Best career decision for security

Launchpad

Hi everyone,

I'm looking for some career advice. I'm a recent graduate with a BBA and between my current job and some internships I have about 2 years of IT support experience. The company I'm working for currently has offered me a position as a security analyst. This is a smaller company of about 450 employees which owns a large hotel, a minor league hockey stadium, and several retail outlets and restaurants and would be the first time they've ever had a security-focused role. It's a diverse role that includes all aspects of the organization's security but a good chunk of it would be compliance-based (PCI).

I've also received an offer from Google to work in their ITRP (IT residency) program. This is a 26-month IT support role, and I would be eligible to apply for other jobs internally within 18 months. Depending on where I get assigned I could also have the opportunity to do some work with teams within Google. However the program doesn't start until June or August depending on the location.

So pay, benefits, location and everything else aside, I'm trying to figure out which one would be better for someone who wants to get into infosec. Obviously the position with my current employer is a lot more relevant in the short-term, but long-term working for Google could open up a whole world of possibilities in the near future. Google also has available a great wealth of knowledge and people who could mentor me, but with the other position I would mostly be learning on my own.

Thanks in advance for your thoughts and opinions!

BlackBeret

So what you're looking at is your resume having "security analyst" or having "google" on it? Honestly I wouldn't pass up Google. That might just be me, but it seems to me that they have so many internal opportunities that you could change roles/jobs/titles/duties/etc and never have to leave the company. If you do leave the company I imagine saying "I worked for Google" would open a lot more doors.

Something else to consider is that if it's the first time they've had a security focused role and you haven't done a ton of security and compliance work they could easily decide they don't need the role, or that you aren't what they're looking for, etc.

I'm in a security analyst role and would gladly leave for Google.

H3||scr3am

I'm not a fan of the PCI compliance check box game, I'd go for Google myself in a heartbeat....

MeanDrunkR2D2

Not sure if anyone else has said this, but definitely jump at the Google opportunity. Many of us would kill to be in a position to work for them, and it sounds like the internship/role they are hiring for they have plans for you to be there long term and to grow within the company. Short term, yes the local company may get you that title and role initially. But if for some reason it doesn't pan out, or they decide you aren't seeing the same vision that they want you could be out of a job in a few months. Google sounds like they have a longer term plan for you. So get in there, bust your tail and work hard and become one that they can rely on and you will have pick of anything you want to do wherever you want. And since you are young enough, you can move around if needed for Google and not have to worry about uprooting a whole family for your career path early on.

Launchpad

Thanks for the replies.

The only thing keeping me from jumping on the Google train is that it's really just a level one helpdesk position with a fixed term. Entry-level security jobs are rare and very competitive so it's difficult to pass this one up, especially since this company places a lot of value on training/development and pays for certifications (starting with the PCIP which isn't cheap!). I know the executives here fairly well, and they are definitely on board with increasing focus on security so I think the risk of them deciding they no longer need the role is fairly low.

shodown

i think your opportunities for security roles after google would greatly increase. People will figure if you can cut your teeth at a world famous organization you can work for them.


Also you will have access to some of the smartest folks in the business that can create way more opportunities than a no name company with a security title.


The only reason I passed up on google years back was that I had an offer in hand, and didn't wanna go through loosing out on a pretty great job. If had to choose I would have chosen google in a heartbeat.

Launchpad

shodown wrote: »

i think your opportunities for security roles after google would greatly increase.

Definitely! But on the other hand, I have an opportunity right in front of me. We also have a vendor (smaller company of 40-50 employees) specializing in IT security and pentesting who has expressed interest in hiring me after I've worked here for a few years. Working alongside them in this capacity would let me show them what I'm made of.

If I take the job at Google I wouldn't be able to start until June or August, and would be working in my current helpdesk-ish role until then. Taking into account the minimum of 18 months before applying for internal jobs, I'm basically confining myself to helpdesk for the next 2 years and will be 25 before I even have a shot at getting into security again.

EDIT: it should also be noted that there's a possibility of getting into the Google residency program for NEXT year, which would give me 1.5 years in the local company's security role before starting with Google.

N2IT

Stay at Google until you get fired or make CEO.

Cyberscum

Launchpad wrote: »

Definitely! But on the other hand, I have an opportunity right in front of me. We also have a vendor (smaller company of 40-50 employees) specializing in IT security and pentesting who has expressed interest in hiring me after I've worked here for a few years. Working alongside them in this capacity would let me show them what I'm made of.

If I take the job at Google I wouldn't be able to start until June or August, and would be working in my current helpdesk-ish role until then. Taking into account the minimum of 18 months before applying for internal jobs, I'm basically confining myself to helpdesk for the next 2 years and will be 25 before I even have a shot at getting into security again.

EDIT: it should also be noted that there's a possibility of getting into the Google residency program for NEXT year, which would give me 1.5 years in the local company's security role before starting with Google.

Sounds like you made your choice.

Launchpad

Cyberscum wrote: »

Sounds like you made your choice.

I will admit I'm leaning towards staying where I am, but I still really want to get opinions from some folks that have been around in the industry longer than I have.

Cat5

Google is one of the best companies in the country to work for, as far as opportunities, pay, and perks go. If you were to go to work for them, I think you could rest assured that you'd never change employers again.

Launchpad

Cat5 wrote: »

Google is one of the best companies in the country to work for, as far as opportunities, pay, and perks go. If you were to go to work for them, I think you could rest assured that you'd never change employers again.

Well I don't know about that... only 60% of those who complete this program stay at Google (or so I was told by the interviewers). I'm sure there will be plenty of jobs internally that I'd have a shot at after completing the program, but the question is whether any of them will be security-related? I have a friend of a friend who works in leadership for security at Google, and I hope to hear from her tomorrow.

Kinet1c

Google sounds great but is it directly for Google or through one of their contracting firms? I got a request recently via LinkedIn for a job through their contractors and after reading the reviews on GlassDoor, I decided not to even talk to the recruiter as the reviews were just so poor. Thread carefully.

Launchpad

Kinet1c wrote: »

Google sounds great but is it directly for Google or through one of their contracting firms? I got a request recently via LinkedIn for a job through their contractors and after reading the reviews on GlassDoor, I decided not to even talk to the recruiter as the reviews were just so poor. Thread carefully.

This is for sure a direct position with Google, not a contractor.

I officially got the offer today and the pay is 50% higher than what I would make here.

I only have until the end of the day to decide.

tpasmall

IMO it would be stupid not to go with Google. They are a giant among giants. You could not have a better foot in the door.

Khaos1911

So You get to work for Google and get paid 50% more than whatever you make at your current gig? Dude, hop on that Google train. There's no telling what kind of opportunities could be presented with a company of that size and stature.

Launchpad

I think you guys are right... while both are great opportunities, Google offers a lot more in terms of training and development which is really important to me. There is certainly something to be said for a company whose resources allow you to learn pretty much whatever you want in the IT world.

philz1982

This guy was a Security Ninja at Google. I've met him, he's a sharp guy and he's doing quite well for himself in his early 40's.

https://www.linkedin.com/pub/billy-rios/3/a7a/5b1

Launchpad

philz1982 wrote: »

This guy was a Security Ninja at Google. I've met him, he's a sharp guy and he's doing quite well for himself in his early 40's.

https://www.linkedin.com/pub/billy-rios/3/a7a/5b1

Wow, that guy has quite the resume... impressive.

Anyway the more I think about it, the more confident I am that I made the right decision. August can't come soon enough. Thanks everyone!

GreaterNinja

My gf was a intern at google for 3 months. At 22, she then left google, got her CCNA then took a Network Engineer job for over 100k/yr + benefits. Now, she is going back to Google as an ITRP for far less money because Google is her dream workplace. With that all being said, one has to sometimes qualify the experience on a resume over the quantity of dollars being offered at a job for best position in the long-run.

watermelonss

^^Recently came across this thread...

So say your girlfriend kept her 100k/yr job instead. In the long run, wouldn't she be making more? If one simply does help desk at Google for 2 more years, wouldn't that in the long run confine one to help desk forever? If you always work help desk, it will be hard to get out, right? I mean, the ITRP is sort of different than a software engineering role @ Google. What are your thoughts?