Wednesday, November 17, 2010

Security Job Candidate Question: I've Graduated From School, What Do I Do Now?

Question From A Recent Masters Degree Recipient


I'm a recent college graduate with a Masters degree in Information Assurance and Computer Engineering. I'm currently seeking a full time entry level position in

the computer security field and have found that most jobs require 5 yrs of experience in computer security. I'm currently working as a software engineer and have several years of IT experience, but I would like to transition into the security field.

Please let me know if you can help me begin my career in computer security.

Sincerely, Answer

Thank you for contacting My firm fills security jobs at senior and executive levels. I don’t know how helpful I can be to you at the entry-level.

Since you’ve been working in a software engineering role, the best advice I can offer is for you to consider moving your career into application security. When we’re challenged to recruit application security or web application security professionals, the challenge is to find security professionals who understand software vulnerabilities who also have deep experience writing code.

Every application security job we’ve ever recruited to fill has required us to find candidates whose early career experience was in software development either with C, C++, Java or with .NET technologies. Then on top of the development experience, if you refer to the OWASP website, you’ll find issues like Cross Site Scripting, Buffer Overflows, SQL Injection and more that you’ll need to master.

Under the Security Education section of, you’ll find Information Security Training that has been discounted for visitors of This training comes from the EC-Council and includes Secure Software Development training and certification.

I’ve written for several magazines in which I’m supposed to write about hot information security skills. Several times over the past two years I’ve written about application security and identity management. For the foreseeable future, I don’t think you can go wrong with application security or web application security.'s Security Recruiter Blog