Slashdot Mirror
Finding Student IT Security Placements in the Industry?
CABAN writes "I am a third year computer security and investigations student. My program requires a three month placement in the IT security and forensics industry. Finding an appropriate learning environment seems to be harder than I expected. Lack of security clearance, no real world experience and many companies, who just don't see a need for ITS, are the critical shortfalls right now. What tips does Slashdot have for finding organizations who are willing to let students get involved with sensitive security procedures and cases?"
Almost all of the computer security professionals I know, with the exception of some lucky ones who happened to get trained in the military, have had to do grunt IT work of one sort or another before moving into the field of IT security.
Don't expect to get involved in computer forensics straight off the blocks. As a previous poster mentioned in a roundabout way, look for a security position that's more closely affiliated with a traditional IT role (patch management is a good example).
Though I don't want to take the wind out of your sails entirely, I think that you shouldn't expect to get into the glamorous side of IT security without demonstrating that you have a thorough grounding in IT by doing some sort of sysadm/networkadmin work, or even (gasp) phone support work first.
Of course, if you're willing to work for free, there are quite literally dozens of sites and groups out there who would probably benefit from some sort of IT security assistance, even in your field. Things that come to mind immediately are the EFF, blackboxvoting.org, or any of hundreds of different nonprofits that have a web presence and probably don't have 3rd party audits of their site. If you or any of your friends volunteer for a nonprofit already, why not check and see if they'd like you to set up a computer security program for them?
Get on the phone or right physical letters
But before you right those letters, please learn how to spell.
Hi - I teach programming here in CANADA at the post-secondary and continuing education level (so I am aware of your situation as a Canadian student) - my practice was based on all things practical, and a little bit of opportune timing. You could for example, go back to your high school (if you had good relations with them) and demonstrate vulnerabilities in their network security, fix it, and demonstrate this as a case study of your work. It would be nice to get some money for it, but you may have do things like this for little or pro bono until your resume clearly demonstrates your experience. Stress how it can relate to corporate and enterprise level security (if that is what you are aiming for)...Technology has come down to a level such that a large amount of the general population is aware of security measures for computers and networks - demonstrate that you can do more. On the other hand, you can always hack a website LOL.
just a web application developer and instructor in Toronto, ON Canada
Perhaps you could volunteer your time on a large FOSS project doing security audits, patches, testing, coordination, analysis, etc.
For example, the BSD projects have dedicated security officers. Other projects could probably use help. Pick large ones that have some substance (legal corporate/non-profit structure, etc) to them: Mozilla, the Apache Software Foundation, etc.
I agree with you (as someone who spent 6 years in software development before heading over to the security side). It gives you perspective on the issues, an understanding of how the people you work with think, and it gives you a certain level of maturity and experience. I personally think of those who go straight for the security positions as people in business think of the kids who go straight for the MBA without any practical experience. Nobody in my floor full of computer security people started off with a with a focus for this field (hell, more than half of them never even started in the computer field.).