Looking for career advice in IT secuirty

Ukimokia

For the last two years I've worked at two different help desks (Straight out of highschool. I'm 20 now), and I'm staring to now look towards the future to see what's next. I currently have Sec+ and A+ and working on getting my ISC2 CAP. I want to go into security policy, compliance, and risk management. I've been currently looking for a Jr. Security Analyst position. My plan is to get the CISSP and eventually ISSMP down the line. I've been recently debating whether or not I'd absolutely need a degree with those certifications and some experience under my belt.

My question is are there any better certifications I should go for to work in IAM, Policy, Security Risk advisor type of position? Do I absolutely need a degree? I'm not very interested in doing the more technical side of cyber security. My personal interests are personnel management, monitoring, reporting, and advising/consulting. Obviously I should be knowledgeable of the more technical side, but it is not what I am interested in.

Thank you in advance for all comments and advice!

TheFORCE

Yes you need a degree. A CISSP, a CISA and a CISM, plus experience in a role that you at least had some exposure creating some small policies. Experience is the best teacher when it comes to creating and coming up with new policies.

Ukimokia

TheFORCE wrote: »

Yes you need a degree. A CISSP, a CISA and a CISM, plus experience in a role that you at least had some exposure creating some small policies. Experience is the best teacher when it comes to creating and coming up with new policies.

What kind of degree would you suggest? A general IT security degree? OR focused more on cyber security? Thank you for the response!

nathandrake

I was able to get into the the security field with only having a desktop support background by enrolling in a MS program in Information Security and Assurance from WGU. I know they have a BS degree that focuses on security. That may be worth checking out. You'll also get some certs with it as well.

guy9

I am in your area. To be honest with you, most of the people in the IT Field in Northern Virginia/DC have security clearances. I didn't say all but "most". Companies do sponsor individuals for clearances and it does/has happened. But, most of the people in your/our area have clearances.

College:
I will say again, I am in your area, not Arlington specifically but your area. DMV
I think in this area its more about certification and experience than education, specifically I am talking about govt. IT jobs.
Which College:
I am not going to talk bad about any university. In "this area" a lot of people are specific about what school you attended. t is a bunch of schools in a 50 mile radius of you, not including schools that have classes on military bases. People judge you on the school you go to "in this area". Having some schools on your resume "in this area" can definitely put your resume in the right hands. I do wish you the best

Ukimokia

guy9 wrote: »

I am in your area. To be honest with you, most of the people in the IT Field in Northern Virginia/DC have security clearances. I didn't say all but "most". Companies do sponsor individuals for clearances and it does/has happened. But, most of the people in your/our area have clearances.

College:
I will say again, I am in your area, not Arlington specifically but your area. DMV
I think in this area its more about certification and experience than education, specifically I am talking about govt. IT jobs.
Which College:
I am not going to talk bad about any university. In "this area" a lot of people are specific about what school you attended. t is a bunch of schools in a 50 mile radius of you, not including schools that have classes on military bases. People judge you on the school you go to "in this area". Having some schools on your resume "in this area" can definitely put your resume in the right hands. I do wish you the best

Thanks man! I do have a clearance as well. Got it from my first help desk job which was down in the Hampton Roads area. I was looking into going to NOVA community college and then transferring to GMU for their cyber security route. It's a bit more expensive than WGU, but I'm not sure how well I'd adapt to the WGU environment of writing 15 page papers every night.

kiki162

To help broaden your resume, I'd suggest thinking about school at some point if you ever leave the NOVA/DC area. I got myself out of a HD job buy pursing other sysadmin certs, like MCSE or VCP. Once you get that and into a admin role, that will give you the experience to work your way into a infosec role. Remember you need to have a solid "base" first. BTW there's also UMUC.

SoCalGuy858

I was able to get into an InfoSec role without a degree, and only the certs I've got listed to the left... This was after two years as a sysadmin / help desk guy at the same company. It boiled down to technical knowledge, organizational "tribal" knowledge, motivation towards security, and a bit of being in the right place at the right time.

What type of organization do you work for? (Size, types of teams, etc.) Sometimes, the best way to jump into a position like this is from within your own organization.

guy9

Ukimokia wrote: »

Thanks man! I do have a clearance as well. Got it from my first help desk job which was down in the Hampton Roads area. I was looking into going to NOVA community college and then transferring to GMU for their cyber security route. It's a bit more expensive than WGU, but I'm not sure how well I'd adapt to the WGU environment of writing 15 page papers every night.

I am not going to talk about WGU. I will say I know people that go to WGU and none of the people I know that go to WGU are in the Northern Virginia/DC area (not saying they don't exist). Sir/Ma'am, you have a fantastic idea!!! Go to NOVA CC! If you graduate with a 2 year degree you are guaranteed admission into about 9 universities in the area. I will repeat, you are guaranteed admission in about 9 colleges including GMU if you get a 2 year degree from NOVA CC:
Guaranteed Admission Agreements :: Northern Virginia Community College

If you were in any area in the world I would promote WGU to save some $. But, in this area people frown upon certain degrees. Put your resume on indeed and clearance jobs. Most of the hits I received were from those two sites. If you were willing to drive to Quantico and be a Watch Analyst I could find this email from a recruiter in my inbox. The job is pretty boring honestly but it'll give you a foot in the door

Cyberscum

Ukimokia wrote: »

For the last two years I've worked at two different help desks (Straight out of highschool. I'm 20 now), and I'm staring to now look towards the future to see what's next. I currently have Sec+ and A+ and working on getting my ISC2 CAP. I want to go into security policy, compliance, and risk management. I've been currently looking for a Jr. Security Analyst position. My plan is to get the CISSP and eventually ISSMP down the line. I've been recently debating whether or not I'd absolutely need a degree with those certifications and some experience under my belt.

My question is are there any better certifications I should go for to work in IAM, Policy, Security Risk advisor type of position? Do I absolutely need a degree? I'm not very interested in doing the more technical side of cyber security. My personal interests are personnel management, monitoring, reporting, and advising/consulting. Obviously I should be knowledgeable of the more technical side, but it is not what I am interested in.

Thank you in advance for all comments and advice!

MBA, CISSP and PMP. Call it a day.

Ukimokia

Cyberscum wrote: »

MBA, CISSP and PMP. Call it a day.

Hadn't really thought if a MBA would be applicable. I do want an MBA. So maybe I'll go this route instead. Could always go other directions other than Cyber Security with that MBA as well. Thanks!

Pupil

You sure you want to do compliance and security policy work? It's incredibly boring stuff in my opinion.

Ukimokia

Pupil wrote: »

You sure you want to do compliance and security policy work? It's incredibly boring stuff in my opinion.

Yes. As I've been studying up for the CAP and looking through CISSP material policy is what I've found most interesting.