April 19th, 2007, 04:33 PM
Information Security Career?
I am interested in changing career directions. Currently I'm a GIS analyst and interested in going in the direction of Information Security. Can anyone provide some direction and /or guidance regarding training and roadmaps? Specifically, which training orgs are legit and credible. Are there intern or ground level options that allow someone to enter the field and work towards certification/training on their own or on a companies dime? Any guidance/assitance would be greatly appreciated.
April 20th, 2007, 02:24 AM
It's a niche that's hard to get a foothold. Certifications won't get you where you want to be. An employer would only pay for it if it is pertinent to your current job. A prospective employer would want to see experience, not just certifications.
If you are serious, these are the ways to go:
http://www.nsa.gov/ia/index.cfm (have to dig around to see participating schools.
check this site for participating schools in Cyber Corps program
The Federal Cyber Corps Program
The Cyber Corps Program is open to students currently completing their junior year of undergraduate school or first-year of graduate school. In addition to a stipend of approximately $1,000 per month, the Program pays for each student's tuition for two years, room and board, and travel to conferences.
After one year of training, students complete a summer internship in a federal agency, learning first-hand about computer security issues and putting into practice what they've learned in class. By the end of the second year students earn an undergraduate or graduate degree in computer science in addition to multiple federal-level computer security certificates as endorsed by the Committee on National Security Systems (CNSS).
If you want more info on either, shoot me a msg. The preference, though, is obviously Cyber Corps if you want to take the plunge, and specifically go gov't as well- being that you get that guaranteed work arrangement. Schools participating in NSA's IAD would be viable for someone who wants to take courses, still work full-time, but you don't have a commitment to the gov't.
Also, subscribe to this free magazine. It's the best I've found for introductions into InfoSysSec industry
Last edited by not_it; April 20th, 2007 at 05:32 PM.
April 20th, 2007, 04:46 PM
Thanks not_it. This gives me some valuable insight and direction.
April 25th, 2007, 08:41 PM
someone pm'd me asking about scholarship for international students. Unfortunately, scholarships funded by the US gov't for these programs do require US citizenship.
I'd ask around in your home country for any types of funding they may have.
April 26th, 2007, 02:44 AM
Now... I may be Canadian but I know quite a few Americans in IS and I can't say I've ever heard any of them mention that program....
I would say that advice is trash... but I won't... instead I'll give you what I consider to be actual useful advice...
You don't "NEED" anything special to get into security... and you'll find that the industry is split on the concept of certifications...
What you do need is to be intelligent... You need to know computers (knowing how to click the start button... or setup a LAN so you can game with friend is NOT sufficient)... you need to be willing to learn and you need an open mind...
That being said... let's get into what you actually need to do to get into IS..
First, you need to define what you want to do in IS... Saying you want to go into IS is as broad as saying you want to go into IT... Saying you want to go into IS when someone asks what you want to do is like saying "the kind with notes" when someone asks you what kind of music you like... generic and vague..
Are you interested in Corporate IS... If yes... are you interested in securing systems, monitoring systems, auditing systems...
Are you interested in, what I call, "Vendor IS"... If yes.. what aspect... According to this years RSA Conference there are 800 companies in the "Vendor IS" space... that's a lot of companies.. and that doesn't include Pen Test companies etc..
So here's some examples.. pick the sentence that applies to you:
- I want to configure security on Active Directory
- I want to configure security on Routers, Firewalls and VPNs
- I want to develop security tools for the home user
- I want to audit others security configurations from inside a company
- I want to audit others security configurations from outside a company
- I want people to pay me to break into their companies computers
- I want to sit and do research all day
- I want to find vulnerabilities and make a name for myself
- I want to get into IS because I heard it's cool and know nothing about it.
- I want to get into IS because I heard you can make lots of money
- I want to fuzz applications all day to see if they break
- I want to test security tools developed for the home user to ensure proper operationg
- I want to consult with companies.
- I want to ____________________ (fill in the blank)
There's also a fine line for a lot of roles... especially if you look at small business... an IT role (Sys Admin for example) in a SMB is also an IS role most of the time...
If you just "want to get into IS"... go to a university and take an IS course... then maybe you'll have a better idea of exactly what it is in IS that draws you... I can give you plenty of advice... but I'm not going to sit here and give out pages and pages of advice on multiple possible roles.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
April 26th, 2007, 05:44 AM
I couldn't agree with you more, HTRegz. I was thinking of writing along the same lines in regards to "I want to learn Information Security" and that being a broad statement. While these programs aren't well known, they are excellent for formal education in IS areas.
Some schools have these programs for the sake of having an IS department to attract students, others take it seriously and have established reputation (e.g. University of Tulsa). You get out of it what you put in, though.
As far as thinking my advice is trash... I guess that's your opinion. I wanted to offer solutions that might truly get you into the profession rather than starting grassroots and taking on something by chance, such as saying "I want to work on Active Directory".
Last edited by not_it; April 26th, 2007 at 03:14 PM.
By AngelicKnight in forum Newbie Security Questions
Last Post: June 28th, 2004, 01:29 PM
By Nokia in forum Tips and Tricks
Last Post: June 12th, 2004, 05:13 PM
By Striek in forum The Security Tutorials Forum
Last Post: December 16th, 2003, 08:30 PM
By xmaddness in forum Miscellaneous Security Discussions
Last Post: July 18th, 2002, 04:36 AM
By E5C4P3 in forum Miscellaneous Security Discussions
Last Post: March 7th, 2002, 06:35 AM