Philip Hagen is an instructor and course lead at the SANS Institute and focuses primarily on network forensics and analysis. He has been in the information security field for 20 years within the federal government in such roles as government contracting and law enforcement support. He has also worked as a commercial consultant. Hagen also works with Red Canary, a managed endpoint security service provider.
What kind of degree is needed to secure a job in your field?
“The information security field doesn’t fundamentally ‘require’ a particular degree. I’ve seen people with many different degrees become successful in their security careers. Employers may prefer or even outright require a specific degree, but I’ve seen a trend toward practicality over specific degree requirements.
We most often see information security professionals with backgrounds in computer science or engineering disciplines. The recent establishment of security and computer forensic degree programs at the associate, graduate and postgraduate levels has also been a source of quality candidates. However, candidates that can demonstrate critical thinking skills and the ability to pick up new concepts quickly have been the most successful – regardless of a specific degree, or lack thereof.”
What’s the most challenging aspect of your job?
“The biggest challenge is keeping up with the technological developments that shape our work. New tech means new evidence that we must investigate, new methods for bad guys to do bad things, and new tools that we’ll need to perform a credible analysis. You absolutely must keep up to date. A second big challenge is a need for patience. It may take days or weeks to arrive at a finding, and it may not even be a consequential part of the broader case. But when you find the critical nugget that helps “crack the case,’ it’s an awesome and rewarding ‘high-five’ moment.”
After graduation, how hard was it to transition into the working world?
“I attended the US Air Force Academy, so we didn’t have any say in how we’d transition to the working world! However, I’ve hired dozens of people as they entered the workforce, and the biggest challenge was how much they needed to be ready to adapt to the work. In computer forensics, incident response, and related information security positions, we don’t get to decide what work comes across the desk – the attackers and proverbial ‘bad guys’ do that for us. Therefore, it’s critical for those entering the workforce to be ready to learn how to operate at the operational speed.”
What advice would you give someone who is pursuing a career in information/cyber security?
“We’ll always need security professionals that can strengthen our defenses, investigate compromises, educate people performing those jobs and perform long-lead research into the next generation of technology and processes to address those requirements. While it’s also growing, the field doesn’t tend to sustain those who aren’t fully invested in staying at the top of their game. It’s a fast-paced environment, and you can quickly be left behind. If you’re excited by the possibility of working hard and adapting fast, this may the place for you.”
Christina Thompson is a freelance writer living in Philadelphia. She reports on various topics such as: Social Media, Local Events, Entertainment, Food and Drink and more. Her work can be found at http://firstsendmedia.com/