IT Security / Stick to Healthcare

Yes, me the another new guy wanting to be in IT Security. New to the security world of course, not new to tech field.

For the last few years, i have been tickling with the idea of entering IT security world. The security industry is hot with the potential to make a good living and with the background in healthcare would just make things sexy.

I'm just trying to gain a better understanding of how to break into security, especially Healthcare Security.

My background is in healthcare technology, which involves a lot of implementations and project management type of work. I enjoy what I do, but at the moment I am starting to realize the industry is taking a turn. Security / Data Analytics are two big players in the healthcare at a moment. It's all about population health and how to protect patient data.

With this said, I would like to focus more on HIPPA side and possibly join large hospital doing a lot of vulnerability testing, audits, implementing policy, protecting EHR software and more.

Do I need to make a systematic approach as many of you: IT System / Network Admin -> Certs -> Security?

So my fellow tech homies, I ask, which would be a suggested path for me.

Thanks
Amar

Find more posts tagged with

Comments

ITSpectre

MrSecurityGuy wrote: »

For the last few years, i have been tickling with the idea of entering IT security world. The security industry is hot with the potential to make a good living and with the background in healthcare would just make things sexy.

You just want to hit on the Nurses and RN's LOL jk

To answer the question I would start with Sec+ Net+ and then maybe a HIPPA certification since you focus more on HIPPA.

TLeTourneau

All security focused positions at my employer require CISSP so there's that.

Remedymp

I work as a Sec Analyst in Healthcare. You need to know security well in order to be trusted in this environment. There are groups on Meetup that you can follow or join Healthcare Security focused. You can also tour Brighttalk.com for Healthcare IT Security based Webinars that are usually an hour long and get a CPE for it as well.

I would also advise you join an org like ISC2 or ISACA as they do 1-2 meetings a year on InfoSec in Healthcare that usually good for networking and learning as well.

Try and get your Security+ or the SSCP (not both, that would be redundant). HCISPP is probably where you want to aim after taking one of the two former mentioned.

MrSecurityGuy

ITSpectre wrote: »

You just want to hit on the Nurses and RN's LOL jk

To answer the question I would start with Sec+ Net+ and then maybe a HIPPA certification since you focus more on HIPPA.

Haha...Of course bro, why would anyone pass the opportunity to hit on a HOT nurse (female - of course)!
Heck, I'll hit on MD's. hehe..

MrSecurityGuy

Cool guys, appreciate the feedback. I really do appreciate the time, which some of you have taken to read and give me some honest feedback.

Remedymp: Can you kindly discuss your background and how you got started within the healthcare security? Your feedback will be invaluable.

Also, do you have an EMR experience? Do you do any implementation or security within the EMR app?

I'd imagine your hospital is probably using EPIC, which case was certification mandatory?

Thanks.

UnixGuy

MrSecurityGuy wrote: »

Haha...Of course bro, why would anyone pass the opportunity to hit on a HOT nurse (female - of course)!
Heck, I'll hit on MD's. hehe..

Rule #1, don't 'hit' where you eat

one of my jobs was in a 'health care'..I would *personally* treat it as any other IT Security job. Get your foundation (Security+, CASP) and then choose if you want to do audit/compliance type work or technical and go from there

MrSecurityGuy

Of course NOT, i was just jk. Never S**t where you eat.

Has anyone use gtslearning.com LIVE Labs? This company has lab that accompany professor messer materials.

MrSecurityGuy

Should I opt to do another BS or MS in info assurance / cyber security? I currently have a business management degree from well reputable b & m university.

Browsing through WGU Cyber security BS program and all those certs you obtain sounds very promising, irrefutable to place you toward success.

kurosaki00

UnixGuy wrote: »

Rule #1, don't 'hit' where you eat

Hey look at me! I'm Mr. I dont spank my steak! I'm better than everybody.

/s

UnixGuy

kurosaki00 wrote: »

Hey look at me! I'm Mr. I dont spank my steak! I'm better than everybody.

do whatever you want mate, go hit on everyone at your work place .. it's the smartest thing to do

ITSec14

If I had to recommend a cert path it would be Sec+ > CISSP > HCISPP

As lame and boring policy writing sounds, you can make $$$ if you get good at it. I've been in security for over a year now and I just revamped all of my companies security policies and even created new one's which we didn't have in the past. Technical skills will always be crucial to security, but the administrative stuff is really good to know too.

LA2

You mentioned you are currently in the healthcare technology field. What do you do in your role? Maybe we can help you pivot into the security side.

MrSecurityGuy

I'm largely involved in the implementation of vendor specific product, EHR. This involves training, troubleshooting, and becoming an SME on multiple vendor products.

I don't mind switching path in my career if I can jump into security. From the looks of it seem to be that I need to start working on my security+.

My goal is to eventually become a CISCO or part of an upper management team in IT.

mgeoffriau

HIPAA. Not HIPPA.