No InfoSeC Experience, preparing for CISSP

hitendave

Hi All,

I am working as Deskside support right now and worked as helpdesk agent for 4 years. I want to move my career in infosec and preparing for security+ and CISSP.

My concern is that as an Associate of CISSP (after passing the exam) or without it, with security+ does candidate gets job easily in infosec field to gain experience to earn CISSP in 5 years.

Please advise.

Thank you in Advance for your comments.

TheProfezzor

I doubt it. People who are looking for a security professional, are always looking for the better candidate. If you don't have experience in the InfoSec industry and you don't have an in demand certification, you might be overlooked, when there are people who have good experience and also have certifications like CISSP, CISA, GSEC. But then again, there's a thing called LUCK!

hitendave

Thank you for the reply. so even if I get security+ and Associate of CISSP, I can't move my career from Deskside support to Info Sec ? and without getting job, i wont get experience either. I think I might have to do something else as well like CCNA security and get into that field.

Thanks again

5502george

FYI, I have seen people get jobs based only on a cert. How long they lasted is another story, but it is possible to switch based on a cert.

wes allen

How motivated are you? Willing to build home labs and learn about IDS/Firewalls/Offsec/Linux/Etc? Enough to listen to two or three infosec podcasts a week for a year or two? Enough to go setup a twitter account and follow 100+ infosec people and read the links they share? Enough to hit up youtube(Irongeek) videos from past Cons for a few hours a week? Enough to study and understand the SANS top 20? Go find Eve Adams hack the hustle or attack angles video for more advice.

hitendave wrote: »

Thank you for the reply. so even if I get security+ and Associate of CISSP, I can't move my career from Deskside support to Info Sec ? and without getting job, i wont get experience either. I think I might have to do something else as well like CCNA security and get into that field.

Thanks again

TheProfezzor

hitendave wrote: »

Thank you for the reply. so even if I get security+ and Associate of CISSP, I can't move my career from Deskside support to Info Sec ? and without getting job, i wont get experience either. I think I might have to do something else as well like CCNA security and get into that field.

Thanks again

Two words for you "Motivation" and "Experience". Get them

docrice

The job market for security roles is shifting, but as a generalization the opportunities available to you depend on your location (and the market conditions there), potential willingness to relocate if needed, work experience (even as desktop support), education, certifications, attitude, and really just a combination of many of these things.

Security is about seeing things in-depth beyond what the textbooks tell you and being able to gauge risk. There's a lot of self-driven effort and digging required, and you have to really want to learn this stuff. Everything can be tedious and rewards are really only there after sufficient struggle and sustained effort. People normally don't go straight into pure technical security roles without some sysadmin or netadmin backgrounds. Work your way to learning the ecosystem, and the fastest path to that is to grasp the fundamentals because so many things boil down to them in the end.

In short, certs by themselves are somewhat meaningless. I see them as indicators of interest, but certainly not job qualifiers. You have to really prove that you want this and you've invested a lot of time into doing homework on your own. I see a lot of resumes and certs by themselves don't necessarily prove substance or value-add potential.

rawhide

You have to start somewhere if you are not experienced, certifications like Sec+, CISSP, CEH can always give you a headstart.

Go for it, I have seen guys at work who started at helpdesk job and moved into Identity and Access Management.

Every part of IT Organization leads to security , I started with Network 12 years back.

cw3k

Security + will not get you anything.

Most security jobs I have viewed are focusing on the Network & the OS layer or in audit/compliance (SOX, PCI, HIPAA, ISO,etc). Everything else will not get you into the door. I have like 6 years in Application security and configuration/helpdesk, but it didn't lead me to any meaningful security role job interview or something that pay more than what I am getting now.

JDMurray

docrice wrote: »

The job market for security roles is shifting, but as a generalization the opportunities available to you depend on your location (and the market conditions there), potential willingness to relocate if needed, work experience (even as desktop support), education, certifications, attitude, and really just a combination of many of these things.

Throw in "who you know" and "luck."

flt0nujr

Yes, the roles are shifting, but how else are you to even get a role has a junior network security admin or at least junior security analyst when all of these recruiters or job sites have this huge grocery list of skills, certs, and experience ? I see CISSP, CEH, GIAC, CISA, CCNP, for a security analyst role. cmon son !!!!

JoJoCal19

flt0nujr wrote: »

Yes, the roles are shifting, but how else are you to even get a role has a junior network security admin or at least junior security analyst when all of these recruiters or job sites have this huge grocery list of skills, certs, and experience ? I see CISSP, CEH, GIAC, CISA, CCNP, for a security analyst role. cmon son !!!!

Heh.....I have 8 years of InfoSec experience and even I am finding it hard to move around within due to the laundry list of what they want. I've got a few possibilities right now after some good interviews so we'll see if anything works out.

docrice

Too many employers I think are in that mindset of throwing their entire wishlist (realistic or not) out there and hoping they can reel something in. Perhaps the reasoning includes the idea that if you don't meet most/all of the job criteria, at least they could give you a chance but at a lower pay. Seems every business wants a way to cut down your salary expectations. We'll see how this turns out in the long run. Some employers know better and if they value their time and really want to ramp up, they're probably smart enough to know to look beyond the kitchen sink.

Who you know and luck definitely plays a huge role. Most of my jobs were through referrals and knowing people. Like it or not, people-networking makes a difference in this world.