Entry Level Information Security hope

Secure2015Secure2015 Member Posts: 9 ■□□□□□□□□□
Hello Tech Exams Forum and Happy New Year (2015).

I was wondering if anyone had advice for someone like I who is trying to break into Information Security. I have been applying for Security positions for three months (October 2014 to now--January 2015), but no replies as of yet. I have learned that if a person does not meet the "minimum" experience, you are by passed; which is understandable. I have my own security lab for hands on training, so I am studying as much as possible.
I currently hold three (3) college degrees (Communications, Programming, and Information Systems).

Advice please on how to get started and companies in Orange County or some parts of California that may be hiring? Thanks and I applaud all of you.

Comments

  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Do you have any actual working IT experience? Getting into security without any professional hands on background isn't easy at all. I just transitioned into a full time security position a few months ago but I was coming from a rather long sysadmin work history. Even with that, a degree, and a few security certs they told me that they saw a lot of talent but still it was a gamble without a 100% security position in my background.

    Are you finding positions that call themselves entry level or no experience required? Because in the months that I searched I didn't find anything even close to that.
  • philz1982philz1982 Member Posts: 978
    Look don't listen to this you need security in your background crap (referring to HR screeners not the previous poster). Sure it will be harder if you haven't done the job before. BUT with reading, studying, and home labbing you can work your way into a role. Every role i've ever gotten was one i had "no experience" for.
  • Secure2015Secure2015 Member Posts: 9 ■□□□□□□□□□
    Hey Danielm7, Thank you for your reply. Yes, I have been working in Information Technology for ten (10) years. I am tired of the Help Desk, Desktop roles. I have worked really hard, but realized that I am in a dead end field when it comes to Helpdesk (Service Desk) or Desktop. I am pretty much tired of it (Helpdesk and Desktop).
    Congratulations on your transitioning.
    I have not come across any Entry Level or no experience positions. I have just been applying for them all (Analyst, Cyber, etc), but I back away from those that require a minimum of four (4) plus years. I know I am not at that level yet. Also, I have searched so many IT search engines like Dice, computerworld, indeed, simplyhired, JustTechjobs, etc, but still nothing for Entry or no experience.
  • Secure2015Secure2015 Member Posts: 9 ■□□□□□□□□□
    Hey philz1982. Thank you for your reply. It seems as though majority of requirements are asking for the CISSP, which is fine, but for someone like I, I would think that in order to get the CISSP, you need a certain minimum years of I.T. Security already under your belt. I could be wrong. I am currently working for my Linux+ and will then look into CISSP "blindly" in hopes of passing.
  • philz1982philz1982 Member Posts: 978
    I passed the CISSP and used my network and physical security background to qualify me for 5 years. You can pass the CISSP and have the associates of isc2 cert. Also I would recommend the CCNA cert so you understand the network stack. Then go for CISSP.

    You can do pro bono risk assessments or PT's for non profits and use that as experience.
  • Secure2015Secure2015 Member Posts: 9 ■□□□□□□□□□
    philz1982, Thank you for information. Really appreciate. I believe I will just go ahead and start studying for the CISSP.
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Secure2015 I'm not trying to stomp on your dreams or anything, I'm giving you my personal, and very recent experience in the same situation. If you don't have any previous IT experience I'd try to get some sort of background because every security position I've seen required it. I didn't say you needed 5 years in security, but you should understand networks, servers, users, etc, without anything but a lab that is hard to get and even harder to convince others that you can do it.

    Also, the CISSP exam without the experience doesn't get you a CISSP,
    https://www.isc2.org/how-to-become-an-associate.aspx
    it gets you the Associate of (ISC)² which isn't going to mean much with most HR departments until you get the full CISSP requirements fulfilled.
  • ramrunner800ramrunner800 Member Posts: 238
    Danielm7 wrote: »
    Also, the CISSP exam without the experience doesn't get you a CISSP,
    https://www.isc2.org/how-to-become-an-associate.aspx
    it gets you the Associate of (ISC)² which isn't going to mean much with most HR departments until you get the full CISSP requirements fulfilled.

    I believe it gets you DOD compliant, which in certain sectors is what HR is looking for. That said, I'm not sure CISSP is the best application of effort, because positions seeking it will most likely be somewhat senior.

    As to the OP's question, I recently started an entry level security position in CA with a background similar to yours, but I looked for a long time. Once I got CEH, I had several offers. Having a lab is great, and was a major factor in the technical interviews. Certs are important if you have no experience, but only because they will get you past HR. Once you get an interview the certs could even be a liability if you don't have skillz to back them up. All of my interviews asked questions about how popular attacks work, how some of the latest vulns (Heartbleed, Shellshock) in the news work, what was running in my lab and what I did with it, and where I read my security news, among other more position specific questions. Are you excited enough about security that you stay current on the news, try those things in your lab, and can answer those types questions? If so, with a bit of luck you probably have a shot.

    It's also important to note that minimum requirements are no such thing. They are usually a wishlist, and as long as you check a significant portion of the boxes sending in a resume is worthwhile. With no experience you're hoping to get lucky and find someone willing to take a chance and teach you, so you need to increase the odds by sending your resume to anything you might reasonably be qualified for.
    Currently Studying For: GXPN
  • Secure2015Secure2015 Member Posts: 9 ■□□□□□□□□□
    Danielm7, No problem. Appreciate your honesty. As stated in my previous reply, I have 10 years of I.T. experience. I have worked at HelpDesk, Desktop, Network and a little of server. In this case, I should be good to go, just need a chance.
  • Secure2015Secure2015 Member Posts: 9 ■□□□□□□□□□
    Ramrunner800, thanks for the reply and congratulations on your new position. I am familiar with I.T. security, I just need the chance to prove it to an interviewer. When you said, "It's also important to note that minimum requirements are no such thing. They are usually a wishlist", I never thought about that. Great analogy. I will continue to push my resume out there and believe that an employer sooner or later will give me the chance to prove myself. Thanks again for your reply.
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    That's great, so yes, you have a good foundation. Some companies will be sticklers for their requirements, but they are also the ones you see looking to fill the same position for 8 months because they want the EXACT match. One tip I do have from interviewing, know the current threats that are out there, the big ones. On my final interview with the company I'm at now shellshock had just been made public about 2 weeks ago. They were interviewing security for people above my level and they hadn't even heard of it yet, meanwhile it was already on CNN and all the major news networks. They were happy that I could tell them what it was, how it worked, how to test for it, etc, meanwhile someone was interviewing for a position above me (for Sr security engineer) and he was currently working in security and hadn't heard of it yet, they told him the interview was over 15 minutes into a 3 hr planned interview.
  • pinkydapimppinkydapimp Member Posts: 732 ■■■■■□□□□□
    Yea what you need to do is start leveraging your current experience towards the security realm. So you may not have officially had a security role. But im sure you have experience that is security related. Whether its ensuring the proper access controls are in place on a server or workstation(ntfs permissions) configuring a firewall or it has to do with ensuring the workstations and servers were protected using a layered security approach...etc. Think about what you have done and what is security related and tweak your resume to speak to it. I would agree that studying for the CISSP would be helpful. It gives you broad knowledge of the security realm which at the very least would be helpful in interviews. And you may indeed already have the experience to get the credential.

    Getting in the door to security can be tough. But you will need to play up that security experience you have, lab it up at home, and keep learning. Doing this should allow you to find a way to get your foot in the door.

    Good luck!
  • lsud00dlsud00d Member Posts: 1,571
    philz1982 wrote: »
    You can do pro bono risk assessments or PT's for non profits and use that as experience.

    This is a good suggestion but for someone with no experience there's a lot to understand beyond the technical side of things, i.e. legal realm. I would tread this area lightly and perform due diligence.
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Yea what you need to do is start leveraging your current experience towards the security realm. So you may not have officially had a security role. But im sure you have experience that is security related.

    This is dead on. I didn't have a 100% security role, but I had configured and managed firewalls, did basic server hardening, setup AV and patching systems, been through all kinds of logs, etc. All of that is very important and make sure your resume points all that out vs just generic history and saying you want a job in security.
  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    this has to be one of the best threads i read for a while here.icon_thumright.gif
  • Secure2015Secure2015 Member Posts: 9 ■□□□□□□□□□
    "Thank You all" for your reply of knowledge. I truly appreciate it.
Sign In or Register to comment.