First InfoSec Job ! Thank you TechExams !

ZoovashZoovash Member Posts: 84 ■■□□□□□□□□
Hello,

First of all I would like to apologize for not being more active of this forum, even though I'm reading it daily; socializing in English is not my strongest.
So let's jump in ...
I would like to officially thank the TechExams community ! I found this forum when I was at a crossroads in my career and has helped me a lot since. Reading through almost every post and building on your advices and knowledge has helped me in finding a goal and finally achieving that goal. After only 2 years of IT experience, I've recently got my first InfoSec job, as a Vulnerability Assessment Engineer with a big company. I would like to give special thanks to YFZblu for his wonderful post on interview tips. I actually studied everything he said there before the interview :)

I know this is a tough field and many are struggling in finding a job. You should realize from the beginning that security is not an easy field and you have to do a lot of individual search and reading. In comparison with other roles, you have to stay current on a larger spectrum of technologies, as well as security trends, vulnerabilities etc. Every day you should read the latest news about technologies, security, vulnerabilities found and many more. Some say only this could be a full time job in itself. Nevertheless it pays to be informed at all times. Below are a few recommendations for anyone trying to enter this field, all based on my personal experience.

- Learn both Windows and Linux. Regardless of which you emphasize on, you should learn at least the foundations of the other one. You should have a basic understanding of both OS's security mechanisms and how they might behave given the same situation. Also knowing the pros and cons of using one over another helps a lot.
- Get a good understanding of TCP/IP. No matter what your role is, you need to know TCP/IP. By reading the exam objectives I think Network+ will suffice, however I recommend CCNA, as I feel it goes a little further. Anything above CCNA knowledge will most definitely help but it's not a requirement.
- Learn the basics of security. Either by studying for Security+ or individual reading from other sources. Read Hacking Exposed 7 . I highly recommend this book, it should be a requirement for any security oriented role (although I think everyone in IT should read it). The only caveat is that you should already know a few security concepts before reading it, as it might be hard to digest for a beginner. Don't worry if you need to read it twice, it will probably help you. Another book I found useful is The Basics of Hacking and Penetration Testing
- If you have the possibility and prefer a more structured approach you could sign up for a course. I've enrolled in PTPv3 by eLearnSecurity when it was released. Although I didn't go through their certification process, the knowledge accumulated from their course is very valuable, especially if your end goal is pentesting. You should benefit from it even if you don't want a pentest career. In the near future I plan on reviewing the material and start the certification process.
- Read blogs, research papers etc. Daniel Miessler's blog is very useful, especially his post on InfoSec Interview Questions.
- Never stop reading / learning. I can't remember if I read it here or heard it from a training video but there's a quote I came to love. "Luck is what happens when preparation meets opportunity." by Seneca.
- There's probably more but this is all I can think of right now.

Thank you again and good luck to you all !

Comments

  • Khaos1911Khaos1911 Member Posts: 366
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Congrats! As a side note, I find your English to be pretty good.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    Congrats and great advice for others as well.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Congrats on the new role!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • MeanDrunkR2D2MeanDrunkR2D2 Member Posts: 899 ■■■■■□□□□□
    Congratulations, and as others have stated, your English is very good. I know many native speakers who cannot write English as well as you do.
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    That's awesome! Congrats!
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • 5502george5502george Member Posts: 264
    Sweet! Congrats.
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    Congrats on the new role!
  • anoeljranoeljr Member Posts: 278 ■■■□□□□□□□
    Congrats on the new job! Hope you find it fulfilling!
  • jonenojoneno Member Posts: 257 ■■■■□□□□□□
    Congrats and good luck on the new job.
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Congrats! I'm starting my first full infosec position next Friday too, very excited. There really are a lot of great renounces on this forum. The threat you linked in your post is one of the ones I went over here, very helpful.

    Another thing I have posted here before, but is worth repeating. Be very aware of the current big, public secure threats in the news right now. I went to my final interview a few weeks ago, less than 2 weeks after ShellShock hit the news. They told me they were also trying to also hire a Sr level security analyst. They asked him about current threats, big things in the news, anything interesting, etc? He was currently working as a Sr Security engineer too, he had never even heard of it, and at that point it was already on Yahoo and CNN, so "normal person" news. They said it just showed a general lack of passion or ability to keep up on current trends in your career.
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Congrats to both of you on your new positions!
    Working on: staying alive and staying employed
  • coffeeluvrcoffeeluvr Member Posts: 734 ■■■■■□□□□□
    Congratulations!
    "Something feels funny, I must be thinking too hard. - Pooh"
  • ItrimbleItrimble Member Posts: 221
    Congrats on the new position.
    Goals for 2015 : Finish BS Network Administration at WGU
    Become CCNA, CISSP, CEH, VCP5-10 Certified
    Possible Start Masters in Information Security
  • MSP-ITMSP-IT Member Posts: 752 ■■■□□□□□□□
    I came to say that I was also impressed by your English speaking ability, but it looks like it's been said a few times already.

    Congrats on the new job!
  • ZoovashZoovash Member Posts: 84 ■■□□□□□□□□
    Thank you a lot! This is a great community to be a part of.
    Most of my English speaking / writing fear comes from the fact that I never really had to use it :) But that's all going to change now, since my manager / teammates are not locals.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Congrats! That's what I want to do, I want out of the sysadmin hell!
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • LinuxRacrLinuxRacr Member Posts: 653 ■■■■□□□□□□
    Congrats, and thanks for the nuggets of info!
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
Sign In or Register to comment.