Career change at 30...

harbin_nick

-Hey lots of information on this forum, thanks.
-So I need a career switch, and I'm interested in information security.
-Currently I'm 30, with a B.A. in Russian. I've been teaching ESL in Asia and Russia for the last 8 years. I plan to return to the USA with my Chinese Wife in 2016.
-My questions are as follows
1-I plan to take an AA in Information Security at my local (Delaware) community college, so as to get some experience. I will also take the A+ and Network+ exams this year on my own (2015). Most likely I will take the exams in Hong Kong. I will get some transfer credits of I do this, and pass.
2-Is there any way to combine Russian with Information Security? I have no security clearance, and I can't pass a military physical (asthma, neuropathy). I also have some Chinese, and could improve it.
3-I have years of teaching experience, all ages, and passed a CELTA with the A, so should I consider working as a trainer after getting a few years of IT experience, since in theory, the two skills (ITand Education) overlap.
4-I have NO IT experience, and I intend to study on my own in 2015. I will be taking some online classes as well...
5-How screwed does spending a decade abroad make me in getting a security check? And having a foreign wife?
-I see a lot of threads on changing careers, and have read over them.

bhcs2014

You don't need a necessarily need a clearance to do security work.

Are you going to dtcc? If so, I've taken several IT classes there if you want to know anything about the program.

Can't answer your other questions, hopefully someone can help you out with those. Oh, and welcome to the forum

harbin_nick

-Yes, I'm going to be going to del-tech mostly because of the cost, as well as the location. I'm looking at the information security program. All the 'extra' classes, like college English and writing shouldn't be an issue since I have a B.A. already. What's your take on the programs? They sure are cheap. I'm more interested in the IT security side of things (living in China, the IP piracy capital of the world) than network admin, but both programs look interesting.
-The program director said that the IT security program would map to security+. He said they have a linux/unix base, and some microsoft (MS sever?). I'm also interested in CISCO certs, so I might do that on my own.

bhcs2014

Are you going to the Wilmington Campus?

LeBroke

Keep in mind that infosec is generally a very senior field. Most positions don't even start for less than $75k and require credentials to match other $75k jobs. I.e. 5+ years work experience, certified inside and out, general IT experience in whatever environment is important to the company. Plus, supply of people who want to be pentesters seems to be ever increasing, especially if this board is any indication.

Master's in infosec is generally for people who have been in the field for a while and want to validate their skills, or people who are just at the cutoff point for infosec work, and need the extra push to get them hired. Or admins who want to go up a paygrade.

harbin_nick

-I'm certainly not young enough, crazy enough, or naive enough to think I'm going from tech school to 75k a year senior IT jobs...In fact I'm pretty much hoping on making 50k...after a few years. I've got a brother-in-law with two kids, sister is a house-wife and PT tutor, who was making 27k as a school teacher (yuck.)
-I guess the thing is I'm quite interested in the geopolitical side of things, as much or more than the technical side, but can't really figure out how it works. You can't exactly waltz into an embassy and say "I speak Russian can I be a spy." I planned on joining the navy after I graduated, but failed out on my medical records at the recruiter's office. Since then I bummed around Asia and Russia teaching ESL and I've done ok, but I've capped out on salary (I make double what a Chinese person does with the same job.) Even though I have a nice standard of living, I can't raise a kid here, and could never afford a house here. It costs over 100k for a unfinished one bedroom concrete box in Harbin, and that is out of the center.

harbin_nick

bhcs2014 wrote: »

Are you going to the Wilmington Campus?

Yeah, no slower lower...

LeBroke

You might be better off trying to leverage Russian or Chinese to a major multinational company like Samsung or IBM.

Whatever degree you get, be prepared to make $30-35k for 1-2 years if you don't have any experience, most likely doing helpdesk work ("Hello, this is IT, have you tried turning it off and then back on again?"). A couple of languages might actually be a good asset for lower-level work, depending on the area. At least in Vancouver, a white guy that speaks Chinese might be extremely useful for Chinese companies who want a white face but where everyone is Chinese.

Russian.. not so much, anyone that does IT work in Russia speaks English anyways, anyone who doesn't, won't be interacting with English speakers.

Cyberscum

First, I would ask why information security?

If you can honestly see yourself in an INFOSEC role for the right reasons (not just money) then I say go for it. There are plenty of entry level gigs in INFOSEC and plenty of agencies that are willing to train people to do the job. 30 is not old at all, you figure you still have another 25-30 years of work you can do in the field. As far as a clearance with your background….As long as you are 100 percent honest upfront with all of your foreign relationships and financials you will be fine. It may be a veryyyyy looonnnnggg process, but doable. Good luck!

Danielm7

LeBroke wrote: »

Keep in mind that infosec is generally a very senior field. Most positions don't even start for less than $75k and require credentials to match other $75k jobs. I.e. 5+ years work experience, certified inside and out, general IT experience in whatever environment is important to the company.

Yep, LeBroke isn't saying you'll be applying for a Sr level position, but that many/most infosec jobs, even starting, are more Sr level than many other areas of IT. The idea of having to understand all the stuff you're trying to secure comes into play here. By that I mean if you don't understand networking and servers are you going to be able to advice people on the best way to secure them? Same goes with firewalls, etc. I know some people here say there are plenty of entry level security positions but I've never seen them. I've typically seen what people call entry level security around here as 3-5 years in other areas of IT + certs and security knowledge and even then its a hard sell.

Being 30 or spending 10 years doing other stuff doesn't screw you at all, but not having any other IT experience is the issue. As for the other languages it might help in very specific situations with a few companies but overall I don't see it helping much. I'm not sure how the nationality of your wife has anything to do with anything unless you're thinking it might come into play for security clearance, but without a military background I wouldn't even bother looking at those jobs that require it.

LeBroke

Danielm7 wrote: »

Yep, LeBroke isn't saying you'll be applying for a Sr level position, but that many/most infosec jobs, even starting, are more Sr level than many other areas of IT. The idea of having to understand all the stuff you're trying to secure comes into play here. By that I mean if you don't understand networking and servers are you going to be able to advice people on the best way to secure them? Same goes with firewalls, etc. I know some people here say there are plenty of entry level security positions but I've never seen them. I've typically seen what people call entry level security around here as 3-5 years in other areas of IT + certs and security knowledge and even then its a hard sell.

Yep, exactly. It's something like school system administration. You don't study to become a vice principal, and you don't even get an administrative role after your Master's. Instead, you become a teacher first, and then, if your career takes you in that direction, become a vice principal after some years.

The closest to entry level I've seen is basically a SOC monkey ($50k/yr 5 years experience required). The job itself was basically monitoring intrusion detection/intrusion prevention software and going over logs to see hack attempts or abnormal/unauthorized access to stuff. Most people I see in infosec are in senior (usually sole) positions at a company (i.e. you have your teams of system admins and network engineers, you have your support staff, and you have one information security officer), and they tend to revolve more around user policies or regulation compliance than actual security. Alternatively, you work as a pentester (or the same policy/compliance guy) in an external auditing firm.

Half of these dudes are either former higher paygrade systems/network engineers, or reformed hackers who wanted to turn it into a legal career instead of selling intel to rival companies or credit card numbers to the mob.

Cyberscum

^
I personally know more than 5 people that started in INFOSEC with NO exp. OP if you have the drive you will get a job. There are far too many people in INFOSEC that have tonz of exp and NO drive anymore. I would hire someone excited about thier job more than I would someone with a ton of knowledge on the cusp of burnout.

LeBroke

Yes, but did they have any other IT experience? Or were they random people with a diploma in networking or something?

pevangel

The people that I've seen that made it into INFOSEC with absolutely zero IT experience were college students who did internships. They were brought on full time after they graduated.

OP, see if you can do an internship while attending DTCC. I had a guy in my class when I was attending a community college who got an internship at DISA.

harbin_nick

-Thanks again for all the replies.
-As I mentioned, IT is 'just a job' for me. I've never been a guy who eats, sleeps, and breathes computers. That said my father is a Director of Information Systems for an aviation company, and we grew up with computers, even in the 80's. On the other hand, I am interested in the 'cyber-warfare' side of things, and have been an avid reader of intelligence news, and geopolitics (Foreign Affairs, FP, Jane's etc.) I should be clear that I like working.
-So it seems I should be looking for a very entry level IT job while I am going to school. Based on what I've read that would be help-desk or being a technician. After 2 years of thatm and a degree one would move into network/systems admin, and after that one would go into actual security.
-What it be a fair comparison to say IT security to Networking is a specialist compared to a GP?
-Is tech school considered experience? Or only education? Or both?
Again thanks for all the infro.

LeBroke

harbin_nick wrote: »

-Thanks again for all the replies.
-As I mentioned, IT is 'just a job' for me. I've never been a guy who eats, sleeps, and breathes computers. That said my father is a Director of Information Systems for an aviation company, and we grew up with computers, even in the 80's. On the other hand, I am interested in the 'cyber-warfare' side of things, and have been an avid reader of intelligence news, and geopolitics (Foreign Affairs, FP, Jane's etc.) I should be clear that I like working.

Check with him if he's got consultant buddies that do infosec. See if you can do an internship for them, etc. Ironically, that's what I've done, even though I'm advocating the "security is a senior role" aspect. That said, pentesting aspect of security does to an extent imply earting, sleeping and breathing computers. If you're looking for just a job, you're better off focusing on auditing and compliance.

-So it seems I should be looking for a very entry level IT job while I am going to school. Based on what I've read that would be help-desk or being a technician. After 2 years of thatm and a degree one would move into network/systems admin, and after that one would go into actual security.

Basically, yes.

-What it be a fair comparison to say IT security to Networking is a specialist compared to a GP?

More like, both are specialists. A GP is a jack of all trades kind of guy. Like a systems admin at a small/medium business, who does a little bit of everything.

-Is tech school considered experience? Or only education? Or both?
Again thanks for all the infro.

Only education. Unless you also do an internship at the same time, or work at a computer parts store. You usually won't get part-time helpdesk, as it's considered an entry-level career job.

anhtran35

"How screwed does spending a decade abroad make me in getting a security check? And having a foreign wife?"

Oddly enough you seem to have the same credentials as my former IT Manager. He has a Master in Russian from FSU. Worked in the Army a few years and became an IT guy. Then actually taught Microsoft certifications classes from his school in Colorado. Recently, he got re-married to a Brazillian lady. Unfortunately, it's been 2 years and he still hasn't gotten his clearance. We are not sure what the issue is. However, he is doing very well working for a govt agency as a Senior System Administrator and PT as an IT Manager for my previous company.

anhtran35

LeBroke wrote: »

Yes, but did they have any other IT experience? Or were they random people with a diploma in networking or something?

I notice in the DC/VA/MD area a lot of the InfoSec jobs are 24/7. IT experience is preferred; however, if they need to staff someone on night or weekend shift they'll pick a person who shows dedication. These are entry level SOC positions.

harbin_nick

-At what level would you actually be dealing with cyberwarfare, like Chinese spear-fishing (net-traveller) and IP theft? 5 years 10 years? more?

bhcs2014

harbin_nick wrote: »

Yeah, no slower lower...

Hahaha, I'll send you a PM