Check out my FREE courses at: https://securitycompliance.thinkific.com
In this video we read some of your questions about getting IT Security Jobs.
“I have a B.A in Telecommunications, would this work for this career field.” see the answer at 00:00:45
“Hey Bruce I got my security + and cap. What do you suggest on how to get into the risk management/ security auditing field when someone doesn’t have any experience? I do have 7 years experience in desktop support and data center monitoring just want to try a different field but not sure how to go about this.”
answer at 00:02:53
“What training is need to get into the security field? I have a BS in information security and working a MS in Cybersecurity and working on getting my CEH cert. What are ways that I can get into the security field as I don’t have any security experience and most jobs postings are wanting at least 4 to 5 years of experience”
answer at 00:06:26
Source of Changes:
President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Office of Management and Budget Memorandum M-17-25 – next-generation Risk Management Framework (RMF) for systems and organizations
NIST SP 800-53 Revision 5 Coordination
This is Nicholas associated with 22nd Century Technologies, Inc.,(TSCTI) assessed at CMMI Level 3 is one of fastest growing IT services and solutions company with innovative approach to provide IT services and solutions to Federal, State, Local agencies and commercial clients. Incorporated in 1997, TSCTI has its corporate headquartered in New Jersey and has presence in 33 other states across the U.S including Public sector practice headquarter in DC Metro area. Find more about us at www.tscti.com
We have a position for you to work as Cyber security Engineer in Monterey CA. Please review below the full job and let us know if interested I will love to call you as per your convenience and would discuss this position in detail so that we can go ahead and submit your resume.
Please send me the updated copy of your detailed resume.
So you want to get into Information Technology? Well what do you want to do in IT because there are many different branches of it. I would suggest going into IT security, specifically, Risk Management Framework. It is a very specialized field.
You will need to know the fundamental of IT security. The basics on what goes into securing important data and their hardware. You will also need to have at least a little knowledge of technology and its history. You will need to know a LOT about NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems”. You will need to dive into NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations”.
Since not many people want to do this work, or even know about it, there is not much competition. They are always looking for qualified people to do it. What you will need is a 4 year degree (preferably in something technical), an IT certification in security (Security+, ISC2 CAP, CISSP, CASP, CISM,CISA) and a lot of knowledge on NIST 800-37.
This is a quick introduction to Step 2 of the Risk Management Framework NIST 800-37 process. Step 2 involves selection of NIST Special Publication 800-53 security controls. There are (3) main tasks that you must do in this step:
1) Select the applicable baseline controls. Selection of baseline controls is based on system categorization.
2) Tailor the Security Controls to the system. Not all security controls can be used because they may break your system. And in some cases they are simply not applicable. There are also Common Controls, Hybrid controls, and system specific controls.
3) Document the Security Controls. You must document the selected security controls in a system security plan and have the security controls reviewed.