how to find a security job

i passed my security plus exam a month an half ago been applying to all these security job. but no lucky they all want like 5 year doing security. been searching for a JR security not a lot of that out there.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

GSXR750K2

For starters, never stop learning. You passed the Sec+ so now it's time to go on and do the next thing. I don't know your experience, but if you're just getting started you probably will want to look at the A+ and Network+ as those two with the Sec+ make the core of CompTIA's certs and will establish that you are well-rounded when it comes to the basics.

I say "basics" because while it's not impossible to find a job with just the Sec+, it's unlikely as it is an entry level exam...think of it as an associate's degree, and that may be stretching a bit. By hitting the other two Plus exams I mentioned you'll stand a much better chance since security and networking very often go hand-in-hand. From there you can branch out to the "bachelor's" certifications like the CCNA (Cisco), MCSA (Microsoft), or JNCIA (Juniper), depending on what you decide to get into, and from there they branch out into specialty certifications like security, email, database, etc. Sometimes studying other topics gets you more interested in another aspect of IT.

Everything you'll learn is a stepping stone to something else, and you've got to keep stepping. It is tough when an employer says they want a candidate who knows every technology and who has 100 years of experience, but often times employers put out a list of wants, and they rarely get what they want, so don't think you're necessarily underqualified for a certain position (within reason). Keep studying, keep testing, and keep applying.

slee335

i got my ccna, comptia a+, ccna voice, windows 7 configuring mctp. every job posting wants someone with 5 plus year in the security field.

orlandofl

I’m having similar problems finding a ‘real’ IT job coming from a telecommunications background. Even the majority of help desk jobs here in Orlando are asking for 2+ years of experience. I have Security+, Network+, and HDI-DST. My overall goal is to work in security as well. I’m not sure what your background is, but it would very hard (if not next to impossible) to get a security job with only Security+. I wanted to jump right into the (ISC)2 SSCP and CISSP after Security+, but the exam changed recently and there aren't really any books/video courses available yet for the changes in the exam blueprint. In the interim, I’ve decided to pursue Linux certifications (lots of security jobs require Linux knowledge) until the resources are out to study and sit the exams. Linux could make you more marketable in the security world, just a thought.

Good Luck,

Travis

slee335

i don't want to take a bunch of cert you still need the experience one of those catch 22. they going to say you got all those cert but no experience.

BlackBeret

It really just depends on your area. I relocated for an entry level security analyst position, and within a few months I started getting offers for some great jobs all over the country. It took a while to find a better position in my local area, but tons of entry level spots. I was hired with nothing more than sec+ and CEH in the beginning.

slee335

once you get a entry level security then your good. was your position called junior or entry level. the hardest part is to get your foot in the door.

BlackBeret

It wasn't labeled as either. I took a shot and applied. Prior to that I had applied to a lot of other jobs all over the country. Just keep at it and when you get a hit take it, get the experience/time, and move on to what you're really looking for.

sniffer44

you need experience to get the CISSP cert. its a requirement

tahjzhuan

I'm looking to transition into security in the near future. Currently enrolled in WGU security track, recently passed Sec+ and SSCP. My approach is to get my skills up then see what is available. The experience part could be obtained from 1st and 2nd help desks. I don't know of anyone who goes straight into security although it's possible.

GSXR750K2

slee335 wrote: »

i got my ccna, comptia a+, ccna voice, windows 7 configuring mctp. every job posting wants someone with 5 plus year in the security field.

Ah, didn't know you were already in it that far. BlackBeret has a point...my upward mobility is maxed out in my area sadly and I plan on getting out of here as soon as I (finally) finish my bachelors in the next couple of months. That was always a sticking point for me, a lot of the companies still think a degree makes someone more capable than someone who has been at it for many years. Tying the degree into what sniffer44 said, you get one year of the experience requirement waived for the CISSP just for having the degree.

To boost my experience I started doing some consulting so I could throw some real-world stuff out in an interview, and that actually landed me the job I have now (I consulted off and on for about six months and they rescued me from my other job).

slee335

there no upward mobility in datacenter in which why i'm lookin to leave . i worked at helpdesk doesn't really translate to security. closes is working at a datacenter or admin. i did alot of different job helpdesk, desktop, some admin, field tech, and noc datacenter. after all that the ones i'm most interested in desktop or admin or security

NotHackingYou

My advice to you is to get some more time as a network or server administrator. This experience will be very valuable to you once you do get into security and will help you get there.

docrice

Helpdesk (depending on the scope of responsibilities) could actually translate to security work to some degree, even if it's basic user access management. When I interview candidates, I look for 1) work experience as it relates to security duties, even if it's minor, 2) attitude and sense of ethics, 3) personal effort into furthering yourself in gaining depth in any subject domain, 4) communication and presentation, and 5) maintaining situational awareness.

Experience tends to be a key issue because what they teach you in class rarely translates cleanly to real working environments which are always a ton more messy and infinitely more intricate and intertwined. It takes mental resiliency to deal with that holistically. You can gain some advantage by going the extra mile on your own rather than waiting for someone to take a chance on you.

Do you have a lab? Can you find malware beyond running an AV scan? Can you look at a PCAP and find evil? Have you baselined AD traffic enough to know what's normal and what's not? Have you automated something via scripts? What's your value-add? What kind of EXIF data exists on common files and how do you find public examples of that? How do you recon an organization? What kind of books do you read? What are your thoughts on privacy vs. security? An interviewer can usually tell if you've done just the bare minimum or if you've gone that extra mile on your own which shows your dedication.

Security is intensely demanding and runs at business speed, which means infosec is always behind the curve because they have to deal with all the mundane, tedious details. It's not a push-button affair. You have to do your own legwork, read books, research, tinker, read more, bang your head against the wall, experiment, and repeat this cycle over and over. Field experience inevitably hardens you enough where much of this becomes somewhat second nature. But it's a constant adaptation process, and ultimately you have to add value. There usually isn't time for anyone to really teach you a lot on the job. You have to be a natural explorer and discover things on your own.

If you don't have enough desktop/server/network administration experience, make your own. Build and break stuff in your home. These things take time. You have to earn the trust of infosec professionals and while much of this comes through technical know-how, it's also about your demonstrated perseverance and willingness to keep up. I know there's a lot of discussion around certifications, but infosec professionals are more interested in what you can do. Passing an exam realistically doesn't say much to many of us. I say this as a person with many four-byte strings after my name.

This is an evolving industry and while certs are a good start, you have to maneuver yourself into a position where you'll get noticed. If that requires moving out of state, investing a lot of time/funds into your own education and labs, or networking more at conferences, you have to research the employment landscape as it relates to where you currently stand. Paying your dues never ends.

cyberguypr

Article I came across today which captures most of what has been said: https://enigma0x3.wordpress.com/2015/04/15/10-tips-for-aspiring-security-professionals/

Cliff notes:

1. Passion is essential
2. Never Stop Learning
3. Learn the basics
4. Dive in
5. Contribute
6. Start a blog
7. Keep your head up
8. Remember where you came from
9. Get yourself out there
10. Stay humble

slee335

thanks for info, actually looking towards more of a management role for security developing policy and audits. vs the technical side of security. that interest me more. one of my job i sat in on security meeting thats how i got into. i notice management for security doesn't have to be technical he audits find the problem and let the tech side fix it.
roles that interest me are
server admin
desktop admin
security management
not really into network admin.
field tech no
help desk no.

orlandofl

you need experience to get the CISSP cert. its a requirement

True, to an extent. While you need the five years of experience to claim the full title of CISSP, you can sit for the exam anytime and earn the associate CISSP https://www.isc2.org/how-to-become-an-associate.aspx at which point you have six years to earn the required five years of experience for the full CISSP. The federal government recognizes either the full or associate CISSP credential for the IAT level III, IAM level II and III, and all of the IASAE positions http://iase.disa.mil/iawip/Pages/iabaseline.aspx.

-Travis