Getting into security on the side.. bad idea?

Alright so this might be a bad idea but...

I would like to break into security some how. I don't have the years of experience (coming up on the one year at work) in IT doing firewalls, servers, networking or anything like that. Would it be wise to do auditing or vulnerability assessments for small companies?

I've earned my 4 year in Network Security two years ago, completed some of my masters at WGU (MSISA) and I'm transferring to back to DU to finish the masters that I had started. I'm working on the SSCP and eJPT certification right now.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Danielm7

Maybe consider something like a jr. analyst role? Either way you'll need to sell yourself, and being on the hook with clients when you really don't have the experience to back it up isn't a great situation to be in. You'll also then try to get a job at some point by telling them that you did security on the side, which some companies might not really give you some credit for.

You have a BS in network security and are partially done a MS in security as well. Have you been applying to a lot of places? Have you gotten feedback about what you're missing? There are a lot of things in the security field that you can learn with open source tools and a home lab.

docrice

You have to ask yourself what kind of value-add you're creating. The BS helps, but without sufficient field experience how are you going to provide findings and suggestions that's contextually relevant to your clients? If you don't understand the difficulties of an IT operation from both technical and business perspectives, you'll likely just end up reporting a bunch of findings without a proper understanding of the technologies involved.

In addition, if your clients challenge your findings, how are you going to defend your findings without understanding the nuances that exist between the interoperabilities between all the layers?

philz1982

jamesleecoleman wrote: »

Alright so this might be a bad idea but...

I would like to break into security some how. I don't have the years of experience (coming up on the one year at work) in IT doing firewalls, servers, networking or anything like that. Would it be wise to do auditing or vulnerability assessments for small companies?

I've earned my 4 year in Network Security two years ago, completed some of my masters at WGU (MSISA) and I'm transferring to back to DU to finish the masters that I had started. I'm working on the SSCP and eJPT certification right now.

Heck ya,

I just did a full IT Risk Audit for an ISD near my house. Great way to go and earn extra money and skills. I've also done a DIARMF Cycle with a Software Company for DoD compliance. Cool thing with Software Audits is you can do them in off hours. PM me if you want details.

-Phil

dark3d

I may have to get with you as well. That sounds interesting.

jamesleecoleman

Wow, thanks for the responses!!!

I had no idea what I would be getting myself into. Maybe it'll be best if I could get into more security related things at my job before I start thinking about doing something like this.

I've been looking jr. sec analyst roles to see what they require.

Cyberscum

jamesleecoleman wrote: »

Would it be wise to do auditing or vulnerability assessments for small companies?

Sure, but can you do one? My suggestion to you if you are actually interested in performing vul assessments is...

1. Download a vul assessment tool ex:RETINA, ACAS, BACKTRACK, KALI...
2. Figure out what you can offer ex:netscans, compliance, patching...
3. Volunteer your services to local business for free to dev a network
4. Hone in your skills and either apply for jobs or start your own business

If I was you I would start with something that has a good GUI and lots of support. It will make your transition a lot easier.

My recommendation would be N-able from solar winds. It has an amazing GUI and tonz of support. Their scanning engine is RETINA, but they support an easy to use GUI that literally anyone can get used to. It costs about $2 an IP though, but if you are learning and want to start with something easy it is the way to go. It also spits out analytics that are in an easy to read format for business owners.

Any specific questions let me know.