If Internet security interests you, play around on your computer. Check out programming books from the local library and learn how to write simple code. You might also want to read professional publications such as Information Security, which is published by TechTarget (http://searchsecurity.techtarget.com). Another publication to consider is the quarterly magazine 2600 (http://www.2600.com). While 2600 is aimed at hackers, reading the articles will give you an understanding of how some systems are broken into and help you develop your ability to think of defenses.
High school computer clubs and competitions allow you to experiment with computer programming. They are great places to design and implement systems and solutions in a nonthreatening atmosphere. You can also work with other students to get accustomed to working in teams. One example of a cybersecurity competition is the National Cyber League (https://nationalcyberleague.org), which is available to high school and college students.
The most obvious place to learn about the Internet is on the Internet. Surf the Web and research the many security issues facing users today. Visit the sites of consulting firms where you can get an idea of the services these firms offer.
You may be able to get valuable experience by volunteering to provide security services to an organization's Web site such as your church's or a club you belong to. If you live in a large metropolitan area, you may also be able to get an unpaid internship at a security company or the security department of a large company. While most internships, especially paying opportunities, are usually reserved for college students, high school seniors may be able to job shadow or work unpaid jobs that give them a good opportunity to see what the job of security specialist is like.
Online employment sites, national news magazines, newspapers, and trade magazines are good sources of information. You can also find out a lot about current trends and hiring practices. Classified sections reveal what kind of market there is for security specialists and where the jobs are.
The duties of an Internet security specialist vary, depending on where he or she works, how big the organization is, and the degree of sensitivity of the information that is being protected. The duties are also affected by whether the specialist is a consultant or works in-house.
Internet security usually falls under the jurisdiction of a systems engineering or systems administration department. A large company or government agency that deals with sensitive information probably has its own Internet security department or team that devotes all of its time and energy to Internet security. Many firms, upon connecting to the Internet, give security duties to the person who is in charge of systems administration. A smaller firm might hire an Internet security specialist to come in and set them up with security systems and software.
A firewall is a system set up to act as a barrier of protection between the outside world of the Internet and the company. A specialist can tell the firewall to limit access or permit access to users. The Internet security specialist does this by configuring it to define the kind of access to allow or restrict.
Primarily, Internet security specialists are in charge of monitoring the flow of information through the firewall. Security specialists must be able to write code and configure the software to alert them when certain kinds of activities occur. They can tell the program what activity to allow and what to disallow. They can even program the software to page them or send them an e-mail if some questionable activity occurs. Logs are kept of all access to the network. Security specialists monitor the logs and watch for anything out of the ordinary. If they see something strange, they must make a judgment call as to whether the activity was innocent or malicious. Then they must investigate and do some detective work—perhaps even tracking down the user who initiated the action. In other instances, they might have to create a new program to prevent that action from happening again.
Sometimes the Internet security specialist is in charge of virus protection or encryption and user authentication systems. Viruses are programs written with the express purpose of harming a hard drive and can enter a network through e-mail attachments or infected portable storage devices such as CD-ROMs and flash drives. Encryption and authentication are used with any network activity that requires transmission of delicate information, such as passwords, user accounts, or even credit card numbers. These professionals also ensure that their company is meeting all government security requirements.
Secondary duties can include security administrative work, such as establishing security policies for the company, or security engineering duties, which are more technical in nature. For example, some companies might deal with such sensitive information that the company forbids any of its information to be transmitted over e-mail. Programs can be written to disallow transmission of any company product information or to alert the specialist when this sensitive information is transmitted. The security specialist also might be in charge of educating or training employees on security policies concerning their network.
Internet security consultants have a different set of duties. Consultants are primarily in charge of designing and implementing solutions to their clients' security problems. They must be able to listen to and detect the needs of the client and then meet their needs. They perform routine assessments to determine if there are attack-prone areas within the clients' network and, if there are, find ways to correct them. A company might employ a consultant as a preventive measure to avoid attacks. Other times, a consultant might be called on after a security breach has been detected to find the problem, fix it, and even track down the perpetrator.
Secondary responsibilities of an Internet security consultant include management and administrative duties. He or she manages various accounts and must be able to track them and maintain paperwork and communications. Senior consultants have consultants who report to them and take on supervisory responsibilities in addition to their primary duties.
A benefit of using consultants is bringing new perspectives to an old problem. Often, they can use their many experiences with other clients to help find solutions. The consultant does not work solely with one client but has multiple accounts. He or she spends a lot of time traveling and must be reachable at a moment's notice.