There are hundreds of different roles & responsibilities in the IT Security career field alone. Here are some of the common types that I have seen:
Information System Security Manager – coordinate with the system owner and the information system security officer to ensure security is on the systems.
Information System Security Officer – coordinate with management and system administrators to implement system security controls. Ensures security controls are tracked and documented.
System Administrator – applies technical functionality and security on information systems.
Architect – assists in the design of enterprise information systems.
Security Analyst – review the logs of information systems to determine if there are any malicious activities happening.
Auditors – review the information systems to make sure the security controls are applied, documented and continuously monitored.
So you want to get into Information Technology? Well what do you want to do in IT because there are many different branches of it. I would suggest going into IT security, specifically, Risk Management Framework. It is a very specialized field.
You will need to know the fundamental of IT security. The basics on what goes into securing important data and their hardware. You will also need to have at least a little knowledge of technology and its history. You will need to know a LOT about NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems”. You will need to dive into NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations”.
Since not many people want to do this work, or even know about it, there is not much competition. They are always looking for qualified people to do it. What you will need is a 4 year degree (preferably in something technical), an IT certification in security (Security+, ISC2 CAP, CISSP, CASP, CISM,CISA) and a lot of knowledge on NIST 800-37.
There are differences between the old DIACAP (being phased out), DoD RMF for IT and NIST RMF. What is “DIACAP”? It stands for Department of Defense Information Assurance Certification & Accreditation Process and it is based on the old DoDI 8510.01 and DoD 8500 documents. The process was designed to make absolutely sure federal systems have security on them.
With the constant exponential evolution of information technology this process has had to change to keep up with the times. DIACAP is being replaced with DoD Risk Management Framework for Information Technology (DoD RMF for IT). This process has more granularity, more detailed, more frequent and covers many new technology that was not covered by DIACAP. DoD RMF for IT is actually based fundamentally on NIST SP 800-37, Risk Management Framework.
AIX 6.1 Ver 1, Rel 22
Apple OS 10.10 Workstation Ver 1, Rel 11
Apple OS 10.8 Workstation Ver 1, Rel 15
Apple OS 10.9 Workstation Ver 1, Rel 12
BlackBerry 10 OS Ver 1, Rel 13
Cisco IOS Ver 1, Rel 13
HP-UX 11.31 Ver 1, Rel 22
MAC OS X 10.6 Ver 1, Rel 22
Oracle Linux 5 Ver 1, Rel 15
Oracle Linux 6 Ver 1, Rel 15
RHEL 5 Ver 1, Rel 22
RHEL 6 Ver 1, Rel 20
Solaris 10 SPARC Ver 1, Rel 22
Solaris 10 x86 Ver 1, Rel 22
Solaris 11 SPARC Ver 1, Rel 15
Solaris 11 x86 Ver 1, Rel 15
Windows 7 Ver 1, Rel 20
Windows 8 and 8-1 Ver 1, Rel 20
Windows 2008 R2 Ver 1, Rel 20
Windows 2008 Ver 1, Rel 20
Windows 10 Ver 1, Rel 6
Windows 2012 and 2012 R2 Ver 1, Rel 18
Windows Vista Ver 1, Rel 20
zOS Ver 6, Rel 27