Ensuring information security of automated systems reviews. Information security of automated systems: what kind of profession, who to work with? Universities and directions

Ensuring information security of automated systems reviews. Information security of automated systems: what kind of profession, who to work with? Universities and directions

In 2005, in Krasnoyarsk, to obtain an education in the field of information security, it was possible to enter Krasnoyarsk State Technical University (now Siberian Federal University Polytechnic Institute) or Siberian State Aerospace University. I chose the latter, I was especially attracted by the huge rocket painted on the facade and the word “space” in the title. Siberian State Agrarian University, in turn, had to choose from two directions: 090105 "Comprehensive support information security automated systems" and 090106 "Information security of telecommunication systems" (qualification in both cases - information security specialist), at the Polytechnic there was a specialty 090102 "Computer security" (qualification - mathematician). Between "comprehensive" and "telecommunications" security, I chose the latter and not The programs were completely different, our training was devoted mainly to studying the basics of communications in all its manifestations (radio, cellular, wired communications).

For five and a half years we built models of a communication channel, drew transmitters and receivers, calculated signal characteristics, and studied noise-resistant coding. And all this under the leadership of former military men (this has its own romance). For those who like physics, and especially the “oscillations and waves” section (probably the most difficult in the school curriculum), the specialty “Telecommunications Security” was fully suitable. Many of my friends and acquaintances studied at “Integrated Security” and we had some common classes, although their program, in my opinion, was more mundane. But it involved more work with computers and legislation. My husband graduated from Polytechnic University - they had a lot of mathematics (like we have physics).

What now?

Everything changed a couple of years ago and now at Siberian State Agrarian University you can study for a bachelor’s degree in 10.03.01 “Information Security” and a specialist in 10.05.02 “Information Security of Telecommunication Systems” (my specialty under a new name)(link) . SFU directions are indicated . In Tomsk they teach information security at TUSUR ( link ). I would like to note right away that the specialties are closed, which means that persons with citizenship of other countries (as well as dual citizenship) are not accepted.

Is it easy to learn?

I would say that studying is quite difficult, there is a lot of independent homework, coursework and standard work. I constantly had to calculate and count something. A lot of physics and mathematics. There weren’t many girls studying before, but now there are many more. In our group of about 27 people there were three girls. For those who believe in horoscopes, an interesting detail - all three had the zodiac sign of Scorpio, they say that there is a predisposition to technical sciences. Another interesting point is the number of gold and silver medalists - half of the group.

What do study and work have in common?

Unfortunately, most of the knowledge gained was not useful. The most useful thing was studying the legal and organizational foundations of information security as part of a six-month course. All items according to computer security were also useful, but telecommunications were not. At the university I studied from the second year scientific work and went to scientific seminars, it seems to me that they gave me more than all the subjects :) I acquired the rest of my knowledge from books, magazines, the Internet and work experience.

Is it difficult to find a job?

There are different opinions, but from my own experience and the experience of my acquaintances and friends, I can say that finding a job is difficult, but possible. I am already working in my fourth place and each time in my specialty. Moreover, the first and second jobs were still during my studies, so even with an incomplete higher education it is possible to find a job. Freelancing is difficult to find, after all, to perform work on technical protection information requires licenses that are given to the organization and it is very difficult to obtain them. But you can find a job in a company that provides information security services, then the salary will directly depend on the number of clients. If you want stability, it is better to become an information security specialist in production.

Wage

On average, it is lower than that of programmers and part-time work is more difficult to find. But usually higher than that of system administrators.

What does a specialist do?

There are a lot of areas of work, even with the same job title. Installing and configuring information security tools, writing instructions and regulations on information security, training users in safe working methods, working with cryptographic tools, investigating incidents and much more.

Minuses

I would consider the disadvantages:

  • small selection of jobs (compared to programmers and other IT specialists);
  • low salary, difficult part-time work;
  • working with a lot of documentation.

Description

During training on this profile, students are taught:

  • operate subsystem components, check their technical condition, repair and perform maintenance;
  • carry out adaptation and installation of subsystem components;
  • organize events related to occupational health and safety;
  • apply software and hardware necessary to ensure information security in automated systems;
  • monitor the productivity of the hardware and software used;
  • ensure recording, processing, transfer and storage of confidential information;
  • use engineering equipment;
  • solve private technical problems that inevitably arise in the process of conducting control checks, certification of premises, facilities and technical means;
  • apply legal regulations, guidelines and documents;
  • develop an organizational structure in a comprehensive information security system;
  • monitor the effectiveness of complex systems used to ensure information security.

Who to work with

The main direction in professional growth is ensuring information security at enterprises. These include large corporations and retail chains. Various private detective agencies are also in need of similar services, in which the degree of data protection should be at the maximum level. The leaders in employment are various government agencies, which regularly require developers of security systems and diagnosticians of existing external threats. To advance their careers, many graduates begin their professional careers in development teams at small enterprises. During this time, they gain invaluable experience, the presence of which will allow them to find employment in large organizations on the best conditions.

Recently, such a direction as “Information Security” has become popular in universities. What to do after graduation? This question is asked by almost all graduates and students of the specialty. On the one hand, these are IT technologies, and on the other, the unknown. That is why we will try to figure out what career can await a person who has mastered Information Security at a university. If you look closely, you can find a lot of interesting and prestigious vacancies. Some of them can bring you huge income.

Network installer

So, you have mastered or are planning to graduate from the field of automated systems." What to do after graduation? The university will not give you a clear answer to this question. But in practice, you can understand where you can get a job.

For example, a graduate of this specialty will be able to work as a network installer. Mostly computer ones. As a rule, various Internet providers are very willing to hire such specialists. Your task will be to maintain control, security and stability of the main server.

In other words, if you have mastered the field of Information Security, but don’t know who to work with, then you can turn to well-known Internet providers. They will quickly find you a position there. Moreover, installing networks is a very important and difficult task, but not particularly profitable. Therefore, you will have to find some other option. Of course, if you have not chosen an installer as a profession.

Programmer

So, you have entered the specialty Who will you work in 5 years? It’s difficult to give a specific answer here. After all, this direction covers all areas of IT technology. In practice, the picture we get is approximately the following: you become someone who understands a little about every aspect of technology and computers.

Thus, a graduate student has many different options for work. But the success of employment, as a rule, depends on how successfully and clearly a person “fixated” on something specific during training. If you received a specialty - you don’t know what to work for, but at the same time you were mainly involved in programming, then you can get a job as a programmer. This is a very prestigious and highly paid place. But not everyone can work here. For successful employment, you will have to start programming from the 1st year of university. And then luck will smile on you.

Security guard

Honestly, any specialist can work as a security guard. And even the most ordinary student. Nevertheless, you received the specialty "Information Security of Telecommunication Systems". Who to work with? In addition to the vacancies already listed, you can also try to get a job as a security guard. Just not to a store or retail chain, but to some more prestigious place. There, where you will have to monitor order using special cameras.

But this vacancy is not particularly popular. Even if you take into account that you will be watching everything that happens from a warm and cozy office. A security guard is not a position for which it is worth studying at the university for 5 years, or even more. Therefore, many take this position just for the sake of practice. And then they look for a more suitable and prestigious place. Although this is not so easy to do.

If you have mastered the specialty “Information Security of Telecommunication Systems”, you still don’t know who to work with, and the profession of a security guard or installer is not particularly suitable for you, then you will have to look again. In fact, sometimes it can be very difficult to find a good place to work on your degree. And that’s why many try to get a job “at least somewhere.” But we will try to identify vacancies that are best suited for graduates of this field.

System Administrator

Here is another one that will be very suitable for graduates. Not everyone can imagine that one can become a system administrator after receiving almost any specialty in Computer Science. It's pretty simple work, which even a schoolchild who has been self-educating in the field of computer technology since the cradle can cope with.

This is such a multifaceted specialty “Information Security”. Where to work, everyone tries to choose a suitable place for themselves. If you “enroll” in the ranks of system administrators, then be prepared for the fact that you will have to constantly monitor the performance of your computer and network. For many, this is a very simple task that brings pleasure. Besides, System Administrator must also perform configuration and debugging operating systems and equipment. And even a schoolchild is now familiar with these procedures.

In most cases, the job of a system administrator is considered very prestigious and not particularly difficult. Often you are given a separate office in which you can do whatever you see fit. But until something goes wrong. Or the employer can give you a free schedule (on call). Everything is working? Then stay home. Did something suddenly break? Please come to the workplace and fix everything. By the way, the size, as a rule, does not depend on the nature of your work schedule.

But this is not all that “Information Security” has prepared. Where to work besides the options already listed?

Private security services (equipment installation)

For example, if you don’t particularly want to work as a security guard, but at least somehow “attribute” yourself to this profession, you can get a job in a private security service (for example, in enterprises). Who exactly should go there? For example, a master installer of tracking equipment.

What will your responsibilities be? Arrive at the place where you order services, install the equipment, connect it, check its functionality and configure it (if necessary). And it's all. Some may think that there is nothing complicated here. But in reality, everything is a little different - some workers are not able, for example, to correctly connect the cameras to the “server” or computer, where the video recording of everything that happens will be displayed.

In addition, sometimes you will have to provide assistance in viewing recordings made on security cameras. This is especially true when the security guard at the workplace does not know how to handle such equipment. In general, working as a master installer of tracking systems is also very prestigious. Especially if you know your business well.

IT-teacher

If you know first-hand “Information Security” (specialty), where to work, most likely you don’t know for sure. In this case, as already mentioned, students and graduates are trying to find at least some kind of job. And one of the options was school. How can I get a job here? You can become a computer science teacher.

To tell the truth, this direction does not particularly correspond to the chosen profession. Nevertheless, students still develop a general understanding of computers. And they can present this material to schoolchildren. An information security specialist working as an ordinary computer science teacher is far from uncommon these days. Usually people agree to this vacancy when there are no other options. This is how cruel “Information Security” is. Who else should I work with? Let's try to figure this out.

Entrepreneur

Individual and private entrepreneurs are far from uncommon in our time. Usually, if a person has a diploma and does not have a job or has no education at all, but has a lot of ideas, time and effort, then he becomes an entrepreneur and opens his own business. The same can be done if you have mastered the Information Security major. Who exactly should I work with?

For example, you can organize an office computer help or private installation of tracking systems. Such equipment is currently not very expensive, and is also sold in almost every computer store. In addition, you can try to become a copywriter on computer topics. Information security, or more precisely, articles on this topic are very popular on the Internet. And the work, if you know your business and have the ability to write, will not be so difficult. But it is very profitable.

Summarizing

So, today we figured out where graduates of the Information Security specialty can work. As you can see, there are a lot of options for the development of events and many of them depend on the individual skills of each student.

In general, such workers real life get a job in any job related to computers. There are designers, 3D modelers, and web programmers here. The main thing is to decide for yourself what exactly you want to do. And improve your skills in this area from the 1st year.

What can you do after graduating from the Faculty of Information Security and where can you gain experience? Does it make sense to study to become a security guard if you live in a small town? Sergey Kruchinin, head of educational projects at GeekBrains, will talk about all this. This person manages the work of the deans of all 8 faculties of GeekUniversity and coordinates the educational plans.

Sergey, let's start with the main thing. Information security specialist is a broad concept. What exactly do you teach?

First of all, I want to say that the faculty program was developed by practicing specialists. Special thanks to Nikita Stupin, information security specialist at Mail.Ru and dean of our faculty. We will share with students best practices security that are already used in Mail.Ru Group.

So that no one gets confused, you need to understand that in the field of information security (IS) there is a “paper” and practical work. “Paper” specialists monitor whether the security system - according to documents - meets the requirements of the law. In fact, it may be full of holes that no one is looking for or fixing, but in the documentation everything is according to the standard.


Do not do it this way

We focus not on “paper” security, but on practical security of web applications, networks, equipment and data. Our students will study hacking methods and technologies, hacker tools, and the operation of systems to be protected. All this knowledge is necessary to find and close vulnerabilities.

Our students will also briefly get acquainted with the “paper” side of information security: they will learn to draw up regulations and instructions for enterprise employees. Standards and documentation are by no means useless, but they are not a substitute for real protection.

- Why did GeekUniversity choose this particular path?

Practical safety is more important. A strong business is primarily interested in the result. I would also advise starting with practice because it will most likely lead you to a young and progressive IT team.

“Paper” vacancies are more often filled by people aged 40–50 years with a special type of thinking, university education and experience in government agencies. They look at things formally. During an audit, they ask questions like, “Do you have an intrusion detection system?” Or, to check something, they ask the client for the root password. Without a password, our graduate will look at what he needs on an average machine and change the password himself, if necessary.

At GeekUnivestity we are preparing specialists who will be in demand at Mail.Ru Group and similar companies - they will be able to participate in ensuring the security of a large mail service, for example.

- By the way, in what areas of security do Mail.Ru Group hire specialists?

Among the priorities is product security (Application Security), there is even an open vacancy. Specialists in this field are able to find web service vulnerabilities, neutralize SQL injections, OS Command injection, and more. Infrastructure security specialists are also in demand. Their competencies: network level protection (L3, L4, TCP/IP, firewalls), operating system security (control over package and kernel updates), password policies, perimeter scanning - the list goes on for a long time.

- For those who are just getting acquainted with the terminology, what are injections in web services?

This is when, instead of the data expected by the application, such as a message identifier, the attacker enters the command he needs, and the script executes it. The fraudster gains access to confidential data or even to the machine on which the vulnerability was found.

- What other threats do you teach to find?

Binary, cryptographic. There are many types of vulnerabilities. The first two quarters of the school year are dedicated to web security alone. This is a very important direction, because business moves from offline to online, and user data goes to the web and clouds. Just 10 years ago, taxis were ordered only by phone. Now - mainly through services like Uber and Yandex.Taxi. And the main question is how secure is the web service to which you trust your data.

If the site developers have not taken care of security, a more or less advanced user can read other people's messages, look at photos, and so on. There is a set of web vulnerabilities designed to exploit programmer carelessness. We explain to students how attackers find and exploit such vulnerabilities, what this can lead to, and how to prevent it.

Knowing such things is useful for web developers, project managers, and anyone who wants to protect the confidential data of their website visitors. Or you need to involve a practitioner who will conduct an audit. Identifying threats is less than half the battle. We still need to figure out how to eliminate them, and then make sure that the protection works.


GeekBrains office: we work until late, just so that students gain knowledge

In addition to web security, our students study network security in detail. These areas are partially related, because there are threats that affect not only the server, but also the client part of the service.

For example, some sites, including large organizations, do not encrypt traffic. This allows it to be redirected to fake machines and intercept everything that users wanted to send to the server.

What if a person lives in a small town where there are no advanced IT companies? So he trained as a practical security guard. Who should he work with?

The technology stack that we teach is tied to system administration and other areas related to information security. If a person studies diligently, he will become a general specialist with us. Now I will explain in more detail.

A good security specialist must be able to administer. If you look at the resumes of information security specialists, many have had a system administration stage in their careers.

Our students study Linux closely. Anyone who has not worked with this operating system before will first of all learn how to install it on virtual machine. Next, students master working in the terminal, installing software and solving basic problems.

We also teach how to work with services: how to set up an Nginx or Apache server, a DBMS database, set up a BIND DNS server and mail. You just need to remember that knowledge does not come automatically after paying for training - you have to make an effort.

- Do you also teach how to build and configure networks?

Yes. Network engineer is another profession with which the work of a security specialist has something in common. You need to be able to at least configure network filters, close ports, monitor active connections.

When studying computer networks students will practice practical skills on the Cisco Packet Tracer simulator. We chose it for the sake of clarity, but the ability to work with Cisco equipment is also a bonus for your resume.

Cornerstone theme network security- TCP/IP. This is a model for transmitting data over a network. Administrators and security specialists work with different implementations of it all the time. We tell you what channel and channel protocols are. network layer, how they work, why you need a MAC address. Few people understand this, although it is at the link level that many types of attacks are built.


Studying network technologies

- Let’s return to the situation “a graduate does not want to move from small town" Where to work?

Let's start with the fact that there are providers everywhere. They will be happy to hire our graduate as a network engineer. Moreover, this will be a network engineer with a very good understanding of security. In career terms, he will have an advantage over people who previously only laid networks: crimped twisted pair cables and ran through attics with it. It will be easier for our security engineer to rise to the rank of manager. Providers have websites and some services - here you can also express yourself.

The next point is that system administrators are needed everywhere. If the company does not have a separate information security specialist, his duties are performed by the system administrator. And again, our graduate gets an advantage over administrators who studied security themselves and superficially.

On a personal note, I’ll add that if you have the opportunity to move to Moscow or St. Petersburg and work in a large local or international company, it’s worth it. We have students who have already succeeded.

- What about working with applications? After all, the security guard must also keep the software under control.

Yes, we teach application disassembly and analysis so students can identify malicious code.

You need to understand that attackers and those who fight them use the same tools. "Black" (bad) hackers analyze software and look for vulnerabilities that can be exploited. A white hat (ethical) hacker looks for bugs to plug security holes.

We teach how to explore code. If the programmer was careless, under certain conditions the program could reveal sensitive data. For example, send the user a piece random access memory, where passwords, private keys and other interesting things are stored.

We also teach programming in Python. It makes it convenient to automate tasks or write your own data analysis tools. These skills take a security guard to a higher professional level.

We also have a course on Operating Systems. He talks about OS architecture, how security threats differ in Linux, DOS, Windows, and more.

We explain what kernel space and user space are, how memory works, and why one application in modern operating systems cannot change the data of another application. How does a process differ from a thread?

Towards the end of the course - in the fourth quarter - students are introduced to the topic of binary vulnerabilities.

- You mentioned that students also learn how to draw up regulations and work with documents.

We talk about interaction with law enforcement and regulatory agencies - FSTEC and FSB. We learn when and how to apply the safety standards provided for by Russian law.

There is one more important point. We teach the basics of social engineering. Because an attacker never takes the difficult route unnecessarily. Before breaking anything, it tries to lure a password or other necessary information from the user. We tell you how to take into account such schemes when drawing up instructions for company employees.

- So you are preparing a “universal security soldier”?

We are preparing a person who knows how to hack and protect. It is necessary to understand hacking methods in order to competently build an information system.

A good security guard has the same skills as an attacker. But it does not use them for selfish and/or criminal purposes, but to protect the system and, ultimately, users.

You can hack anything - it's a matter of time and resources. But bypassing a well-built defense can simply ruin an attacker.

- How are priorities set among the areas being studied?

Main focus on web security. Network engineering and system administration are adjacent to it. In other areas, we provide basic knowledge that can be developed depending on the student’s interests.

Where can a security student gain practical experience? What achievements will he be able to put on his resume based on the results of his studies? And how to level up yourself?

Threats can be modeled. There are special tools for this. It’s better to start with simple things: take and install a “buggy web application” on the site - bWAPP (buggy web application). It was initially created to be insecure so that “ethical hackers” could use it to practice finding and blocking vulnerabilities.

There is also DVL - a special Linux distribution with intentional configuration errors.

Such tools are very useful, but students can quickly get bored with them, so we have prepared more interesting tests. For example, competitions like Capture the flag. You gain access to a remote machine, but you don't know its vulnerabilities in advance and have to find them. Victories in such competitions and competitions are valued in the market - they can be safely written down on your resume. It is no easier to hack a serious simulator than a real website.

It is also worth participating in competitions like Bug Bounty. This is when an organization offers a reward to those who find vulnerabilities in a product. We will tell you how to participate in such programs. If you have a well-developed account on hackerone, you will be welcome in large companies, including foreign ones.

Our student can also offer audit services to website owners: find and close vulnerabilities. The main thing is to agree with the owner of the site in advance, because the line between “black” and “white” hacking is very thin and unsolicited help can lead to criminal charges.

Does it make sense to offer security audits to those who don't care about it? It happens that a vulnerability is visible even to a non-specialist, but no one eliminates it...

It's worth a try. Some people really find it useless to write, but there are also those who haven't thought about the problem. I explained to one site owner that he uses HTTP, and it’s time to switch to HTTPS, because otherwise user passwords are transmitted over an unsecured communication channel. And the man listened. If the site generates income, the owner is interested in its development and, most likely, will engage in dialogue.

Here is a person who won a competition, conducted an audit for someone, but has not yet worked on the staff. Is this a problem when looking for a job?

No. Our graduate spent a whole year with GeekBrains and Mail.Ru Group. He already imagines the job of a security guard in large company, knows the entire technology stack and has put together a startup portfolio. From the point of view of the average employer, this is a lot.

- There will be something to show off at the interview...

By itself. It is possible that the graduate will understand some issues better than the future leader.

Sergey, thank you very much! Now I have a complete picture of what and why they teach at the Faculty of Information Security. If readers have any questions, I hope they will ask them in the comments. And you and I will still find time to talk in detail about another faculty - artificial intelligence.

There really is a lot to be said about the new faculty and the Data Science direction. So until next time.

An information security specialist is a person who analyzes the company’s information risks, develops and implements measures to prevent them. His responsibilities also include installation, configuration and maintenance of technical means for data protection. Security specialists also conduct training and consultations for employees on information security issues, and develop regulatory and technical documentation.

An information security specialist, especially in a large company, solves not only interesting problems, but also bears enormous responsibility. He must have a good understanding of the principles of administration and be able to create security systems for specific enterprises in order to protect local computer networks from virus attacks or hackers. In addition, the employee responsible for information security has to train other employees to comply with the basics of information security. Sometimes he is constrained by additional obligations, such as restrictions on travel if the work is carried out in a state-owned company.

Other job titles: Information and communication systems protection technician, Senior information and communication systems protection technician, Data protection specialist, Security officer

Responsibilities

Creation and testing of data protection systems

An information security specialist must collect and analyze the organization’s materials to take measures to ensure information security, namely:

  • install and configure technical and software protection;
  • find possible channels of leakage of information representing state, military, official or commercial secrets;
  • participate in the development of new control automation tools, control equipment circuits, models and information security systems;
  • install, configure and maintain technical and hardware-software information security tools

Formation of documentation

Developing and preparing design and working technical documentation in accordance with standards is another task of a security specialist.

  • draw up rules, regulations, instructions and other organizational and administrative documents for information security management;
  • develop proposals for improving and increasing the effectiveness of information security tools.

Employee consulting

An information security specialist must also consult with company employees and help them solve emerging problems:

  • organize the work of the team taking into account information security requirements;
  • provide legal protection information;
  • examine objects of protection and carry out their certification.

What you need to know and be able to do

    Personal qualities
  • Systematic and flexible thinking;
  • Focus on a specific result of activity;
  • Initiative;
  • Ability to plan and design;
  • Communication skills;
  • Organization;
  • Responsibility;
  • Determination;
  • Self-learning ability;
  • Stress resistance.
    Basic Skills
  • Understanding the basics of information security;
  • Knowledge in English at the level of reading technical literature;
  • Ability to program in various languages ​​C, C#, JAVA, Perl, PHP, JSP, EJB, J2EE, etc.
  • Skills in administering various operating systems, setting up and supporting anti-virus software;
  • Understanding of network architecture;
  • Ability to set tasks correctly.


Popular in the category:
How to create a karaoke clip on a computer?
How to create a karaoke clip on a computer?
read
The Origin app is required for the game, but it is not installed. FIFA 16 requires Origin.
The Origin app is required to play, but it is not installed FIFA...
read
Registering a personal page on the social network Facebook
Registering a personal page on the social network Facebook
read
How to Run a Simple Nmap Nmap Scan
How to Run a Simple Nmap Nmap Scan
read

Latest Articles
How to rotate an image a few degrees...
read
Disabling advertising in Yandex browser Where...
read
Troubleshooting Wi-Fi connection problems on...
read
Change password on Windows 10 profile
read
Instructions for setting up wireless routers...
read
How to choose a hard drive and which one is better to buy...
read
Meizu for dummies. Calls and address book....
read
Download PDFMaster program
read
Top