Results 1 to 7 of 7

Thread: Getting Into Information Security Field..

  1. #1
    Junior Member
    Join Date
    Oct 2006
    Posts
    6

    Getting Into Information Security Field..

    Hi, I'm currently a student gaining an AS degree in information security (No work experience other than school), I am wondering what employers in the IS market look for when hiring potential employees and what would be a position to seek out that would allow me to expand my knowledge / pay grade. As far as certifications go I only have Net +, considering CCNA and Security +. Also I have completed various MOAC courses. To clarify my long term goal is to stay away from help desk / admin type work, and move into something similar to penetration testing or forensics. Any suggestions on how accomplish this goal?

    Thanks

  2. #2
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Theres quite a few positions out there that deal with "Information Security"

    If you search Monster.com for that, you'll find quite a few jobs.

    You'll start out small probably, getting your feet wet, as experience is the best knowledge. School just helps you to know what to look for.

    I would recommend looking into a CCSP(Cisco Certified Security Professional), most jobs I see look at having that cert as a plus. It would definitely help you to get your foot in the door.


    Ultimately, work at getting the security certs you mentioned, and the CCSP if you can. Realize that with no work experience in Information Experience it will take you a bit to build up the experience/knowledge to get a more established company to look into you seriously. But ultimately, I believe it is all worth it. If your good, and know what your doing, pay can be pretty good.

    Good Luck
    =

  3. #3
    Junior Member
    Join Date
    Oct 2006
    Posts
    6
    Thanks for the reply, So where should I put most of my time:

    School?
    Certifications?
    Experiance?

    I know I probably need a little bit of them all, but I dont want to spend hundreds of dollars on these certifications if they wont really count for much. Also I am a veteran and still have a security clearance, will that count for anything?

    Thanks

  4. #4
    Your university quals will show you have a good knowledge to start, the ability to learn and as already stated you know where to look for information.

    Qualifications are definitely a bonus, depending on how technical you want to be (from what you have said you want to be quite technical) there is a broad range. I think:

    CISSP form isc2 is well regarded https://www.isc2.org/cgi-bin/index.cgi
    GIAC qualifications from SANS http://www.sans.org/

    It is also worth checking out individual courses on the area of security you want to specialise in because the variety of jobs in IT security is enormous.

    But generally in my experience employers are most interested in experience. Be prepared to take a lower paying job initially if it is going to provide you with the experience you need in the future, It may be worth seeing if you can find some intern/work experience type work whilst at uni to get your foot in the door (this is what I did) as graduate employers really respect that.

    Good luck - a good mixture is the key but definitely if you can get some useful work experience you will be in a great position.

    A security clearance definitely wont hurt!

  5. #5
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    432
    Hey bnations,

    I agree with cabby that both CISSP and GIAC are creditable certs. The CCSP is great if you plan on working with Cisco equipment. However, you will soon find out that you will never truly move out of the "help desk" area. The only difference will be how complex the problems are lol.

    I'll give you a look at what I have done and where it’s gotten me. Perhaps it will give you a baseline. Currently I’m a Sr. Software Security Architect. I work for a company that has about 300+ employees and I make a very good living. Now, I’m not saying that my certs and degree’s have been the only thing that has gotten me this far. I can say that having them has helped. You have to remember that experience is truly worth its weight in gold; moreover, having a top notch reputation.

    So basically my job is this:

    Essentially my company offers a solution to banks, and I’m in charge of making sure it’s secure. So Its my job to break it—help fix it – Break it again – help fix it – Break it again – help fix it --…(you can see a pattern here lol )….

    As far as Work experience goes I have about 7 years of applicable experience. I started out in IT. I’ve been a network administrator, project manager, and everything in between.

    I have the following degrees
    B.S Computer Science
    A.S CIS

    I have the following certs:
    Cissp
    CompTia certs
    CCNA
    CCDA
    ACSE
    ACSS
    ACSP
    MCSE

    So hopefully this will give you an idea as to what it takes to become a security professional. My last point is this, learning to pass test or get through college is not enough. You will have a hard time getting by in this field if you are truly not comfortable with the material you are claiming to be an expert in.

    As a side note:
    but I dont want to spend hundreds of dollars on these certifications
    It could potentially be in the 10’s of thousands of dollars range. That just for certification--not including a college. I mean heck, most alot of the Sans classes are around 3 grand a pop.
    I toor\'d YOU!

  6. #6
    Junior Member
    Join Date
    Oct 2006
    Posts
    6
    I just wanted to say thanks for the replies, it's good to talk to those with experiance in the field and get a sense of direction. I guess my best bet is to finish up school, gaining as many cert's as I can along the way and then try to work my way up in the industry.

    Thanks

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi bnations might I just throw you a curved ball or two here?

    If you can fit it in, I would suggest getting some sort of accountancy course in, and possibly a reasonably specific legal one (statutory compliance).

    You see as you progress you will have to look at quotations/proposals, budgets and managing your project's finances I am afraid that as you progress............or more if you want to progress, you will not be able to avoid administerial responsibilities...........It goes with the territory called "management"

    Hey, as a vet you must have noticed all the crap on the CO and Exec's desks?

    Just a thought?

    Oh! your SC would get you into the armaments industry...........it takes at least 3-6 months to get one from scratch, and they don't want to wait that long before filling a post?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •