Where should I expect to land in Information Security and how?

krucial85

Hello everybody. I've recently joined this forum and thought I'd seek some help/advice once again. I am an Army officer and I retire next year in January. I've passed the Security+, SSCP and CISSP exams within the last 12 months. I have some experience in IT as I was in the System Engineering Development Program at EDS (1989-1991) and worked as a system administration and information security engineer for The Associates (1995-2001) until I got laid off and went back to the Army. I have an A.A.S. in Computer Science, B.A. in Latin American Studies and an Executive M.B.A. I've asked about the level of job that I can reasonably expect when going back into Information Security and a possible salary range but I'm not really sure about how to go about "getting in". I'm also not sure if I'm better suited at this point to go into management/GRC or pursue the technical avenue. I live in Texas and would like to work there or at least be based out of Texas.

lsud00d

There are tons of infosec jobs in Austin and San Antonio. Also, Dallas/Ft. Worth and Houston aren't too far away either.

What was the last time frame you worked in a professional capacity? What is the extent of your technical skills? What is the extent of your PM skills? Do you have active Secret/TS?

Most importantly, what do you like/want to do?

Your certs and degrees are very powerful for the field and on the surface I don't see any reason why you'd have any issues jumping into an infosec role, however my preceding questions will help gauge at what level you would enter as.

krucial85

The last time I worked in an IT professional capacity was in 2001. I don't have any "current" technical skills because I've been in the Army for those years. I have done a little site administration and web page development while in the military but I feel comfortable that I could "pick/learn" any technical skill if given the opportunity. I've managed military projects but I haven't managed any IT projects. I am considering getting PMP certified. My TS clearance recently expired in June of last year because I am no longer in a position that requires that clearance. I think that I would like to get into IT management but I'm not real sure because I've been away so long. I do like the thought of applying Infosec technologies in an environment.

IIIMaster

You have to dust of your resume and apply again. If I was you would target jobs that seek a security clearance or civilan jobs within the military. You have the degree, cents and expereince so you should be fine.

Danielm7

IIIMaster wrote: »

You have to dust of your resume and apply again. If I was you would target jobs that seek a security clearance or civilan jobs within the military. You have the degree, cents and expereince so you should be fine.

For project management he he has the experience, but not for technical infosec roles. The CISSP is great but if you haven't had a technical role in 14 years it's effectively starting fresh. I'd look into PM type work if you can leverage that type of work you've done in the army for your resume.

Actually, looking at your profile now you don't have a CISSP, you have an associate of isc2, so the CISSP without the experience, so you can't even list the CISSP on your resume from what I understand.

anhtran35

U have a CISSP and Clearance??? 6 figures and above depending on location. Congrats.

krucial85

Well if you consider my past experience I believe I do have the experience needed for the CISSP and I just have to submit the paperwork to get the endorsement. I'm going to try it and see.

zxbane

Work on submitting the application for endorsement and see if you can qualify for the CISSP title. From your opening post I think like others, you definitely should aim for a more management oriented role or PM type of work. Not having been in a technical role for so long you will be starting out from scratch.

da_vato

I'm curious to know about your actual experience in the army. I have helped several soldiers separating to find jobs and in some cases hired them (all with varied IT experience). I know in the military you have a very broad experience that does not entirely/exactly line up with civilian positions and I can help you bridge that gap.

I was a S6 NCOIC who spent most of his career in an infantry role; I did IT when I wasn't deployed and infantry when I was (plus when we were training to deploy). As you can tell I had to be crafty when I was setting up my resume to be relevant and accurately reflect my skills.

Have you been to ACAP yet? They should help you to build an initial resume, then this forum can then help you refine it with an IT flavor.

Note: If you've previously held a TS that will make it easier to obtain one again.

krucial85

I'm an Infantry guy too (hooah!). The "IT" things that I've done over the years consists of building internal web sites, overseeing SA training and being a SharePoint site administrator for my unit portal. I haven't gone to ACAP yet but I did attent the resume training after my last deployment.

marcarthur87

what resources did you use for your CISSP? i failed the exam yesterday (03/09/15) 653 points. help would be appreciated.

krucial85

I used the CISSP study guide: [h=2]CISSP: Certified Information Systems Security Professional Study Guide[/h][COLOR=#555555 !important]Jul 8, 2008[/COLOR][COLOR=#555555 !important]by [COLOR=#555555 !important]James M. Stewart and [/COLOR][COLOR=#555555 !important]Ed Tittel

I addition to that I studied using the Skillport CISSP curriculum. It was a fairly intense exam (3 1/2 hours to complete) but learning enough to pass the exam is VERY attainable.[/COLOR][/COLOR]

SaSkiller

Why did you do the SSCP and the CISSP in the same month?

krucial85

I initially started studying for the CISSP but I got advice that I should try attempt the SSCP first. So I was about 80% finished with studying for the CISSP but was afraid I would not be able to pass it without completing the SSCP first. I do believe that studying the SSCP helped me because the material IS a subset of what's covered on the CISSP exam.