Why and How to Become a Security Administrator
The way in which a security administrator is perceived is that she is the main corner stone for the entire cyber security of an organization. In general, the main function of a security administrator is to install, administer, and troubleshoot all the security solutions that are actually applied or to be applied within the organization’s systems and networks.
There are various scopes for this position, which are essentially determined by the organization itself. However, there are a bunch of responsibilities of which some or most could be assigned to you while working as a Security Administrator. The following list attempts to tackle most of these responsibilities that you should expect.
- It is your responsibility to build your defense against any unauthorized access to the systems which could end up modifying them or even getting them destroyed.
- You are responsible to conduct several vulnerabilities scanning and evaluate the network security accordingly.
- You should keep track of the network traffic and suspect any unusual traffic and take appropriate action in response.
- It is one of your core roles to configure the necessary security tools into the system and networks. In general, you are responsible to setup firewalls, anti-virus software, patch management systems, etc.
- Another one of your major responsibilities is to actually implement all the planned security policies in the organization when it comes to organization’s networks. You should also implement all the necessary security procedures needed for achieving the best possible level of security such as access control lists, application security standards, and safeguards for corporate data.
- You should understand the security requirements for the organization’s environment. Accordingly, you should implement these requirements and integrate them into the systems and networks.
- It is your responsibility as well to help raise the security awareness amongst your colleagues, this could be achieved through scheduled trainings and sessions held for this purpose.
- You should always be there for any technical advice to give to your colleagues when needed.
- You should always make sure that all systems are up and running. This is attainable through ensuring business continuity through some protocols for disaster recovery. You should be responsible to develop and update systems with these protocols.
- You should always recommend any improvements or modifications that you think of regarding security policies.
- You should schedule security audits on a regular basis to make sure that nothing could interrupt the organization’s systems.
- Some Security Administrators have tasks similar to the ones that a Security Specialist or a Security Analyst should take. However, this may happen in small scale organizations but it is very rare to occur on the large-scale base.
You should always report your recommendations and technical notes to a Security Manager in the organization.
In fact, you could just start you career in the IT security field through this jobs as a Security Administrator. It will provide you with valuable knowledge and experience that should be necessary for your upcoming jobs in the field. After gaining this experience, you can take one step up the ladder to one of the following amazing jobs:
- Security Analyst
- Security Auditor
- Security Engineer
- Security Consultant
After you gain your knowledge and experience from one of these jobs, you make consider shooting for the prestigious management positions. Examples of such positions are given by the following list.
- Security Manager
- Security Architect
- Security Director
Chief Information Security Officer (CISO)
There are some other jobs that you can consider as some extended versions of the Security Administrator job or more specific into one field of the security domain such as the organization’s networks when it comes to a Network Security Administrator kind of job. The following lists some of the main jobs that are functionally very similar to the Security Administrator job.
- Systems Security Administrator
- Network Security Administrator
- IT Security Administrator
The average salary for a Security Administrator is suitable for its level in the positions hierarchy. According to PayScale, a security administrator is paid $61,553 yearly on an average basis. The minimum payment to expect for this job according to the figures is around $39,497 per year while the highest payment you should expect is around $91,319 per year. It is needless to say that all pay figures include your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable. Higher figures do not include benefits.
The style of this job is really different from a job that has unique responsibilities or a job that takes part in a well-defined operation that can only be done by 5 people for example. This makes the degree question really hard to answer directly or in a straight forward manner. However, I would say that an employer would love to see that a candidate for a Security Administrator position actually carries a bachelor’s degree in Computer Science, Cyber Security or a related field. However, this does not mean that having a non-technical degree can not lead you to become a Security Administrator. In case you manage to gain an associate’s degree and/or a lot of work experience, most employers will also accept that and move into your skills to evaluate them. In addition to work experience, attending several trainings in the field as well as gaining several professional certifications would be an attractive aspect which employers would be excited about. If you are also into the academic life, getting a master’s degree with a concentration in IT security will be an addition to your resume and your overall skills.
Some employers require one year of experience in the field of IT to become a security administrator. However, this is mostly the case in small scale organizations. On the other hand, large scale organizations will require more years of experience up to 10 years because several tasks will be assigned to the security administrator thereafter. So, I would say the range goes from 1 to 10 years of experience to be eligible candidate.
There are a bunch of technical skills that an employer will be curious to see in his potential candidates. The following list gives an overview of the mostly required skills as well as the most essential ones to function properly in this job.
- You should have a concrete knowledge and experience of the common protocols from layer 4 up to layer 7 such as SSL, HTTP, DNS, SMTP and IPSec.
- You should be standing on a solid ground about firewalls and the way in which they operate and how to configure them and change their rules.
- You should be knowledgeable of Juniper, Cisco, and/or Checkpoint.
- You should be experienced with main concepts such as Packet Shaper, Load Balancer and Proxy Server.
- You should be of intermediate to expert knowledge when it comes to dealing with Intrusion Prevention and Intrusion Detection systems.
- You should have a solid knowledge about computer networking concepts from the perspective of security such as routing, switching, and TCP/IP protocols.
- You should be completely aware of protocols used for intrusion and prevention detection as well as firewalls.
- You should be comfortable dealing with network protocols and security tools used for packet analysis in the network.
- It is needless to state that you should be aware and comfortable using both Windows and Unix like operating systems.
It is also worth noting that it is always advisable to check with your professors, colleagues and employers about the necessary skills for your desired job position. Such skills may be some of the previous points or may have something that is not here.
Work on your oral and communication skills. Try to become a better talker when it comes to explaining issues to someone who is not of a technical background or a less technology experience than you. Your willing to explain technical matters in a form of teaching, writing or orally all make a difference. Being clear in your explanations make your life a lot easier regarding these matters during your job period of time in the organization. These skills are also the ones which employers look for other than the technical skills when they evaluate their candidates.
I would say that getting a recognized certificate is always a privilege to have on your resumes and they add greatly to your chances of getting hired. Nonetheless, certificates are not always the sole way to get certain jobs. Some employer for instance do not necessarily require a professional certificate for the job of a Security Administrator given that it is an entry level position. The reason why this is the case is that getting accredited by valuable certifications usually takes years of experience and preparations, like the case of getting a CISSP certifications. However, the following list displays the mostly desired certifications for this job or similar jobs.
