October 11th, 2006, 09:41 PM
Getting Into Information Security Field..
Hi, I'm currently a student gaining an AS degree in information security (No work experience other than school), I am wondering what employers in the IS market look for when hiring potential employees and what would be a position to seek out that would allow me to expand my knowledge / pay grade. As far as certifications go I only have Net +, considering CCNA and Security +. Also I have completed various MOAC courses. To clarify my long term goal is to stay away from help desk / admin type work, and move into something similar to penetration testing or forensics. Any suggestions on how accomplish this goal?
October 11th, 2006, 10:11 PM
Theres quite a few positions out there that deal with "Information Security"
If you search Monster.com for that, you'll find quite a few jobs.
You'll start out small probably, getting your feet wet, as experience is the best knowledge. School just helps you to know what to look for.
I would recommend looking into a CCSP(Cisco Certified Security Professional), most jobs I see look at having that cert as a plus. It would definitely help you to get your foot in the door.
Ultimately, work at getting the security certs you mentioned, and the CCSP if you can. Realize that with no work experience in Information Experience it will take you a bit to build up the experience/knowledge to get a more established company to look into you seriously. But ultimately, I believe it is all worth it. If your good, and know what your doing, pay can be pretty good.
October 11th, 2006, 11:55 PM
Thanks for the reply, So where should I put most of my time:
I know I probably need a little bit of them all, but I dont want to spend hundreds of dollars on these certifications if they wont really count for much. Also I am a veteran and still have a security clearance, will that count for anything?
October 12th, 2006, 12:23 AM
Your university quals will show you have a good knowledge to start, the ability to learn and as already stated you know where to look for information.
Qualifications are definitely a bonus, depending on how technical you want to be (from what you have said you want to be quite technical) there is a broad range. I think:
CISSP form isc2 is well regarded https://www.isc2.org/cgi-bin/index.cgi
GIAC qualifications from SANS http://www.sans.org/
It is also worth checking out individual courses on the area of security you want to specialise in because the variety of jobs in IT security is enormous.
But generally in my experience employers are most interested in experience. Be prepared to take a lower paying job initially if it is going to provide you with the experience you need in the future, It may be worth seeing if you can find some intern/work experience type work whilst at uni to get your foot in the door (this is what I did) as graduate employers really respect that.
Good luck - a good mixture is the key but definitely if you can get some useful work experience you will be in a great position.
A security clearance definitely wont hurt!
October 12th, 2006, 05:12 PM
I agree with cabby that both CISSP and GIAC are creditable certs. The CCSP is great if you plan on working with Cisco equipment. However, you will soon find out that you will never truly move out of the "help desk" area. The only difference will be how complex the problems are lol.
I'll give you a look at what I have done and where it’s gotten me. Perhaps it will give you a baseline. Currently I’m a Sr. Software Security Architect. I work for a company that has about 300+ employees and I make a very good living. Now, I’m not saying that my certs and degree’s have been the only thing that has gotten me this far. I can say that having them has helped. You have to remember that experience is truly worth its weight in gold; moreover, having a top notch reputation.
So basically my job is this:
Essentially my company offers a solution to banks, and I’m in charge of making sure it’s secure. So Its my job to break it—help fix it – Break it again – help fix it – Break it again – help fix it --…(you can see a pattern here lol )….
As far as Work experience goes I have about 7 years of applicable experience. I started out in IT. I’ve been a network administrator, project manager, and everything in between.
I have the following degrees
B.S Computer Science
I have the following certs:
So hopefully this will give you an idea as to what it takes to become a security professional. My last point is this, learning to pass test or get through college is not enough. You will have a hard time getting by in this field if you are truly not comfortable with the material you are claiming to be an expert in.
As a side note:
It could potentially be in the 10’s of thousands of dollars range. That just for certification--not including a college. I mean heck, most alot of the Sans classes are around 3 grand a pop.
but I dont want to spend hundreds of dollars on these certifications
October 12th, 2006, 08:40 PM
I just wanted to say thanks for the replies, it's good to talk to those with experiance in the field and get a sense of direction. I guess my best bet is to finish up school, gaining as many cert's as I can along the way and then try to work my way up in the industry.
October 14th, 2006, 10:54 AM
Hi bnations might I just throw you a curved ball or two here?
If you can fit it in, I would suggest getting some sort of accountancy course in, and possibly a reasonably specific legal one (statutory compliance).
You see as you progress you will have to look at quotations/proposals, budgets and managing your project's finances I am afraid that as you progress............or more if you want to progress, you will not be able to avoid administerial responsibilities...........It goes with the territory called "management"
Hey, as a vet you must have noticed all the crap on the CO and Exec's desks?
Just a thought?
Oh! your SC would get you into the armaments industry...........it takes at least 3-6 months to get one from scratch, and they don't want to wait that long before filling a post?