Information security is a growing industry. Back in 2004, the cybersecurity industry was worth $3.5 billion worldwide. By 2015, it was worth $78 billion. It’s an industry that fielding a lot of jobs, and paying for them very well. According to the Bureau of Labor Statistics, the average yearly salary of an Information Systems Analyst was $92,600, and job growth between the years of 2012 and 2022 is expected to be as high as 37%—far above the average for other job sectors. And one of the best ways to get in on information security is through PKI.
What is Public Key Infrastructure?
Public Key Infrastructure (or PKI) is the foundation of all secure internet transactions. Nearly every secure transaction on the internet depends on the ability to ensure a given website's identity, then hold an encrypted exchange with them. None of that is possible without PKI encryption.
Here’s how it works. When a client tries to connect to a webpage that’s hosted on HTTPS, the client and the server first establish identities, with each providing certificates ensuring they are who they say they are (this defends against man-in-the-middle attacks). Next, the two parties conduct a “handshake,” where asymmetric key encryption is established, and a “shared secret” is created between the two parties. Building a strong PKI foundation ensures this whole process is smooth and secure.
If you feel comfortable with everything above, you’re already off to a great start! Ready to level up your machine identity career and become a PKI admin? Read on for some ideas on how to get started.
Getting the Job
If you’re done stuffing your head with jargon and tech lingo (or if the above description was par for the course for you), then you’re ready to start considering a job in the field of cyber security, specializing in PKI administration. It’s not a cakewalk, though, so if you’re serious, be prepared to put in some serious groundwork.
Like any computer-related field, you’re being evaluated on the see-saw of experience vs. education. Many times, the experience will outweigh the education, but you will always be seen more favorably with a solid degree under your belt. Besides, many of the things you need to know as a PKI Administrator will be easier to learn with an expert to explain it to you.
PKI administrators require a pretty wide knowledge base, so feel free to pursue a degree in any of these fields as a precursor to a career:
- Information Technology
- Information Security
- Computer Science
- Information Systems Management
- Information Services
You can’t succeed working with PKI without some decent coding chops. It may be a hard pill to swallow, but there are few computer-related professions where you can get away with not knowing a coding language. So if you’ve been resisting until now, start learning now. Pick up a textbook, and start studying any of the following languages:
While you don’t have to be an expert on everything, you do need to be able to carry a full conversation discussing the following topics:
Lastly, it’s important to understand that there are no entry-level PKI admin positions. It’s a specialization rather than a field, and that means you qualify for it in part by doing something else first. Serving as an IT administrator for several years is a good start. To be sure you have some security street cred to put on your resume, however, be sure you’re getting practice where you can. Offer to help out with security at your current job, or offer to start studying it.
In absence of paid opportunities, volunteer your services for non-profit organizations and do cybersecurity for them. It may seem like you’re working for free, but that volunteer experience looks great on a resume, and puts you ahead of applicants who have no security experience whatsoever.
Whatever you do, be sure you get some solid practice in at least the following:
If you have further questions about what it takes to make it in PKI and cyber security, feel free to talk to the professionals. You can also check out Venafi’s in-depth materials, eBooks, and data sheets around PKI to keep up to date on all things PKI and machine identity management!
- 7 Things Every CISO Needs to Know About PKI
- Exposed TLS Certificates Force PKI Lead to Quit: How Badly Managed PKI Poses Serious Risk [Case Study]
- How Do Certificate Renewal, Reissue, and Revocation Processes Work?