Computers have always interested me because of their determinism. They would perform perfectly if they were coded and built perfectly; it is the imperfect coding and building of computers that leave them open to attack – and further, why we must take on defensive roles to protect them. I saw information security as a developing field where I could fill a void, become an expert and help shape the industry. It also seemed cool to know how things could be broken and to prevent that from happening. That’s why I decided to study computer science at the National University of Singapore.
Since I was interested in the field, some years ago, I searched for the most valuable information security certification. The Certified Information Systems Security Professional (CISSP®) was the obvious choice. When I searched on the (ISC)² website, I found that I did not yet have the work experience required to become a CISSP, but I could become an Associate of (ISC)². I then picked up a few CISSP books from the library and did lots of practice tests, reviewing the questions after each test until I was consistently scoring above 80 percent. Then I took the test.
From Associate to CISSP
I passed my CISSP exam in 2012 and became an Associate of (ISC)². I got certified as a CISSP in 2015. The Associate of (ISC)² easily opened doors to security-specific jobs and helped me complete the experience requirements. Given the shortage of skilled security professionals, employers will gladly take a chance with someone who has passed the CISSP, even if that person is not yet certified and working towards gaining the experience required to earn the CISSP.
Since I have a four-year bachelor’s degree, it shaved off one year from the five-year experience requirement. My work experience before and after my CISSP exam included security monitoring, operations and some access management and disaster recovery. I also took on risk management tasks when the opportunities presented themselves.
As an Associate of (ISC)², I was invited to an (ISC)² member reception in Singapore. This was where I learned of the nascent (ISC)² Singapore Chapter in 2012 and started volunteering for it. My work with the (ISC)² Singapore Chapter has been good for my career. It has been time-consuming, but very rewarding. It is a satisfying feeling that we are currently conducting events monthly as well as establishing the processes that will enable this chapter to thrive and benefit the members even after the current committee has left the stage.
My involvement with the chapter has given me the opportunity to network with a variety of people from the security field in Singapore and internationally; the knowledge sharing has been quite good. Getting to meet directly with a person who discovered a security vulnerability and its exploit or called off a meeting because his bug-detector went off or social engineered people professionally gives me the confirmation that the threats are real and proximate. Most important of all, I realize it is within our power to fight back.
Advice to any novice security practitioners:
If you are looking for a career in information security, (ISC)²’s Associate Program is a great option. If you are starting out in security but do not yet have the work experience, this will add some weight to your resume. Also, join the local chapters and network with others in the field. The knowledge and contacts that you gain will prove useful and give you added perspective in your role as a security professional. Upgrade yourself. -- Vijay Luiz, Information Security Consultant & Secretary, (ISC)² Singapore Chapter
About the Author
Domicile: Singapore (originally India, but I have been in Singapore for a long time)
(ISC)² certifications held: CISSP
Year of experience in the industry: 5 years
Topic(s) of interest in information security: Simplifying security for the average person. I advocate password management software.
Career Goal: Influence the improvement of information security.
View Vijay's security blog here: www.essaysonsecurity.com
Find Vijay on Twitter: @vijayluiz