What do you need to take for information security? Secrets of the information security profession. Who is a "security guard"? What should an information security specialist be able to do? Who should become a computer security specialist and why?

What can you do after graduating from the Faculty of Information Security and where can you gain experience? Does it make sense to study to become a security guard if you live in a small town? Sergey Kruchinin, head of educational projects at GeekBrains, will talk about all this. This person manages the work of the deans of all 8 faculties of GeekUniversity and coordinates the educational plans.

Sergey, let's start with the main thing. Information security specialist is a broad concept. What exactly do you teach?

First of all, I want to say that the faculty program was developed by practicing specialists. Special thanks to Nikita Stupin, information security specialist at Mail.Ru and dean of our faculty. We will share with students the best security practices that are already used in Mail.Ru Group.

So that no one gets confused, you need to understand that in the field of information security (IS) there is “paper” and practical work. “Paper” specialists monitor whether the security system - according to documents - meets the requirements of the law. In fact, it may be full of holes that no one is looking for or fixing, but in the documentation everything is according to the standard.

Do not do it this way

We focus not on “paper” security, but on practical security of web applications, networks, equipment and data. Our students will study hacking methods and technologies, hacker tools, and the operation of systems to be protected. All this knowledge is necessary to find and close vulnerabilities.

Our students will also briefly get acquainted with the “paper” side of information security: they will learn to draw up regulations and instructions for enterprise employees. Standards and documentation are by no means useless, but they are not a substitute for real protection.

- Why did GeekUniversity choose this particular path?

Practical safety is more important. A strong business is primarily interested in the result. I would also advise starting with practice because it will most likely lead you to a young and progressive IT team.

“Paper” vacancies are more often filled by people aged 40–50 years with a special type of thinking, university education and experience in government agencies. They look at things formally. During an audit, they ask questions like, “Do you have an intrusion detection system?” Or, to check something, they ask the client for the root password. Without a password, our graduate will look at what he needs on an average machine and change the password himself, if necessary.

At GeekUnivestity we are preparing specialists who will be in demand at Mail.Ru Group and similar companies - they will be able to participate in ensuring the security of a large mail service, for example.

- By the way, in what areas of security do Mail.Ru Group hire specialists?

Among the priorities is product security (Application Security), there is even an open vacancy. Specialists in this field are able to find web service vulnerabilities, neutralize SQL injections, OS Command injection, and more. Infrastructure security specialists are also in demand. Their competencies: network level protection (L3, L4, TCP/IP, firewalls), operating system security (control over package and kernel updates), password policies, perimeter scanning - the list goes on for a long time.

- For those who are just getting acquainted with the terminology, what are injections in web services?

This is when, instead of the data expected by the application, such as a message identifier, the attacker enters the command he needs, and the script executes it. The fraudster gains access to confidential data or even to the machine on which the vulnerability was found.

- What other threats do you teach to find?

Binary, cryptographic. There are many types of vulnerabilities. The first two quarters of the school year are dedicated to web security alone. This is a very important direction, because business moves from offline to online, and user data goes to the web and clouds. Just 10 years ago, taxis were ordered only by phone. Now - mainly through services like Uber and Yandex.Taxi. And the main question is how secure is the web service to which you trust your data.

If the site developers have not taken care of security, a more or less advanced user can read other people's messages, look at photos, and so on. There is a set of web vulnerabilities designed to exploit programmer carelessness. We explain to students how attackers find and exploit such vulnerabilities, what this can lead to, and how to prevent it.

Knowing such things is useful for web developers, project managers, and anyone who wants to protect the confidential data of their website visitors. Or you need to involve a practitioner who will conduct an audit. Identifying threats is less than half the battle. We still need to figure out how to eliminate them, and then make sure that the protection works.

GeekBrains office: we work until late, just so that students gain knowledge

In addition to web security, our students study network security in detail. These areas are partially related, because there are threats that affect not only the server, but also the client part of the service.

For example, some sites, including large organizations, do not encrypt traffic. This allows it to be redirected to fake machines and intercept everything that users wanted to send to the server.

What if a person lives in a small town where there are no advanced IT companies? So he trained as a practical security guard. Who should he work with?

The technology stack that we teach is tied to system administration and other areas related to information security. If a person studies diligently, he will become a general specialist with us. Now I will explain in more detail.

A good security specialist must be able to administer. If you look at the resumes of information security specialists, many have had a system administration stage in their careers.

Our students study Linux closely. Anyone who has not worked with this operating system before will first of all learn how to install it on a virtual machine. Next, students master working in the terminal, installing software and solving basic problems.

We also teach how to work with services: how to set up an Nginx or Apache server, a DBMS database, set up a BIND DNS server and mail. You just need to remember that knowledge does not come automatically after paying for training - you have to make an effort.

- Do you also teach how to build and configure networks?

Yes. Network engineer is another profession with which the work of a security specialist has something in common. You must be able to at least configure network filters, close ports, and monitor active connections.

When studying computer networks, students will practice practical skills on the Cisco Packet Tracer simulator. We chose it for the sake of clarity, but the ability to work with Cisco equipment is also a bonus for your resume.

The cornerstone topic of network security is TCP/IP. This is a model for transmitting data over a network. Administrators and security specialists work with different implementations of it all the time. We tell you what link and network layer protocols are, how they work, and why you need a MAC address. Few people understand this, although it is at the link level that many types of attacks are built.

Studying network technologies

- Let's return to the situation “a graduate does not want to move from a small town.” Where to work?

Let's start with the fact that there are providers everywhere. They will be happy to hire our graduate as a network engineer. Moreover, this will be a network engineer with a very good understanding of security. In career terms, he will have an advantage over people who previously only laid networks: crimped twisted pair cables and ran through attics with it. It will be easier for our security engineer to rise to the rank of manager. Providers have websites and some services - here you can also express yourself.

The next point is that system administrators are needed everywhere. If the company does not have a separate information security specialist, his duties are performed by the system administrator. And again, our graduate gets an advantage over administrators who studied security themselves and superficially.

On a personal note, I’ll add that if you have the opportunity to move to Moscow or St. Petersburg and work in a large local or international company, it’s worth it. We have students who have already succeeded.

- What about working with applications? After all, the security guard must also keep the software under control.

Yes, we teach application disassembly and analysis so students can identify malicious code.

You need to understand that attackers and those who fight them use the same tools. Black hat (bad) hackers analyze software and look for vulnerabilities that can be exploited. A white hat (ethical) hacker looks for bugs to plug security holes.

We teach how to explore code. If the programmer was careless, under certain conditions the program could reveal sensitive data. For example, send the user a piece of RAM where passwords, private keys and other interesting things are stored.

We also teach programming in Python. It makes it convenient to automate tasks or write your own data analysis tools. These skills take a security guard to a higher professional level.

We also have a course on Operating Systems. He talks about OS architecture, how security threats differ in Linux, DOS, Windows, and more.

We explain what kernel space and user space are, how memory works, and why one application in modern operating systems cannot change the data of another application. How does a process differ from a thread?

Towards the end of the course - in the fourth quarter - students are introduced to the topic of binary vulnerabilities.

- You mentioned that students also learn how to draw up regulations and work with documents.

We talk about interaction with law enforcement and regulatory agencies - FSTEC and FSB. We learn when and how to apply the safety standards provided for by Russian law.

There is one more important point. We teach the basics of social engineering. Because an attacker never takes the difficult route unnecessarily. Before breaking anything, it tries to lure a password or other necessary information from the user. We tell you how to take into account such schemes when drawing up instructions for company employees.

- So you are preparing a “universal security soldier”?

We are preparing a person who knows how to hack and protect. It is necessary to understand hacking methods in order to competently build an information system.

A good security guard has the same skills as an attacker. But it does not use them for selfish and/or criminal purposes, but to protect the system and, ultimately, users.

You can hack anything - it's a matter of time and resources. But bypassing a well-built defense can simply ruin an attacker.

- How are priorities set among the areas being studied?

Main focus on web security. Network engineering and system administration are adjacent to it. In other areas, we provide basic knowledge that can be developed depending on the student’s interests.

Where can a security student gain practical experience? What achievements will he be able to put on his resume based on the results of his studies? And how to level up yourself?

Threats can be modeled. There are special tools for this. It’s better to start with simple things: take and install a “buggy web application” on the site - bWAPP (buggy web application). It was initially created to be insecure so that “ethical hackers” could use it to practice finding and blocking vulnerabilities.

There is also DVL - a special Linux distribution with intentional configuration errors.

Such tools are very useful, but students can quickly get bored with them, so we have prepared more interesting tests. For example, competitions like Capture the flag. You gain access to a remote machine, but you don't know its vulnerabilities in advance and have to find them. Victories in such competitions and competitions are valued in the market - they can be safely written down on your resume. It is no easier to hack a serious simulator than a real website.

It is also worth participating in competitions like Bug Bounty. This is when an organization offers a reward to those who find vulnerabilities in a product. We will tell you how to participate in such programs. If you have a well-developed account on hackerone, you will be welcome in large companies, including foreign ones.

Our student can also offer audit services to website owners: find and close vulnerabilities. The main thing is to agree with the owner of the site in advance, because the line between “black” and “white” hacking is very thin and unsolicited help can lead to criminal charges.

Does it make sense to offer security audits to those who don't care about it? It happens that a vulnerability is visible even to a non-specialist, but no one eliminates it...

It's worth a try. Some people really find it useless to write, but there are also those who haven't thought about the problem. I explained to one site owner that he uses HTTP, and it’s time to switch to HTTPS, because otherwise user passwords are transmitted over an unsecured communication channel. And the man listened. If the site generates income, the owner is interested in its development and, most likely, will engage in dialogue.

Here is a person who won a competition, conducted an audit for someone, but has not yet worked on the staff. Is this a problem when looking for a job?

No. Our graduate spent a whole year with GeekBrains and Mail.Ru Group. He already imagines working as a security guard in a large company, knows the entire technology stack and has put together a starting portfolio. From the point of view of the average employer, this is a lot.

- There will be something to show off at the interview...

By itself. It is possible that the graduate will understand some issues better than the future leader.

Sergey, thank you very much! Now I have a complete picture of what and why they teach at the Faculty of Information Security. If readers have any questions, I hope they will ask them in the comments. And you and I will still find time to talk in detail about another faculty - artificial intelligence.

There really is a lot to be said about the new faculty and the Data Science direction. So until next time.

Recently, such a direction as “Information Security” has become popular in universities. What to do after graduation? This question is asked by almost all graduates and students of the specialty. On the one hand, these are IT technologies, and on the other, the unknown. That is why we will try to figure out what career can await a person who has mastered Information Security at a university. If you look closely, you can find a lot of interesting and prestigious vacancies. Some of them can bring you huge income.

Network installer

So, you have mastered or are planning to graduate from the field of automated systems." What to do after graduation? The university will not give you a clear answer to this question. But in practice, you can understand where you can get a job.

For example, a graduate of this specialty will be able to work as a network installer. Mostly computer ones. As a rule, various Internet providers are very willing to hire such specialists. Your task will be to maintain control, security and stability of the main server.

In other words, if you have mastered the field of Information Security, but don’t know who to work with, then you can turn to well-known Internet providers. They will quickly find you a position there. Moreover, installing networks is a very important and difficult task, but not particularly profitable. Therefore, you will have to find some other option. Of course, if you have not chosen an installer as a profession.

Programmer

So, you have entered the specialty Who will you work in 5 years? It’s difficult to give a specific answer here. After all, this direction covers all areas of IT technology. In practice, the picture we get is approximately the following: you become someone who understands a little about every aspect of technology and computers.

Thus, a graduate student has many different options for work. But the success of employment, as a rule, depends on how successfully and clearly a person “fixated” on something specific during training. If you received a specialty - you don’t know what to work for, but at the same time you were mainly involved in programming, then you can get a job as a programmer. This is a very prestigious and highly paid place. But not everyone can work here. For successful employment, you will have to start programming from the 1st year of university. And then luck will smile on you.

Security guard

Honestly, any specialist can work as a security guard. And even the most ordinary student. Nevertheless, you received the specialty "Information Security of Telecommunication Systems". Who to work with? In addition to the vacancies already listed, you can also try to get a job as a security guard. Just not to a store or retail chain, but to some more prestigious place. There, where you will have to monitor order using special cameras.

But this vacancy is not particularly popular. Even if you take into account that you will be watching everything that happens from a warm and cozy office. A security guard is not a position for which it is worth studying at the university for 5 years, or even more. Therefore, many take this position just for the sake of practice. And then they look for a more suitable and prestigious place. Although this is not so easy to do.

If you have mastered the specialty “Information Security of Telecommunication Systems”, you still don’t know who to work with, and the profession of a security guard or installer is not particularly suitable for you, then you will have to look again. In fact, sometimes it can be very difficult to find a good place to work on your degree. And that’s why many try to get a job “at least somewhere.” But we will try to identify vacancies that are best suited for graduates of this field.

System Administrator

Here is another one that will be very suitable for graduates. Not everyone can imagine that one can become a system administrator after receiving almost any specialty in Computer Science. This is a fairly simple job that even a schoolchild who has been self-educating in the field of computer design from the cradle can handle.

This is such a multifaceted specialty “Information Security”. Where to work, everyone tries to choose a suitable place for themselves. If you “enroll” in the ranks of system administrators, then be prepared for the fact that you will have to constantly monitor the performance of your computer and network. For many, this is a very simple task that brings pleasure. In addition, the system administrator must also configure and debug operating systems and equipment. And even a schoolchild is now familiar with these procedures.

In most cases, the job of a system administrator is considered very prestigious and not particularly difficult. Often you are given a separate office in which you can do whatever you see fit. But until something goes wrong. Or the employer can give you a free schedule (on call). Everything is working? Then stay home. Did something suddenly break? Please come to the workplace and fix everything. By the way, the size, as a rule, does not depend on the nature of your work schedule.

But this is not all that “Information Security” has prepared. Where to work besides the options already listed?

Private security services (equipment installation)

For example, if you don’t particularly want to work as a security guard, but at least somehow “attribute” yourself to this profession, you can get a job in a private security service (for example, in enterprises). Who exactly should go there? For example, a master installer of tracking equipment.

What will your responsibilities be? Arrive at the place where you order services, install the equipment, connect it, check its functionality and configure it (if necessary). And it's all. Some may think that there is nothing complicated here. But in reality, everything is a little different - some workers are not able, for example, to correctly connect the cameras to the “server” or computer, where the video recording of everything that happens will be displayed.

In addition, sometimes you will have to provide assistance in viewing recordings made on security cameras. This is especially true when the security guard at the workplace does not know how to handle such equipment. In general, working as a master installer of tracking systems is also very prestigious. Especially if you know your business well.

IT-teacher

If you know first-hand “Information Security” (specialty), where to work, most likely you don’t know for sure. In this case, as already mentioned, students and graduates are trying to find at least some kind of job. And one of the options was school. How can I get a job here? You can become a computer science teacher.

To tell the truth, this direction does not particularly correspond to the chosen profession. Nevertheless, students still develop a general understanding of computers. And they can present this material to schoolchildren. An information security specialist working as an ordinary computer science teacher is far from uncommon these days. Usually people agree to this vacancy when there are no other options. This is how cruel “Information Security” is. Who else should I work with? Let's try to figure this out.

Entrepreneur

Individual and private entrepreneurs are far from uncommon in our time. Usually, if a person has a diploma and does not have a job or has no education at all, but has a lot of ideas, time and effort, then he becomes an entrepreneur and opens his own business. The same can be done if you have mastered the Information Security major. Who exactly should I work with?

For example, you can organize a computer help office or a private installation of tracking systems. Such equipment is currently not very expensive, and is also sold in almost every computer store. In addition, you can try to become a copywriter on computer topics. Information security, or more precisely, articles on this topic are very popular on the Internet. And the work, if you know your business and have the ability to write, will not be so difficult. But it is very profitable.

Summarizing

So, today we figured out where graduates of the Information Security specialty can work. As you can see, there are a lot of options for the development of events and many of them depend on the individual skills of each student.

In general, such workers in real life get a job in any job related to computers. There are designers, 3D modelers, and web programmers here. The main thing is to decide for yourself what exactly you want to do. And improve your skills in this area from the 1st year.

In 2005, in Krasnoyarsk, to obtain an education in the field of information security, it was possible to enter Krasnoyarsk State Technical University (now Siberian Federal University Polytechnic Institute) or Siberian State Aerospace University. I chose the latter, I was especially attracted by the huge rocket painted on the facade and the word “space” in the title. At Siberian State Agrarian University, in turn, we had to choose from two directions: 090105 “Comprehensive provision of information security of automated systems” and 090106 “Information security of telecommunication systems” (qualification in both cases - information security specialist), at the Polytechnic there was a specialty 090102 “Computer security” ( qualification - mathematician). Between “comprehensive” and “telecommunications” security, I chose the latter and did not regret it. The programs are completely different, our training was mainly devoted to studying the basics of communications in all its manifestations (radio, cellular, wired communications).

For five and a half years we built models of a communication channel, drew transmitters and receivers, calculated signal characteristics, and studied noise-resistant coding. And all this under the leadership of former military men (this has its own romance). For those who like physics, and especially the “oscillations and waves” section (probably the most difficult in the school curriculum), the specialty “Telecommunications Security” was fully suitable. Many of my friends and acquaintances studied at “Integrated Security” and we had some common classes, although their program, in my opinion, was more mundane. But it involved more work with computers and legislation. My husband graduated from Polytechnic University - they had a lot of mathematics (like we have physics).

What now?

Everything changed a couple of years ago and now at Siberian State Agrarian University you can study for a bachelor’s degree in 10.03.01 “Information Security” and a specialist in 10.05.02 “Information Security of Telecommunication Systems” (my specialty under a new name)(link) . SFU directions are indicated . In Tomsk they teach information security at TUSUR ( link ). I would like to note right away that the specialties are closed, which means that persons with citizenship of other countries (as well as dual citizenship) are not accepted.

Is it easy to learn?

I would say that studying is quite difficult, there is a lot of independent homework, coursework and standard work. I constantly had to calculate and count something. A lot of physics and mathematics. There weren’t many girls studying before, but now there are many more. In our group of about 27 people there were three girls. For those who believe in horoscopes, an interesting detail - all three had the zodiac sign of Scorpio, they say that there is a predisposition to technical sciences. Another interesting point is the number of gold and silver medalists - half of the group.

What do study and work have in common?

Unfortunately, most of the knowledge gained was not useful. The most useful thing was studying the legal and organizational foundations of information security as part of a six-month course. All computer security subjects were also useful, but telecommunications were not. At the university, from the second year I was engaged in scientific work and went to scientific seminars, it seems to me that they gave me more than all the subjects :) The rest of the knowledge I acquired from books, magazines, the Internet and industrial practice.

Is it difficult to find a job?

There are different opinions, but from my own experience and the experience of my acquaintances and friends, I can say that finding a job is difficult, but possible. I am already working in my fourth place and each time in my specialty. Moreover, the first and second jobs were still during my studies, so even with an incomplete higher education it is possible to find a job. Freelancing is difficult to find; after all, to perform work on technical information security, you need licenses that are given to the organization and it is very difficult to obtain them. But you can find a job in a company that provides information security services, then the salary will directly depend on the number of clients. If you want stability, it is better to become an information security specialist in production.

Wage

On average, it is lower than that of programmers and part-time work is more difficult to find. But usually higher than that of system administrators.

What does a specialist do?

There are a lot of areas of work, even with the same job title. Installing and configuring information security tools, writing instructions and regulations on information security, training users in safe working methods, working with cryptographic tools, investigating incidents and much more.

Minuses

I would consider the disadvantages:

small selection of jobs (compared to programmers and other IT specialists);
low salary, difficult part-time work;
working with a lot of documentation.

Information specialists security officers are directly involved in the creation of an information security system, its audit and monitoring, analyze information risks, develop and implement measures to prevent them.

Their competence also includes installation, configuration and maintenance of technical means of information security.

Security specialists train and advise employees on information security issues and develop regulatory and technical documentation.

This position arose at the intersection of two areas of information technology and security technology. Today, neither commercial structures nor departmental organizations, such as the FSB, can do without information security officers

Features of the profession

This profession arose at the intersection of two areas: information technology and security technology. Today, neither commercial structures nor departmental organizations can do without information security employees.

Specialists create security systems for specific enterprises, protect local computer networks from virus attacks or hackers. They prevent leakage of important information, data fraud and incompetence (malicious intent) of their own employees.

On a national scale, information security specialists create systems for protecting strategic information on the country’s defense capability, form secret databases, and maintain the secret of the nuclear briefcase.

Pros and cons of the profession

The advantages of the profession include:

demand in the labor market, since the field of information security is rapidly developing, which means that the demand for specialists in this field will constantly grow;
high wages;
the opportunity to master the most advanced information security technologies;
opportunity to attend conferences and seminars;
communication with a variety of specialists, the opportunity to make useful connections.

Disadvantages of the profession:

high responsibility, as you have to be responsible for the safety of all company information;
Frequent business trips are possible.

Place of work

In organizations of various forms of ownership that have their own computer networks and need to preserve corporate information and important commercial information.

Important qualities

Communication skills and ability to work in a team. The creation and adjustment of protection systems is a collective work of several specialists: the head of the protected company, an analyst, system designers, and programmers. You need to find an approach to everyone and be able to pose the task in a language that they understand.

Salary

The level of remuneration for a specialist is determined by the welfare of the company, the list of job responsibilities, work experience in the specialty, and the level of development of professional skills.

Career steps and prospects

In itself, this position is already one of the highest levels of career growth in the IT field, above only the position of head of a department or information security department.

IT specialists with incomplete or completed higher education and experience in administering information security tools and Windows or Unix operating systems can begin a career in this field.

Employers' requirements for the professional skills of novice specialists are quite serious: even applicants for a relatively low income must know the legislation of the Russian Federation on information security, the principles of network operation and cryptographic protection tools, modern software and hardware for information security, as well as information security technologies. The salary that young professionals can count on in the capital starts from 40 thousand rubles.

The next level is a specialist with a higher education in the field of information technology or information security, with at least 2 years of experience in the field of information security.

In addition, applicants must have experience in auditing and assessing risks of an information security system, skills in developing regulatory and technical documentation on information security, knowledge of international information security standards and proficiency in English at a level sufficient to read technical literature. Specialists who meet the above requirements earn up to 80 thousand rubles in Moscow.

Source: https://www.profguide.ru/professions/specialist_in_information_security.html

Information security of automated systems: what kind of profession, who to work with? :

Information security of automated systems is a profession (and specialty) that brings graduates and applicants many problems and questions. Mainly regarding future employment. And this is understandable - few people can give any specific definition of this profession. It is, one might say, vague.

And that’s why many doubt whether they should come here. But now we will try to understand who you can work with after completing the “Information Security of Automated Systems” major. Universities, as a rule, promise “mountains of gold” to applicants, but are unable to give a specific definition of the profession.

Therefore, you will have to carefully study possible alternatives for work.

Engineering

The main task of a graduate of this profession is to comprehensively ensure the information security of automated systems. But often such employees get jobs as ordinary engineers. And that suits them.

Men often choose this career. An engineer's job is more suitable for them. But you can’t see any “mountains of gold” here. Of course, if we are talking about Russia.

It will be very difficult to find a decent job. Only at some enterprises engineers are paid good wages.

Plus, this job does not have a stable work schedule and no stress.

If you are thinking about the question: “Information security of automated systems - what kind of profession and who should I work after graduation?”, then you can really work as an engineer. Just to do this, immediately prepare yourself for the fact that you will have to work a lot under pressure. And on a permanent basis.

Means of communication

But you don't have to choose such a career. Many graduates who entered the “Information Security of Automated Systems” course often go to work in various communications services. And very often the employers are Internet providers.

To be honest, here you can meet certified specialists of our current specialty in different workplaces - from an ordinary operator-consultant to an installer. And it is the second profession that is the most popular. Especially among men.

What to do here? Monitor the performance of equipment on the main server, eliminate failures and problems on the line. Also connect subscribers to the Internet and configure it.

In general, if you studied well in the “Information Security of Automated Systems” direction, then there will be no problems with your responsibilities here. The work schedule here, however, is not particularly pleasant - you can be “called out” from your legal vacation at any time or taken away from your day off.

But the salaries of installers and operators in communication services are very good. Sometimes you can put up with such a schedule if it is decently paid.

School

You have completed the course “Information Security of Automated Systems”. Who should you work in production if you don’t really like the prospect of an installer or engineer? In truth, such graduates can be found anywhere. But they often appear in... schools.

Why here? The thing is that our profession today provides a lot of knowledge about computers and technology. And therefore, such an employee can easily play the role of a computer science teacher. This is a completely normal and common occurrence. But the prospect of working at a school as an ordinary teacher is not very attractive to young professionals.

And they can be understood - the responsibility is enormous, the work schedule is intense, the day is completely busy (and not only the worker), and the wages are meager. Plus, few people want to study for 5-6 years at a university and then get a job for pennies. But for the first time, you can be a computer science teacher at school.

For example, if you really need a job, or need at least some experience.

Plus, if you graduated from the “Information Security of Automated Systems” major, then you can always find an elite lyceum or educational institution where you, as a “computer scientist,” will be paid decently.

There are such places, but very few. If you manage to get a job there, then most likely you will no longer want to change your job.

After all, the main indicator in employment is nothing more than the salary that you will receive.

Sales Manager

Information security of automated systems is a specialty that allows you to work in many places. For example, students and graduates of this field very often get jobs as sales managers. But you can take this position without a diploma.

As a rule, “information specialists” sell equipment and electronics. Especially computers and components. After all, such graduates know quite a lot about PC hardware. Enough to convince the buyer to purchase a particular product.

But this is far from the best career. After all, you won’t see any growth. The maximum that “shines” is to become a senior manager. The difference here is small. Therefore, you can work as a salesperson until you find a more suitable vacancy. Especially if you have just graduated, and there are no other vacancies to provide for your own life.

Security system

Information security of automated systems – what kind of profession is this? With its help, you can become an ordinary manager or engineer! But there is another very interesting place, which is often chosen by graduates. These are security services. In other words, the work of a security guard.

But it’s not at all the same as in a supermarket or store. We are talking about working in special services that install and connect security equipment. This is exactly what you will have to do.

Plus, sometimes it’s easy to keep order through cameras while sitting in your office. In case of violations, either call a regular security guard and call him, or take some action yourself.

Usually the first option for the development of events is chosen.

As a rule, the work schedule here is quite flexible, and the income is very good.

Therefore, many try not to ensure the information security of automated systems, but simply to monitor the security of a particular enterprise.

This is considered a prestigious profession, which, as a rule, many aspire to. But there is a lot of competition here. Therefore, you will have to try hard to arrange such a “warm” place.

Operator

But the female half of graduates, as a rule, experience more problems with employment. After all, those who have chosen the direction “Information security of automated systems” will have to try hard to find a job. Everywhere either already has employees or needs men.

Therefore, many people get jobs as ordinary operators. Depending on the company’s activities, it will either provide consultations or sell goods and services. Plus, many operators are required to call customers (including potential ones) in order to notify them about ongoing promotions and bonuses.

In fact, this is a completely normal place of work for a young girl. But not for a man. After all, the earnings here are average, and the work schedule is quite intense. But there is no physical activity at all. So, certified specialists can meet in such, even not the most prestigious places of work.

Own business

Information security of automated systems - what kind of profession is it in which it is so difficult to find an answer to the question of employment? In order not to rack their brains, many simply open their own business. And this is a fairly popular way to build a career.

To be honest, an individual entrepreneur-graduate from our field can do anything. But there are only the most popular destinations. For example, opening your own computer help service or a specialized store for equipment and components. The competition here is quite high, but there are many tricks that can make you a worthy businessman.

In general, individual entrepreneurs come in the form of graduates from different fields. The main thing is to come up with a worthy idea and implement it. Your income, of course, will depend only on your own success. Therefore, if you want to work for results, then this direction is perfect for you.

Writing

To be honest, often people who cannot find a job for a long time get a job as writers. That is, they simply begin to write texts and books based on the knowledge they have acquired. And information security of automated systems is considered a very popular topic here.

Thus, you can start writing custom informational texts in this area. Or specialized literature and manuals. True, writing is more of a vocation than a profession. And therefore, while you are not popular, it is better to combine this direction with some more familiar place of work. And connect writing activity with a part-time job.

System Administrator

This is how multifaceted our information security of automated systems is for building a career. Colleges, by the way, like many universities, help such graduates become real system administrators. To be honest, many applicants and students really love this profession.

You will have to connect the equipment, monitor it and configure it. Plus, the responsibility for the performance of computers will rest on your shoulders.

And now even a schoolchild can cope with this task. System administrator salaries range from average to high, and the work schedule is very flexible. Often free.

This allows you to earn extra money somewhere else.

The main thing is to find a decent job. Sometimes, of course, you will have to stay in the office for a long time and work on computers. But in general, such workload is extremely rare.

Alternatives

Fortunately, automated systems information security graduates still have many alternative approaches to building a career. You just need to think about this when entering a university or college. After all, you will have to develop some additional skills.

What are we talking about? For example, you can easily focus on programming and become a programmer. Or get serious about modeling and become a 3D designer. Eventually, learn how to process multimedia files and become a game creator.

In general, everything related to computers can be your profession. The main thing is to find your own calling.

Now you know what information security of automated systems is, who to work on the release, as well as possible difficulties that you may encounter when finding a job.

Source: https://www.syl.ru/article/205037/undefined

Profession – information security specialist

Who to become?
Where to study?
How to grow?
What to try?

Concept "Information Security" has become relevant with the development of the Internet.

The virtual world has become in many ways similar to the real one: already now people communicate on the Internet, read books, watch films, buy goods and even commit crimes. And if there are cybercriminals, then there must also be specialists who deal with the security of objects on the network.

These are information security specialists.

Why should you pay attention to information security?

Imagine if a hacker knows all your credit card details. With this information, he will be able to steal money from the card without leaving his home computer. Now imagine that a hacker managed to break into the security system of an entire bank. In this case, the size of the theft increases hundreds of times. For financial gain, cybercriminals can disable social networks, Internet services, and automated systems in commercial and government agencies. Users will not be able to access the site, and the site owner will suffer financial and reputational losses until the site is operational again. Hackers can steal valuable information: personal photographs of a famous person, classified military documents, drawings of unique inventions. It becomes clear that no organization or individual is protected from theft of information important to them, so IT companies and large organizations pay great attention to its protection.

Information or computer security specialist is a company employee who ensures the confidentiality of company and individual user data, strengthens the security of information systems, and prevents information leaks.

What does an information security specialist do at work?✎ Sets up a multi-level information security system (logins and passwords, identification by phone numbers, fingerprint, retina, etc.) ✎ Examines the components of the system (website, service, automated system in the company) for vulnerabilities ✎ Eliminates identified breakdowns and vulnerabilities ✎ Eliminates the consequences of hacks if they occur ✎ Develops and implements new regulations to ensure information security ✎ Works with system users to explain the importance and types of protective measures ✎ Maintains documentation ✎ Prepares reports on the status of IT systems ✎ Interacts with partners and suppliers security equipment

Computer Security Specialist works in a team of programmers, system administrators, testers and other IT specialists. According to the security officers themselves, they guard the rear and cover the backs of other departments that are involved in the development of IT infrastructure.

What universal competencies does a security guard need at work?

✔ Analytical mind
✔ Ability to see and solve a problem
✔ Patience
✔ Stress resistance
✔ Ability to work under pressure
✔ Methodical
✔ Curiosity
✔ Constant self-development
✔ Learning ability
✔ Ability to work in a team
✔ Ability to make decisions
✔ Attention to detail

Job title information security specialist involves high risks and constant stress. They bear primary responsibility in the event of a security breach.

Due to the fact that hacking technologies and the methods of attackers are constantly changing, an information security specialist has to constantly educate himself, follow the news in his field and the latest in software and hardware security tools, and read technical literature in English.

And although security officers are, first of all, highly qualified technical specialists, they need to develop communication skills. They have to work hard with others in the organization to improve the company's data security culture.

average salary

The position of information security specialist is paid relatively highly due to the high level of responsibility:

✔ 50,000 – 150,000 per month

Where to study

To become an information security specialist, you need to understand both hard and soft, that is, be able to work with components and programs. Therefore, you should start your education at school, learning how to assemble and disassemble a computer, install new programs and work with a soldering iron.

You can get an education in the field of “Information Security” (10.00.00) both in colleges and universities. Colleges train security system technicians. And in universities - more qualified engineers, system architects, information security analysts

Universities:

Academy of the Federal Security Service of the Russian Federation (AFSB) National Research University Higher School of Economics (HSE) Moscow Aviation Institute (MAI) Moscow State Linguistic University (MSLU) Moscow City Pedagogical University Moscow State Technical University. N.E. Bauman (MSTU) Moscow State Technical University of Civil Aviation (MSTU GA) Moscow State University of Geodesy and Cartography (MIIGAiK) Moscow State University of Transport (MIIT) National Research Nuclear University “MEPhI” (MEPhI) National Research University “MIET” (MIET) Moscow University of the Ministry of Internal Affairs of the Russian Federation named after V. Ya. Kikot (Moscow Ministry of Internal Affairs) Moscow Polytechnic University (Moscow State Engineering University "MAMI") Moscow State University of Information Technologies, Radio Engineering and Electronics (MIREA) Moscow Technical University of Communications and Informatics (MTUSI) Moscow Physics Technical Institute (University) (MIPT) Moscow Power Engineering Institute (Technical University) (MPEI) Russian State Humanitarian University (RGSU) Russian Economic University named after G.V. Plekhanov (REU) Technological University Financial University under the Government of the Russian Federation

Colleges:

Western Complex of Continuing Education (former PC No. 42) College of Automation and Information Technologies No. 20 (KAIT No. 20) College of Urban Planning, Transport and Technology No. 41 (KGTT No. 41) College of Decorative and Applied Arts named after Carl Faberge (KDPI named after Carl Faberge) College of Space Engineering and Technology TU (KKMT TU) College of the International University of Nature, Society and Man "Dubna" (College of MU Poch "Dubna") College of Entrepreneurship No. 11 (KP No. 11) College of Communications No. 54 (KS No. 54) College of Modern Technologies named after Hero of the Soviet Union M.F. Panov (formerly Construction College No. 30) Moscow State Educational Complex (formerly MGTTiP) Educational complex of the service sector (OKSU) Polytechnic College No. 8 named after twice Hero of the Soviet Union I.F. Pavlov (PK No. 8) Polytechnic College No. 2 (PT No. 2)

Where to work

An information security specialist is in demand:

✔ In large organizations

✔ Banks
✔ IT companies For example, Kaspersky Lab, Central Bank of the Russian Federation, CROC, FSB of the Russian Federation Sometimes, to work in the field of information security, a special form of access to state secrets is required, which imposes certain restrictions on the employee, including the ban on traveling abroad.

Demand

The demand for information security specialists in the labor market today is extremely high. This is due to the fact that almost every company faces the problem of computer threats.

Olga Bikkulova, specialist at the Center for Humanitarian Technologies

If you want to receive the latest articles about professions, subscribe to our newsletter.

Return to list of articles

News digest subscription

We guarantee confidentiality

Privacy Policy The TsTR "Humanitarian Technologies" company respects your rights and maintains confidentiality when filling out, transmitting and storing your confidential information. Placing an application on the website of the CTR “Humanitarian Technologies” company means your consent to data processing. Personal data means information related to the subject of personal data, in particular last name, first name and patronymic, date of birth, address, telephone number, email address, marital status, property status and other data referred to by Federal Law No. 152-FZ of July 27, 2006 of the year “On Personal Data” (hereinafter referred to as the “Law”) to the category of personal data.

The purpose of processing personal data is to provide services to clients of the TsTR “Humanitarian Technologies” company.

Source: https://proforientator.ru/publications/articles/detail.php?ID=9747

Information Security

In business, economics, politics, the military and society, computer and information security is a critical area of knowledge.

The development of the Internet and related technologies and its penetration into almost every aspect of society, business and government opens up great opportunities for cybercriminals in their quest to disrupt the usual way of life.

The task of educational programs in information security is to prepare modern specialists in the field of IT and security for operations in cyberspace for a wide variety of sectors of economics and management.

In 2103, all world spending on information security exceeded 25 billion, and every year this figure is growing by 7%.
Today we can distinguish three main areas in the block of specialties “Information Security”:

3) protection of systems sensitive to external factors (a complex set of solutions that allow companies to determine, interpret and develop a risk strategy).

The need for the development, implementation and management of information security solutions will grow from year to year. This may include the ability to work with monitoring technologies (for example, tracking the emergence of hacker programs), content classification, content filters and data loss prevention tools.

All these prerequisites are due to rapid changes in the work of companies - increased mobility, focus on the consumer, the development of cloud and social types of communications. All this brings customers, employees, suppliers, partners and other parties even closer together, which negatively affects the vulnerability of companies to cyber attacks.

Theory

Regardless of what specialization is chosen within the “Information Security” direction, in the undergraduate program students are given general courses in computer science and methods and methods of information security. Further, depending on the university and curriculum, students receive more specialized knowledge. In the master's program you have the opportunity to choose areas of specialization.

In a typical bachelor's degree program in information or computer security, students receive multidisciplinary training in their field, which also includes cryptography, hardware security, and software security. Sometimes these same courses are included in the master's program. By the way, a master's degree in information security is one of the most popular.

Bachelor's studies in the field of Information Security last 4 years and include a whole range of scientific and practical knowledge about computer, automated, information and telecommunication systems. Students learn the basics of ensuring information security of systems or system objects.

Sometimes such programs have some additional focus in accordance with the specifics of the university. For example, at the Moscow State Linguistic University they provide excellent language training, which will later be very useful for working in a large international company. At the Moscow State Industrial University, the program is structured with an emphasis on the automotive industry.

Program "Economic Security" at REU named after. G.V. Plekhanov also almost perfectly combines these two sought-after areas of knowledge. The program with the same name at the Faculty of National Security of RANEPA is also interesting.
Students are also taught programming in several languages such as C, JAVA, PHP, etc., legal aspects of information security and much more.

Job

It is unnecessary to talk about the practical orientation and demand for information security specialists. Such specialists will probably never be left without work. Graduates of the bachelor's degree in information security ensure the protection of information of communication facilities, telecommunications, satellites, etc.

Admission

The core exam for admission to the Information Security specialty is mathematics. In addition to the Unified State Exam in this subject and in the Russian language, universities usually require another exam - physics or computer science and ICT.

Universities and directions

Bauman, Academy of the Federal Security Service, MFYuA).

There are also narrower specializations, for example, “Security of information technologies in law enforcement” (RGSU, MAI, MGUPI, MEPhI, MFYuA), “Information security of telecommunication systems” (MTUSI, MGUPI, Academy of the Federal Security Service), “Information security of automated systems » (MSTU named after N.E.

Bauman, MGIU, MGUPI) and “Information and analytical security systems” (MGUPI, MEPhI, Academy of the Federal Security Service), “Economic security” (RGSU, MEPhI, REU named after G.V. Plekhanov, RANEPA (Faculty of National Security), MAMI, MFYuA). In almost all of these universities you can also obtain a second degree in the specialty “Information Security”.

Communicate with university representatives personally

You can make a much easier and faster choice by visiting the free exhibition “Master’s Degrees and Further Education” in Moscow or St. Petersburg. Our other exhibitions can be found in the “Events” section.

To other specialties >>

The specialty "Information Security" appeared in Russian universities about 15 years ago - its importance and popularity are constantly increasing due to the development of digital and telecommunication technologies. In business, economics, politics, the military and society, computer and information security is a critical area of knowledge. The development of the Internet and related technologies and its penetration into almost every aspect of society, business and government opens up great opportunities for cybercriminals in their quest to disrupt the usual way of life. The task of educational programs in information security is to prepare modern specialists in the field of IT and security for operations in cyberspace for a wide variety of sectors of economics and management.

1) recognition and access control (solutions for identifying users in the system and controlling their access to system resources),
2) content protection and threat management (development of products against viruses, spyware, spam, hackers and unauthorized access or use of confidential information),
3) protection of systems sensitive to external factors (a complex set of solutions that allow companies to determine, interpret and develop a risk strategy).

Theory

In a typical bachelor's degree program in information or computer security, students receive multidisciplinary training in their field, which also includes cryptography, hardware security, and software security. Sometimes these same courses are included in the program. By the way, information security is one of the most popular.

Sometimes such programs have some additional focus in accordance with the specifics of the university. For example, at the Moscow State Linguistic University they provide excellent language training, which will later be very useful for working in a large international company. At the Moscow State Industrial University, the program is structured with an emphasis on the automotive industry. Program "Economic Security" at REU named after. G.V. Plekhanov also almost perfectly combines these two sought-after areas of knowledge. The program with the same name at the Faculty of National Security of RANEPA is also interesting.
Students are also taught programming in several languages such as C, JAVA, PHP, etc., legal aspects of information security and much more.

Job

Admission

Universities and directions

Russian universities offer two main undergraduate programs - “Information Security” itself (MTUSI, MSLU, RGSU, MGIU, MAI, MGUPI, MEPhI, RGGU, MGUGK, Financial University, MSPU, MESI, MIET, MPEI, MFUA), as well as “Computer security" (National Research University "Higher School of Economics", a division of MIEM, MSTU named after N.E. Bauman, Academy of the Federal Security Service, Moscow Federal Law Academy). There are also narrower specializations, for example, “Security of information technologies in law enforcement” (RGSU, MAI, MGUPI, MEPhI, MFYuA), “Information security of telecommunication systems” (MTUSI, MGUPI, Academy of the Federal Security Service), “Information security of automated systems "(MSTU named after N.E. Bauman, MGIU, MGUPI) and "Information and analytical security systems" (MGUPI, MEPhI, Academy of the Federal Security Service), "Economic security" (RGSU, MEPhI, REU named after G.V. Plekhanov, RANEPA (Faculty of National Security), MAMI, MFUA). In almost all of these universities you can also get