Information Technology Security Consultants


Exploring this Job

Learn as much as you can about information security and the consulting industry by:

  • visiting the Web sites of cybersecurity companies such as Symantec, McAfee, Sourcefire, Fortinet, and Forcepoint
  • downloading and installing free security software from a reputable company to get a basic understanding of how such technology works
  • visiting the Web sites of consulting firms such as Deloitte, EY, and PwC that have IT security practices
  • reading publications such as the ISSA Journal ( 
  • getting involved with computer user groups and clubs that focus on IT security
  • visiting the National Initiative for Cybersecuruity Careers and Studies’ Web site,
  • checking out the SANS Cyber Security Blog (
  • participating in cybersecurity competitions, such as the National Cyber League (, to hone your skills

The Job

Information technology security consultants are experts in programming languages, computer and telecommunications hardware and software, the Internet, and security techniques such as penetration testing, firewalls, mobile device security, and vulnerability scanning. They perform a wide range of duties, depending on their employers and the needs of their clients.

In the areas of assessment and protection, IT security consultants assess their clients’ IT systems to identify weaknesses and formulate strategies to address these issues; break into their clients’ computer systems and networks, with permission, to determine if they are vulnerable to cyber criminals and spies (this is known as ethical hacking or white hat hacking); and work closely with software architects, hardware engineers, software developers, and other IT professionals to develop custom software or systems to help organizations remedy these issues. They also install, configure, troubleshoot, and maintain firewalls and data encryption programs to protect sensitive information, and test, operate, and maintain systems security software and hardware. Then they educate a client’s employees about new security products and procedures. To provide the best advice to client, consultants stay up to date on the latest information technology security trends and threat.

Information technology security consultants stand ready to respond when a client’s system is potentially being hacked. They identify, analyze, and report suspicious events and activities that occur or are alleged to have occurred within computer networks and other systems; engage in surveillance and counter surveillance methods to gather evidence of security breaches or related issues; respond to crises or urgent situations to mitigate immediate and potential threats; and collect, analyze, and present computer-related evidence in support of network vulnerability mitigation, and/or fraud, criminal, law enforcement, or counterintelligence investigations.

Information technology security consultants who operate their own businesses must continuously generate new business by advertising in industry publications, on social media, and through word-of-mouth recommendations from past clients; be active on social media, present at industry conferences, and write articles and white papers to increase their visibility and attract new clients; negotiate project fees with potential customers; prepare contracts and invoices; and manage office staff.