Job Search Questions. I have 2 certs, but 0 expereince (Need Advice)

bkhayesbkhayes ■■■□□□□□□□Posts: 39Member ■■■□□□□□□□
Hello everyone.

basically - I'm having some confusion. maybe somebody who knows alot can help. I live in Silver Spring, Maryland.

I have a bachelors (4 year) in Information Systems & Decision Sciences.

I have a security + cert and i just earned the GIAC GCIH cert. and i took the Sec504 class too - but to be honest. i have zero experience.

I have my information on monster.com & dice.com and i have a updated linkedin profile i also am looking thru clearancejobs.com

i found this SANS 2014 Salary Survey.

https://www.sans.org/webcasts/2014-salary-survey-state-security-professionals-today-97735?utm_source=offsite&utm_medium=text-ad&utm_content=PR_SalarySurv2014_wc_043014&utm_campaign=Webcasts&ref=157920

https://www.sans.org/reading-room/whitepapers/analyst/cybersecurity-professional-trends-survey-34615

but my main issue is this. basically i think its a bad idea to sit around and wait for jobs to come to me, i feel i need to apply for alot of positions.

I'm using monster & dice.com and i'm searching in my zipcode under words like

"incident handler"
"forensics"
"audit"
"security analyst"
"Systems admin "

and i basically keep finding jobs that require 2-3 years experience, special security clearance, and other types of certs i don't have at the moment.

am i searching in the wrong places? i keep hearing about how how recuiters are looking for people with certifications or that there are bots the search for key words in resumes...

but what i'm doing wrong - am i looking in the wrong places. when i see stats like this...i get confused....

how should i apply for jobs?

02_zpsvezwbmxr.jpg




01_zpsvdyhujyw.jpg

cybersecurity-professional-trends-survey-34615-21_zps59gmotp1.jpg

Comments

  • NetworkNewbNetworkNewb Posts: 3,261Member ■■■■■■■■■□
    I'm guessing a InfoSec job with zero experience is very few and far between. Kind of put "the cart ahead of the horse" here from I'm reading. (Getting a bunch of certs before getting any experience)

    Really need to get some (any) IT experience imo. Interested to hear what someone with more experience than I says though.
  • fuz1onfuz1on ■■■■□□□□□□ Posts: 961Member ■■■■□□□□□□
    Infosec is kinda an advanced area where you need to have some specialized expertise in other areas of IT to get into the entry-level positions. I have some experience in IT (enterprise admin/cloud migration) and it's still hard to find interviews. BTW, I only really started getting certifications last year to validate my skills. Experience always trumps certifications.

    Try to get a HelpDesk/Support Specialist job or NOC technician - you'll learn a lot and get to where you want more quickly.
    timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
    Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
    If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
    The only real failure in life is not to be true to the best one knows. - Buddha
    If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
  • H3||scr3amH3||scr3am ■■■■□□□□□□ Posts: 564Member ■■■■□□□□□□
    As with what fuz1on said, you could also look for volunteer positions, to add experience to your resume, something like hackersforcharity, or your local churches may need some general IT assistance from time to time.
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Posts: 337Member ■■■□□□□□□□
    Agree with what others here are saying. That and location. You are in Federal central. That is Clearance central.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • 5ekurity5ekurity ■■■□□□□□□□ Posts: 346Member ■■■□□□□□□□
    SOC / NOC or start off entry level in consulting.
  • fuz1onfuz1on ■■■■□□□□□□ Posts: 961Member ■■■■□□□□□□
    H3||scr3am wrote: »
    As with what fuz1on said, you could also look for volunteer positions, to add experience to your resume, something like hackersforcharity, or your local churches may need some general IT assistance from time to time.

    I found volunteer positions on LinkedIn for Good (UI/UX consulting/Full Stack Development - OAuth/SSO) and at my local public library (Tech Mentor/Social Media - Physical security, library procedures, pass background check!) that helped me gain "free" experience. Good luck!
    timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
    Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
    If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
    The only real failure in life is not to be true to the best one knows. - Buddha
    If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
  • beadsbeads ■■■■■■■■□□ Posts: 1,442Member ■■■■■■■■□□
    I'd like to see these CSO types with 0-3 years of experience! icon_lol.gif

    Yeah, security acts more like an apprenticeship than even traditional IT has in the past. Look for a SOC position, particularly second or third shift as the number of applicants may be lower. But oftentimes they can be difficult to find and in high demand by employees - believe it or not.

    Security help desk positions may or may not be available in your area. Last but not least open your search up to other areas of the country. Yeah, it may not be your ideal locale but California isn't at all for me, either. Doesn't stop me from occasionally considering a pitch to other areas. Have nothing against California save that its not for me. Save your rocks, ok?

    Since security wants more experience than certs again (really its changing with the number of zero experience people with certs come into the field) you may look for a junior administration position where you can learn some security and more importantly business skills. Its the lack of business awareness that kills most IT and Security people's careers than anything else. Not the technical skills. Once your into a position like that start looking for ways to apply your burgeoning security skills. Write your accomplishments down - then add to your resume.

    - b/eads
  • zxshockaxzzxshockaxz Posts: 108Member
    beads wrote: »
    I'd like to see these CSO types with 0-3 years of experience! icon_lol.gif

    Yeah, security acts more like an apprenticeship than even traditional IT has in the past.
    Its the lack of business awareness that kills most IT and Security people's careers than anything else. Not the technical skills.
    - b/eads

    My CISO has told me damn near those exact words on an almost daily basis. To anyone looking to get into the security world, take that advice to heart.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,437Admin Admin
    beads wrote: »
    Yeah, security acts more like an apprenticeship than even traditional IT has in the past. Look for a SOC position, particularly second or third shift as the number of applicants may be lower. But oftentimes they can be difficult to find and in high demand by employees - believe it or not.
    This is very true. With the constant appearance of major security events in the media in 2014 (thank you Brian Krebs), many companies are looking to staff IT security people 24/7/365. Finding experienced SOC personnel that are willing to work 3rd shift and even weekends is very difficult, so more junior people are being taken on in these roles. Managed Security Service (MSS) providers are also in the same situation looking for odd-hours personnel to train on day shift and then relegate to the non-business hours when the serious attackers are most active.

    It's a good time to have both a Security+ and a CCNA (and maybe a CEH) and some sysadmin or netadmin experience under your belt if you want to try SOC work as the start of your InfoSec career.
  • GorbyGorby Posts: 141Member
    I lived in your area for a few years, you should try looking for government contract opportunities for junior systems admin or NOC/SOC roles. PM me if you have more questions about which companies.
  • chickenlicken09chickenlicken09 Senior Member Posts: 509Member ■■■□□□□□□□
    JDMurray wrote: »
    This is very true. With the constant appearance of major security events in the media in 2014 (thank you Brian Krebs), many companies are looking to staff IT security people 24/7/365. Finding experienced SOC personnel that are willing to work 3rd shift and even weekends is very difficult, so more junior people are being taken on in these roles. Managed Security Service (MSS) providers are also in the same situation looking for odd-hours personnel to train on day shift and then relegate to the non-business hours when the serious attackers are most active.

    It's a good time to have both a Security+ and a CCNA (and maybe a CEH) and some sysadmin or netadmin experience under your belt if you want to try SOC work as the start of your InfoSec career.

    JD, do you think SOC roles are the only roles someone starting out in info sec can get? I am trying to land an "information security analyst" role.
    I have several years exp already in network admin/support. Is it possible to skip the SOC role? Nothing against it i just think the info sec analyst role would be more interesting.
  • mjsinhsvmjsinhsv Posts: 167Member
    @bkhayes.
    Take the Salary surveys with a grain of salt.
    They are usually used as a selling tool to bull$hit people into believing they can make 100k if they only take their over priced training classes.
    You should start applying anywhere and everywhere in IT and take anything to start getting some experience.
    Start from the bottom and work your way up.

    Having the technical knowledge in IT is only a small part of actually making a career in IT.
    You need to understand customer service , business management and working in a team environment in general.
    Develop people skills . Learn NOT to roll your eyes at the stupid end user who forgot their password or can't print their documents.

    The SEC+ meets the DOD 8570 entry level requirements.
    If you are in the DC metro area you should be able to get a entry level position with one of the many contracting companies.
    If you have a clean record and no credit problems, you should be able to get a security clearance.

    The BS degree and GCIH will help you move up into the higher paying security positions once you get some experience.
    Business's don't normally promote someone into a position of trust until they have proved that they can be trusted....besides Target and Home Depot..of course.
Sign In or Register to comment.