Advice/Thoughts on Getting Into the World of InfoSec

magician300magician300 Member Posts: 27 ■□□□□□□□□□
First of all - love this forum and a lot of the things that are discussed here. I think it's an outstanding resource in a wide array of areas for folks like myself looking for information. With that said - I would like to get some advice/thoughts/suggestions/etc regarding the world of InfoSec.

A brief background of myself: I've been doing IT/Helpdesk support for the better part of 13 years.
  • I started out as the typical inbound-call help desk tech with Canon troubleshooting printers, scanners, cameras, etc. ('01-'06) for consumers. A little bit of tier 2 type tech support but not too much; pretty basic stuff.
  • Moved on to a similar type role with a telecommunications company (Cox Cable; '07-'0icon_cool.gif doing phone, internet and cable support for consumers.
  • Got a more "IT" based role with a small company as a support technician ('08-'11) that gave me greater responsibilities (assisting with network installations, basic AD administration) but due to the size of the organization and being a subsidiary company to a greater "parent" company with their own help desk I was more of the "eyes on the ground" type of support.
  • Moved into a bit of a level 2 type support role with a government contractor ('12-'13) doing similar types of support and having a little more responsibility from an administration standpoint, however primarily I was more involved in software and hardware troubleshooting and installations.
  • Enter present day. I've been at my current role as an IT Support Specialist since May of '13 doing a wide range of support issues from the basic password reset to configuring and deploying an OS X Server in our heterogeneous environment.

So where I am at right now: Since 2012 I have gotten my CompTIA A+, Net+ and Sec+ certifications. On 09/20/14 I took (for the 3rd time..) and passed the CISSP exam and am currently awaiting official certification. While my background isn't what I would consider REALLY strong from a security perspective I feel I have done enough within the domains to achieve certification at any time now - albeit just barely enough.

So my issues right now are the following:

  • I essentially have a Security+ certification and (soon) my CISSP; yet I really have not much experience in this field. I certainly understand the basic concepts of things (ISO, NIST, etc etc.. you get the point.) but have hardly applied any of it. I feel a bit lost at times because now I have a manager (long story for another post) who now feels I am Captain Security and he just throws things at me to do. I do love the ability to learn hands-on so it's great to a degree but some of the stuff is WAY over my head and stuff I've never dabbled in.
  • I am essentially at a point where I just don't know exactly what type of security role I should be looking for. Entry-level I'm guessing but as more of an analyst?

Ultimately I'm going to get more experience and find a great opportunity but I'm just curious if anyone else has been in this similar type of situation? I basically have a couple of certs with not much experience and I'm the first one to admit that a cert is a cert and that a LOT of people can get a cert but that doesn't make them rock stars in that area. Truth be told I had no idea what CISSP even stood for two years ago until I was offered the opportunity to study and take the exam for free. I am however now fully committed and want to make this career change but right there is the tough part - it is a career change and it feels like a complete 180 from what I've been doing.

Anyways - thoughts? Advice? Questions? I certainly would welcome anything that anyone has to offer and share and if you want to call me out on something then that's fine too - I don't take it personally. I appreciate positive and negative feedback.

Thanks in advance!

Comments

  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Create a lab. Invest in a machine with RAID10, lots of memory, and create your own AD forest (at least two DCs), Linux VMs, and whole mess of other stuff. Open source is a great way to learn, even if you're self-teaching from various resources online. It's the struggle and banging your head against the wall until it clicks that really develops your tenacity and is invaluable in the infosec world as it potentially teaches you to be resourceful.

    Use open source firewalls, get a cheap Cisco switch (2950), a cheap Cisco router (maybe an 800 series), all on eBay. If you're not already, become comfortable with the command line.

    Build, break, learn, rebuild. Ask questions, but only after exhausting yourself through trial and error. Read, read, and read some more. Many things will not make sense for some time, but at least get yourself aware of what they might be. In time you'll be able to connect the dots and see how everything ties together.

    It will be a long journey, so the sooner you start, the better.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • pinkydapimppinkydapimp Member Posts: 732 ■■■■■□□□□□
    pretty much what he said. i would consider grabbing a CCNA to build that networking knowledge. then grab ccna security(its very easy). Then look for a security position and learn learn learn.
  • magician300magician300 Member Posts: 27 ■□□□□□□□□□
    Thank you both for your replies. Useful information that I definitely plan to take advantage of!
Sign In or Register to comment.