Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
Education Businesses

Finding Student IT Security Placements in the Industry? 273

Posted by Cliff from the finding-the-experience dept.
CABAN writes "I am a third year computer security and investigations student. My program requires a three month placement in the IT security and forensics industry. Finding an appropriate learning environment seems to be harder than I expected. Lack of security clearance, no real world experience and many companies, who just don't see a need for ITS, are the critical shortfalls right now. What tips does Slashdot have for finding organizations who are willing to let students get involved with sensitive security procedures and cases?"
This discussion has been archived. No new comments can be posted.

Finding Student IT Security Placements in the Industry? More

Finding Student IT Security Placements in the Industry?

Comments Filter:

  • hey (Score:5, Informative)

    by MORTAR_COMBAT! ( 589963 ) on Thursday December 16, 2004 @12:33PM (#11105329)
    if you want to come manage security patches for a few thousand windows, aix, solaris, and linux machines for me, let me know.
    • I'll do it. I have experience with 3 of 4 hands on, how bad could AIX be? Also, I could use a new job, willing to relocate.

  • No real answer. (Score:5, Insightful)

    by FreeLinux ( 555387 ) on Thursday December 16, 2004 @12:34PM (#11105346)
    My program requires a three month placement in the IT security and forensics industry.

    Your program should then have some mechanism to facilitate such placement. Most programs that require intenships provide assistance in placement. If yours doesn't, then you are being shorted. This isn't a DJB class is it?

    • Re:No real answer. (Score:3, Insightful)

      by Anonymous Coward
      I agree with this assessment. I had to write a report (with a classmate) for a computer network class and we were encouraged to analyze real world examples. Well, the real world doesn't want outsiders (that have little to lose) poking around within sensitive areas. Everybody we approached was immediately suspicious and extremely guarded.

      The only solution may be within the school, since they require a placement. If they can't even offer you that, then they're being very unreasonable.
    • Not true. Most schools have a career center where they will try to help you find something, but ultimately it is the student's responsiblity to find a job.

      • Re:No real answer. (Score:2, Insightful)

        by Anonymous Coward
        That certainly beats any freshman level weedout class, doesn't it?

        Student wastes three years of his life going into debt and then the school says "get an internship or fail to graduate".

        I guess life's not fair, but if I catch you moaning about socialism when people are talking about supporting those who were unable to get a degree and get employed, you'll find my boot shoved very far up your hypocritical ass.

      • Re:No real answer. (Score:3, Insightful)

        by NitsujTPU ( 19263 )
        The guy isn't looking for a job... he can't graduate without an internship. Where I went, you could claim credit for an internship, but it wasn't a graduation requirement.

        Certainly if they're going to require you to find such a difficult to find position for graduation, they should provide you with placement or waive the requirement. This is a world appart from visiting your campus career center. The guy isn't trying to get a job, he's trying to get his diploma.

    • Assistance (Score:3, Informative)

      by CABAN ( 818466 )
      Assistance has been limited because the program was originally developed for an applied project. Placements were last minute options. This is a Canadian program. http://www.flemingc.on.ca/Full-time/ProgramDisplay .cfm?ProgramCode=CSI [flemingc.on.ca]

    • Re:No real answer. (Score:5, Funny)

      by dk.r*nger ( 460754 ) on Thursday December 16, 2004 @02:03PM (#11106633)
      "60% of your grade will be based on assigment 3: Obtain employment in an internationally renowed security cooperation and document your saving of the world. Report is due March 15th."
    • Well if he's in DJB's class he's probably already failed.

  • Your school's IT Department (Score:3, Insightful)

    by Anonymous Coward on Thursday December 16, 2004 @12:34PM (#11105348)
    How about working for your school's IT department helping to clean and/or investigate compromised machines. They could probably use the help. Is .edu not real-world enough?

    • Re:Your school's IT Department (Score:2, Informative)

      by Anonymous Coward
      This is a great way of getting in the door. Most schools need help and are not to picky about previous experience. Also, since most schools don't have a full time security person there will be ample oppportunity of looking at infected, knocked over, etc. boxes.
  • a program that requires an internship that it is unable to provide support for? you might want to talk to the career center of your school....

  • Why not work for Lowes (Score:3, Funny)

    by qwerty75 ( 775323 ) on Thursday December 16, 2004 @12:34PM (#11105351)
    It appears they are in need of a good security consultant.
  • I almost always have one Co-Op (paid) on staff at all times. Being in a large city might help.

  • Financial and Insurance Services (Score:5, Informative)

    by j0keralpha ( 713423 ) * on Thursday December 16, 2004 @12:35PM (#11105360)
    These companies are both expanding their security apparatus and also are both industries known to be in love with the college intern concept. I interviewed for several security positions at insurance firms (specifically car insurance) who were hiring something like 5 or 6 security architects in one shot. Try to apply to intern programs there or at big Financial.
    • And defense contractors are NOT good places to look. Rules is rules and you just aren't going to touch security matters without a clearance which currently take up to two years to come through if there is anything even slightly less than clean-living-all-american in your background. We have interns at the FFRC where I work and they suffer for a year or so being unable to even have an "interim" clearance. Our employer definitely DOES appreciate the need for ITS but in a DOD environment, it is one of the wor
      • Unless they've hired a nanny ...
      • Actually, the average time for a security clearance for a student, since most of the time they are only required to fill out information back to their 18th birthday, or four years, which ever is longer, is between four to six months. Some people get clearances within two months. Other people, a year.

        Also, I worked for a defense contractor that did work for the DoD and did not have a security clearance. There are positions that do not require clearances, and some of the ones that do only require a "Secre
    • Being part of the critical infrastructure, utility companies are taking security much more seriously.

  • Simple. (Score:3, Funny)

    by blair1q ( 305137 ) on Thursday December 16, 2004 @12:35PM (#11105363) Journal

    Do what everyone else did.

    Hack into a bank and get caught.

    You'll get a few years in the state pen, but then you'll be a hot commodity.

    (P.S. This is one fucked-up world.)
    • yes i have paid my dues at Penn State....
    • You'll get a few years in the state pen, but then you'll be a hot commodity.

      Be aware that the adjustment to getting a paycheck as opposed to being traded for cigarette packs will take some getting used to.

    • Re:Simple. (Score:3, Funny)

      by abb3w ( 696381 )
      Hack into a bank and get caught.

      Or hack into a bank without getting caught. If you're careful, you'll probably find a noticable demand for your services in certain circles [wired.com].

      Of course, statute of limitations does eventually run out, if you stay within the country and don't get caught; something like three years for grand theft, five years for wire fraud, and six years for the tax evasion on your illegal "income". Of course, some vary from state to state, and I'm not a lawyer, so I don't know what other ch

    • You'll get a few years in the state pen, but then you'll be a hot commodity.

      Yeah -- fevered with one of the several opportunistic infections that comes from being raped by HIV-positive inmates.

      If you want to engage in violations of the "law" you might consider replacing the current de facto government with a constitutional government. Hell, who knows, if you did that you might make civil disobedience more viable than violence.

  • Security Infinite Loop (Score:3, Informative)

    by teiresias ( 101481 ) on Thursday December 16, 2004 @12:36PM (#11105372)
    1.You need a job but the companies only want people with security clearances.

    2.You can only get a security clearance if you work for a company that will pay for it (and justify it).

    Rinse and repeat.

    My suggestion would be to get a position which doesn't require a security clearance with a company that has security positions available. The company is more likely to hire you into one of those positions and pay for your security clearance, if you already work for them. That's what I'm doing (sorta).

    Course, I don't have a clearance yet so maybe it's not the best idea :)
    • Or you could just enlist.
    • Sadly, many of the companies with positions open for cleared people have far, far fewer openings for uncleared work, even while they have contracts that they literally can't begin for lack of cleared people. They'd much rather snipe cleared people from other companies than pay for the clearance process themselves.

    • My suggestion: Try to get in with the government. Many government jobs require security clearances and aren't at all shy about initiating a background check if it looks like you're the right person for the job.

      I've always heard that a security clearance typically puts your resume above all others without, even if the job in question involves little in the way of sensitive information.
    • Course, I don't have a clearance yet so maybe it's not the best idea :)

      I could tell you how to fix that, but then I'd have to kill you. Sorry!


    • One way to get a clearance is to begin working on a non-classified project and hope you move to another project within a few years. Or, if you're lucky, you could get recruited directly onto some big juicy aircraft project or something. I've heard that the clearance process costs many tens of thousands of dollars, which is why so few companies want to foot the bill. This is probably the biggest thing I hated about government contacting: no training or clearance, unless it can be charged directly to ol'

  • As someone who works in the industry (Score:5, Insightful)

    by paranode ( 671698 ) on Thursday December 16, 2004 @12:36PM (#11105374)
    I hate to say it, but this is a difficult thing to get into. The problem is getting your foot in the door, just as you are trying to do. Offer your services to some companies for free if you have to. That may be all you can do to get any experience in the field. It's good that you are in a program that specializes in security though, because it's harder to make the leap from a degree like Computer Science straight into IT security. Once you meet the requirements though, you absolutely must go get your CISSP (certification, you probably know of it) if you want to advance very far. It can be a lucrative field, but experience and certifications, rather than traditional education, are the biggest factors in being successful at it.

    • Once you meet the requirements though, you absolutely must go get your CISSP

      That's trying to put the cart before the horse. In order to become a CISSP, you need a mimumum three years full-time experience in security.

    • Offer your services to some companies for free if you have to...Right. Joe Blow Student walks in my door and offers his services in "security" for free. So I issue him a badge to get into the server room and of course he needs root. Right, sure, OK... Glad I don't work in your IT department. In truth, if he has to ask Slashdot how to get an internship that his program requires, than his program sucks shit. His school needs to be providing these leads.
      • I have to agree with the parent poster.

        This is the description of the Advanced Investigations course. It's a joke.

        Every year businesses suffer significant economic loss from a variety of threats including intrusions, viruses, theft of data or loss of information. In this course, students will learn about the technical aspects of the Internet and how it can be used as an investigative tool. Students will conduct advanced responses to system compromises and Internet related crimes, including such activitie

    • The problem is getting your foot in the door, just as you are trying to do.

      The bigger problem is majoring as an undergrad in a niche job market. Anyone who expects a 20-year-old to really be into such a specialized field is fooling themselves, because 20-year-olds are still growing up. The kid won't realize what the job really entails until it is too late, and retraining out of such a specialty is a downer. It can lead straight into managing a clothing store or--drumroll--preparing taxes for a living (
  • Without them it is difficult to find that "first job" or great internship. I managed to find mine without assistance from other but I had people helping try to find me one.

    you need to make those critical connections in college or atleast your parents need to know people. people who say academics get you everywhere are idiots, it is all who you know and who you know knows.

  • small companies, security vendors (Score:4, Informative)

    by lottameez ( 816335 ) on Thursday December 16, 2004 @12:37PM (#11105393)
    I would be looking at smaller companies and offering what you have to them. Most cannot afford security consultants and would probably welcome your expertise perhaps on a intern or consultant basis. The other obvious option is to talk to those companies that build security software for a living.

    My .02

  • IT Security (Score:2, Informative)

    by Anonymous Coward
    Focus on infrastructure, especially hospitals. Hospitals are used to the idea of intern types, and they usually have contract deals set it up with recruiters. Standard Job location procedures apply here... your average job sites apply, and they are chock full of openings. Don't expect to get into forensics right away... It's not an easy job, and if a particular shop is doing it, its going to be for a legal case. There is hope for you however: alot of places do train, because forensics procedures vary shop t

  • NSA Internship (Score:5, Informative)

    by shadfc ( 706094 ) on Thursday December 16, 2004 @12:39PM (#11105435)
    NSA Summer Network Evaluation Internship Program [nsa.gov].

    Its a 12-week program following the student's third year.

    As a participant in the Summer Network Evaluation Intern Program (SNEIP) you will acquire an appreciation of the challenges our Nation faces in network security as it relates to real-world work experiences. You will experience first-hand some of the critical work done at NSA as well as have the opportunity to apply your skills on hardware and software systems to enhance network security and contribute to the security of U.S. information systems.

    Sadly, this wont benefit you since the application deadline has passed.


    • It looks like you have to be enrolled in a Computer Science or Engineering program in order to qualify. Tough luck for those of us in Security majors.

  • Some tips (Score:5, Informative)

    by benjiboo ( 640195 ) on Thursday December 16, 2004 @12:39PM (#11105436)
    I guess you need some value proposition. Remember that most companies are in the business of making money, and it needs to be the case that you can give more than it takes to employ you in terms of usage of staff time, resources, training, office space. Here are a few ways you can do this:

    - Offer to help with more general systems development/support as well as the security element. You might have to spend a signficant percentage of your time acting as a cheap coding monkey in order to get exposure to the stuff of relevance to you.

    - Offer to train other staff free or charge, or provide audit or documentation for systems.

    - Highlight the risks of security problems in terms of real monetary costs to an organisation who don't invest in security.

    - Sell yourself as an independant and pro-active potential employee who won't be a drain on resources.

    - Be flexible in the work and projects that you can offer. Remember that you will only be hired for the work experience if you can fill a valid required business objective.

    - Cast your net wide, and speak to people on the ground in an organisation. Contacting a small group of companies via HR departments is a guaranteed way for your e-mails to end up in a black hole.

    - Get on the phone or right physical letters. They're emotionally harder to discard or ignore than an e-mail.

    - Remember to contact non-obvious choices such as schools, charities, NGO's, open source projects?

    - Above all, be enthusiasitc and state your willingness to learn!

  • Good Luck... (Score:2, Informative)

    by Grond_the_Hammer ( 784712 ) *
    I wish you well in your search, but unfortunately the private sector and many consultancies will not employ student interns. It is hard to ask these companies to risk introducing their critical assets to someone with no credentials or past history of being trusted in a position of high responsibility. That said, the GOVERNMENT is without a doubt an exception to this. In fact, the US National Security Agency has a summer internship with their Information Assurance Directorate (INFOSEC) group.

    This is a h

  • My program requires a three month placement in the IT security and forensics industry.

    University IT doesn't count? Usually, there's plenty work to do in the security and forensics area.

    If I were a IT security company, I wouldn't hire someone with no previous experience for just three months. The risks are simply too high.

  • Join the Military (Score:3, Insightful)

    by zman6911 ( 210994 ) * on Thursday December 16, 2004 @12:41PM (#11105460) Homepage
    Although you might not like the prospect of it, ont of the easiest ways to get a security clearance and on the job ITS experience is to work for the Department of Defense, particularlly the Air Force.

  • Since you asked . . . (Score:3, Informative)

    by Maradine ( 194191 ) * on Thursday December 16, 2004 @12:42PM (#11105473) Homepage
    We [vigilantminds.com] are always looking for talent. Or interns. Hope you like snow, HQ is in Pittsburgh.
  • Your best bet is probably a Computing Resources department at a local University. You won't get paid much considering it would be a state job, but you will definitely get experience.
  • Okay, I don't want to be Mr. Cassandra here, but after having been going with the punches in this industry for the last decade or so I need to tell you that this is a first taste of what's to come. Obviously, there have been many threads on ./ about how the IT market has fallen apart and that many of us having a hard time finding a job (and keeping it!). I myself was let go again last week and I can tell you, it's ugly out there.
    Before you go out there trying to get your 'career' in gear and finding a com

  • Security Clearance (Score:5, Informative)

    by dexterpexter ( 733748 ) on Thursday December 16, 2004 @12:48PM (#11105548) Journal
    The only way to get that security clearance is to start the process, and start it early. I notice that you are from Canada, so I can't give any advice specific to your situation, but I am sure that the Canadian government has cybersecurity internship slots.

    Apply to one of those and the government will usually pay for the security clearance. A lot of times, government positions rotate their interns into many security positions and place them with a mentor, so you get the benefit of varied experience. Even better, these are most often available during the summer (three month vacation to a security position works) and since most places start processing in December/January, you're right on that edge for applying.

    I suggest you check out your own various government agencies and send your resume out. Processing time for young people usually borders about four or five months (although it can take over a year), which would put you, if all goes well, at the perfect timing to get one of these positions. And, better, agencies often hire their interns for full time positions when the students graduate, and you will already have your clearance.

    I, however, like many /. commenters, find it odd that your program has a service component involved and no contact network or career advising attached to it. Frankly, if you're early in your studies, I would consider going elsewhere. Most programs that have service components have professors or advisors with vast social networks that can place you in a good position. I would certainly check with your professors and make sure that there isn't an unofficial social network there that they can get you hooked into.

    But if you are planning on going into the security profession, that security clearance is something you will want/need anyways, so if you can get it now, all the better!

  • hmm (Score:2)

    by nomadic ( 141991 )
    What tips does Slashdot have for finding organizations who are willing to let students get involved with sensitive security procedures and cases?

    In this economy? The closest you'll ever get to hardening a security system is when the assistant manager at McDonald's lets you lock up for the night.
  • I would aim for small to medium businesses. Many of them have data that isn't so sensitive that you would need a security clearance - yet if they lost it, their business would be ruined. Any business with web accessible data storage is a good candidate. And perhaps they'll need a little convincing. I vaguely remember some statistic of the the percentage of small businesses that never reopen after a data loss (fire, computer failure, etc.) This is a data backup issue, but also a security issue.

    Of cour
  • To get some real-world experience, try getting a job in a department with those kinds of needs - but not explicit in your job description. That is, try being a sysadmin or network support guy somewhere. A larger company, a University, etc. The company I'm leaving is a small business with three dedicated web and database servers. This has allowed me to play the role of web and network security administrator, even though my job was originally completely unrelated to that. With a small business, you get to wea

  • Work for a casino or slot machine manufacturer (Score:5, Informative)

    by XopherMV ( 575514 ) on Thursday December 16, 2004 @12:53PM (#11105616) Journal
    I was a gaming agent for the Tulalip Casino [tulalipcasino.com] up in Marysville, WA. I was responsible for inspecting the slot machines, which in Washington state are basically networked computers. (They have no internet connection if you were wondering.)

    These places are always looking for good, qualified people and seem to have trouble getting them. I was one of two people in the whole agency with a CS degree, making me uniquely qualified. Generally, they have to take people with a criminal justice degree and teach them the ins and outs of the computer system. They would love someone already trained in computer security.

    Besides looking at your local casinos, you can also check out the slot machine manufacturers. Sierra Design Group [sierradesign.com], located in Reno, is a group I highly recommend. They have an awesome, stable product, that the industry loves and runs on Unix. They're a subsidiary of Bally Games [ballygaming.com], so you can find their job page here [ballygaming.com].

    Another computer, located in Austin, is Multimedia Games [multimediagames.com]. They pretty much have the lock on the class 2 games. Here is their jobs page [multimediagames.com].
    • I was one of two people in the whole agency with a CS degree, making me uniquely qualified.

      Since you were one of TWO people, you were not uniquely qualified. If you had been the only one, then yes that would have been a true statement. Unique means "the only one of its kind", not 'special' or its synonyms.

      Moose and Rocco will be by shortly to discuss your severance...uh, pay that is.

    • Actually, when I started, I was the only person in the agency with a CS degree. So, I was uniquely qualified at the time! After about 6 months though they hired someone with a master's in CS. At that point I was still unique, but not as special!

  • Take your lumps, like the rest of us did (Score:2, Interesting)

    by Anonymous Coward
    Almost all of the computer security professionals I know, with the exception of some lucky ones who happened to get trained in the military, have had to do grunt IT work of one sort or another before moving into the field of IT security.

    Don't expect to get involved in computer forensics straight off the blocks. As a previous poster mentioned in a roundabout way, look for a security position that's more closely affiliated with a traditional IT role (patch management is a good example).

    Though I don't want

  • Er... Run screaming to a different major? (Score:3, Funny)

    by pla ( 258480 ) on Thursday December 16, 2004 @12:57PM (#11105670) Journal
    Finding an appropriate learning environment seems to be harder than I expected.

    Now, I want you to really stop and consider this for a moment...

    You can't find work as slave labor in your chosen field, and you think you'll do a whole lot better once you graduate?

    Switch to a business or marketing major now. If you can handle IT, a quick lobotomy aught to get you through such a degree in no time at all.
  • Hi - I teach programming here in CANADA at the post-secondary and continuing education level (so I am aware of your situation as a Canadian student) - my practice was based on all things practical, and a little bit of opportune timing. You could for example, go back to your high school (if you had good relations with them) and demonstrate vulnerabilities in their network security, fix it, and demonstrate this as a case study of your work. It would be nice to get some money for it, but you may have do thin

  • er...FOSS? (Score:3, Interesting)

    by boodaman ( 791877 ) on Thursday December 16, 2004 @01:00PM (#11105721)
    Perhaps you could volunteer your time on a large FOSS project doing security audits, patches, testing, coordination, analysis, etc.

    For example, the BSD projects have dedicated security officers. Other projects could probably use help. Pick large ones that have some substance (legal corporate/non-profit structure, etc) to them: Mozilla, the Apache Software Foundation, etc.
    • I agree on that one. Ask your professor first of course. On top of that, you'll meet interesting people (can't say the same about civil service).
    • Before taking this suggestion seriously, realize what an uphill battle this will be. For a more exact idea, take a look at what you need to do to acquire any self-study credits in your curriculum.

      You're going to have to sell this idea to your professors, guidance councelor and probably the head of the college of business and/or arts & sciences (depends on your university). At a minimum, this includes legitimizing FOSS engineering as equivalent to an internship with an actual company, something that a
  • http://admsol02.mcs.muohio.edu:11180/apps/miamijob s/jobsOnLine/positonDetail.cfm?positionNumber=1965 [muohio.edu]

    We're offering two of such positions - perhaps you'd find something like this on an intern basis - we have a rather robust security department as it is, so I'd venture to say other Universities would as well.
  • You might be forced to start your career by running laps in Quantico, VA.
  • I wouldn't take a co-op if you paid me...

    My brother-out-law (read S/O's brother, we aren't married...) is in a co-op program as an engineer, which at least gives him the benefit of a well established field with lots of choices. So much for the plusses.

    What precisely are you going to learn in three months? For my BOL, physics is physics, and electrons are electrons, doesn't matter where you work. Not so in IT. Even where "experts" agree on a result, they rarely will agree on the method of achieving

  • I know that many of my fellow classmates were actively recruited by the CIA, FBI, and other agencies that were looking for students with an interest in computer security. After their stint as a fed intern, most of my friends also landed jobs in government or were at least offered.
  • Many companies consider contractors and temps a security risk are unlikely to have anything available. I know my company (a small one in financial services) would be highly unlikely to hire anyone to the security team that was not full-time and permanent.

    If your program has that as a requirement, perhaps ask them how previous students satisfied it and network that way.

  • This won't win me any fans... (Score:5, Informative)

    by flinxmeister ( 601654 ) on Thursday December 16, 2004 @01:15PM (#11105877) Homepage
    ...but I really think anyone involved in IT security should have at least 3-5 years in the trenches first. If you *really* want to know your stuff this is simply a requirement. Finance or Medical is a good proving ground, but infrastructure (power companies, etc) is starting to be a good one too.

    My advice would be to get a sysadmin or operational job first, and spend every second of free time addressing the security aspects in that environment. Then when you move into a security specific job you have some meat to talk about: "well at company X we implemented Plan Y to address this issue", and "I found that we consistently had problem Y". I personally would be very skeptical of a security pro right out of school.
    • I agree with you (as someone who spent 6 years in software development before heading over to the security side). It gives you perspective on the issues, an understanding of how the people you work with think, and it gives you a certain level of maturity and experience. I personally think of those who go straight for the security positions as people in business think of the kids who go straight for the MBA without any practical experience. Nobody in my floor full of computer security people started off

  • Not gonna do it. (Score:2, Informative)

    by FrankieBoy ( 452356 )
    I'm an IT Manager and the last thing I'm going to do is let an Intern anywhere near equipment relating to security at my site. I use Interns to setup PC's and help with the IT grunt-work around the office but giving access to the routers, firewalls and IDS systems to a newbie...sorry. It's like handing over the keys to your Ferrari to someone with a learners permit. I can appreciate the situation, you gotta start somewhere. My suggestion would be to Intern in a plain vanilla IT role and after graduation
  • We don't let most of our security team be involved in investigations. In factr, its only the one or two people needed to deal with the issue that know anything about it.

    If you're an intern here, you 'might' get to monitor spam, logs or the IDS. Involvment in investigations is not something we hand out as an entry level option.

  • Contrary to popular belief where you live, the world doesn't end at some United States controlled border.

    Check out Canada, or, if you really want to have fun, Europe. They even speak English there :-) Some countries, like Spain, are pretty cheap in terms of living expenses (despite the current exchange rate).

    I guess I can sing the security clearance blues myself. American research labs (MERL, AT&T, I assume even the IBM ones) expect candidates to obtain a clearance -- which I, as a foreign national,
  • How about your university? Back in the day the IT for our computer science department was totaly student run. Drake University probably still has one of the best Linux labs/ beowulf clusters for students at a small liberal arts institution. Check with the guys in your campus IT department and see if they want a free security intern.

    Just make sure you stick to security and don't try to automate their jobs away. From my expirence most professional univerity IT departments go out of their way to "create"

  • Thoughts from a security professional (Score:3, Informative)

    by crowemojo ( 841007 ) on Thursday December 16, 2004 @02:53PM (#11107442)
    A few things...

    1) The security consulting industry is larger then a lot of people realize. This would be one of the first places to look for beginner level positions.

    2) Not all security jobs require security clearance, only government jobs (or jobs that are in some way related to government work) do. There are several industries that require the services of a security consulting company. For example, Financial intuitions are *required* to have independent security audits performed of their IT environment. There are various regulations out that motivate companies to hire security people (GLBA for financial institutions, HIPAA for healthcare, etc.)

    3) Security professionals are in more places then you might realize. Any one of the top 15 accounting firms in the nation will most likely have a security consulting practice. There are countless managed security solution providers. There are companies (many of them!) that do nothing but provide real time 24x7 monitoring to their clients. Any one of these companies can usually find use for an intern, especially one that has the information security mindset, and most of these will not require a security clearance.

    4) Contrary to what some may have you believe, certifications aren't everything. You can not get your CISSP until you have 3 years of experience (assuming you graduate) or 2 years of experience (assuming you graduate with a Masters). No company that is looking to hire an intern will be looking for that intern to have their CISSP or CISA.

    5) Good news, the security industry is booming and everyone is hiring. The company I work for has consistently hired more people every year since I started. Three years ago there were 30 professionals dedicated to information security consulting, now there are about 85, a large portion of which were hired straight from college.

    So, in summary, I would focus your efforts on companies that perform security services such as consulting companies (read: accounting firms, and specialty firms like the foundstones of the world), managed service providers, datacenters and various niche services such as real time intrusion detection shops. Start making phone calls, asking if they have a security practice, and who you could talk to about a job. These places are hiring, if you aren't on their radar already, it's up to you to put yourself on their radar.
  • "My program requires a three month placement in the IT security and forensics industry."

    Personally I would think it would be a bigger security risk to have an intern for 3 months then it would be without one.

    When it comes to business and security, if they take security serious, I would be very suprised if they would ever let someone outside of the company will little expierence, for only 3 months come near their sensitive data.
  • I would recommend you look at simple facets of cyber-security. While being well versed about http://nist.gov/ [nist.gov] NIST and http://www.netip.com/links/nsa_guides.htm [netip.com] NSA and related guidance is helpful when speaking about cyber-security... you may want to consider more common security problems for your internship.

    For example, many companies have identity management problems - particularly in industries with largescale mergers. Just documenting the variety of identities each employee has on different systems
  • 1) Hack into a corporate server
    2) Fax sensitive stolen data to the same company
    3) Offer to become their security guru to prevent other people from stealing their data
    4) Proffit!!
  • "...many companies, who just don't see a need for ITS, are the critical shortfalls right now."

    if the companies don't see a need for ITS now who do you think is going to hire you after you graduate?

Slashdot Top Deals

Successful and fortunate crime is called virtue. - Seneca

Close