall is Director – Security Services for CBTS. In Part 1 of this 3-part series, Justin discusses how  a core knowledge of enterprise IT is critical in order to effectively protect networks.

For several years I’ve been going back to my alma mater, the University of Cincinnati, to speak to groups of undergrad and graduate students about the information security industry. My goal is to demystify security and inspire them to consider a career in one of a dozen security disciplines.

Invariably during these talks I am asked a very common question: “How do I get a job in the security industry?” In response, I’ll share my own 20-year story, starting in PC repair and sales, moving to tech support, systems administration, and running an IT department, before jumping into a security career – first as an engineer, architect, and consultant, and then running a security team.

I’ll also share three essentials to successfully landing a security job, which I’m going to cover in this blog series. There’s no single path to the industry, to be sure. In order to develop a foundation that can land an entry-level job and provide an arc to a long-term career, it’s worth looking into these fundamentals.

Core knowledge of enterprise IT

Today, we’ll cover number one: a core knowledge of enterprise IT. This is perhaps a bit obvious – certainly someone needs to be technical and understand how a computer works to survive in security, right?

The depth required goes beyond CPU, RAM, and a hard disk. To effectively protect any company network, one needs to recognize the critical components – servers, workstations, network devices, applications, and security defenses. How do they interact? In what network segments do they typically sit? What products or solutions are commonly used in each of these categories? At a high level, what are the essential configuration best practices for each?

For example: Imagine a network used by a physician’s office. Think about the variety of computing devices in use there: Beyond traditional workstations, multi-function printers, and laptops, you might see connected medical devices, credit-card processing machines, and surveillance cameras. Servers would run authentication systems, file management, accounting and finance, ERP, messaging, and electronic medical record apps. Some may be running from local servers, and some may sit in the cloud. Network devices will include switches, routers, wireless access points, and firewalls.

Now imagine a software company. What types of assets would be the same as the physician’s office? What would be different? How would their IT needs be similar/different? What about a retailer or bank? What happens when you add multiple sites/locations? Imagine scaling up to the size of a multinational conglomerate. Think about the pieces and parts that need to change, duplicate, or scale.

Enterprise IT involves depth and breadth

This scope of understanding is what I mean by “knowing enterprise IT.” There’s a level of depth in addition to the breadth, though. Defending an environment with Windows workstations and servers, for example, means understanding the fundamentals of what makes Windows tick – the filesystem, registry, Group Policy, configuration, and the like.

How does one acquire this knowledge?

• Build it yourself! A home lab is a great place to get hands-on experience with enterprise IT. You could grab an old PC and install free versions of VMware’s vSphere or Microsoft’s HyperV, and deploy eval copies of Windows Server and workstation OS’s, Linux, or a variety of prebuilt VM appliances. Tons of great tutorials exist – I like this one from Paul Braren on building a VMware ESX lab.
• You could also use free or inexpensive tiers of service offered by IaaS providers like AWS, Azure, or DigitalOcean to build VMs quickly, install and configure applications, and build virtual networks.
• If you’re serious about improving your enterprise IT knowledge, and want to invest your time and money, find a local university or online school that offers IT courses or degree programs.
• Finally, take the plunge and find a systems or network administration job. Without a formal education in security, it’s rare to be able to jump right in without doing the so-called “grunt work” needed to acquire real-world experience. A few years building, breaking, and fixing some enterprise networks is sure to cement your ability to operate with comfort in the industry.

Thanks for reading! Stay tuned for part two.

Read more about Security offerings from CBTS.  And read this case study to learn how CBTS helped an enterprise client form  a security strategy to advance their maturity, increase their risk management capabilities, reduce the attack surface for each business line, and improve their overall corporate security posture.

The IT talent gap isn’t going away. Indeed, a report from CIO.com says the arduous process of hiring full-time staff is creating severe business challenges. Highlights of the report include:

• Nearly half of all CIOs have missed out on top talent because they couldn’t meet the candidates’ salary demands.
• Many companies use perks like flexible scheduling, working from home, and social events to find and keep top IT talent.
• Hiring processes that stretch over months don’t suit in-demand IT professionals, who start losing interest if there is no follow-up within two weeks of the first interview.

These macro-level challenges comprise thousands of micro-challenges that vary widely from one company to the next. Manufacturers need people who can automate production lines. Financial companies need IT people with strong data-science backgrounds. Each industry sector requires specific IT capabilities.

Nobody wants to pass up burgeoning opportunities in cloud computing, big data, unified communications, mobile technologies, and advanced collaboration tools. Moreover, companies in growing markets need to move quickly to land new business before the competition does. They need talent in six days, not six months.

When you can’t afford to wait months to find excellent IT talent fast, you’re better off working with a consultancy specializing in matching specific skills with highly specialized roles. CBTS can place an expert IT project manager in your workplace to supervise an entire project, pulling in a combination of in-house talent and well-trained contractors.

These experts can spin up new systems or migrate to new technology platforms, for instance, while your existing IT staff stays focused on mission-critical workloads.

Let CBTS close your IT talent gaps

CBTS provides a wealth of IT placement services that deliver four crucial advantages:

• Get only the IT talent you need, when you need it. You don’t have to worry about paying large salaries to people who run out of work to do between big projects.
• CBTS has a deep bench of well-trained, experienced IT pros who can work on short- or long-term contracts. They have certifications, mastery, and proven track records in dozens of technologies.
• We follow the best practices learned in engagements with a broad spectrum of Fortune 500 enterprises. Our experts can design system architectures and implement sophisticated IT solutions that may be beyond the skills of your current IT staff.
• Because you pay only for the talent you need, you realize cost savings in salaries, benefits, vacations, and medical care.

Our comprehensive suite of IT staffing services includes resource planning and design, project and program management, application development, and security consulting.

Read how the CBTS Consulting Practice helped an international omni-channel retailer implement a unified e-commerce platform.

Read how the CBTS Consulting Practice helped a pharmacy company transform its software development lifecyle.