Security Job Question

Cyberscum

One of the questions I get asked on a consistent basis is “How do I get into security.” I don’t know if people are actually interested in security or are chasing the next big career bubble, but I had the question asked to me by a family member who is interested in security. He does not know what type of security he is interested in, but more so wants to understand the different types of security. So I explained the main types: physical, Personnel, IT and Industrial security but got the blank million mile stare by the end of it. So my question is this…

Does anyone have an in depth explanation or a website he can access that explains the different types of security and the different certifications/career paths to get from point A to B. He would be better off trying to read about the different security paths than have me explain them to him.

Thanks in advance!

tpatt100

I get asked a lot also and the field is so wide and varied. Something I do semi regularly is use Indeed.com, I go and type in different job titles and see what is out there. Then I look at what are the requirements for jobs I might be interested in to see what I might have to brush up on or maybe learn. Of course if you got the "blank stare" which I often get then these people might not be a good fit for a field that can change regularly.

Danielm7

tpatt100 wrote: »

. Of course if you got the "blank stare" which I often get then these people might not be a good fit for a field that can change regularly.

This is why I usually ask people like that why exactly they want to get into security? Did you watch hackers and CSI Cyber and think that seems like a cool job? If they can actually give logical reasons that make sense then it's a lot easier to narrow down what interests them and where they can focus their studies.

E Double U

I tell them my story of getting into security. I stress that a solid networking background was a huge help for me, but I don't think it is necessary for all security roles.

I have been getting those blank stares throughout my entire IT career so I end up sighing and saying I fix computers.

SoCalGuy858

It's funny... ever since moving into a security role, I started getting constant comments along the lines of "Catch any hackers, today?" etc., etc. It always cracks me up when I see the reactions after I say that I shuffle paper all day long...

goatama

Anecdote time: When I was moving, I took my cable box in to turn off my service and after I gave them my forwarding address the guy tried to make small talk and goes "So, why are you moving?" "New job." "Oh yeah, what do you do?" "Security for the government." ::He gives my rather portly self a side-eyed once-over:: "...cybersecurity." "Ah." Jerk.

But to answer your question I'm with Danielm7, ask "Why do you want to get into security? Did your mom get you a 'puter for Christmas?" If they can give you a reason, something other than "I hear that's where the big bucks are" then you can more accurately tailor your response to what they want to do.

636-555-3226

Honestly I think an easy cop-out answer to this question is to tell people to review SANS' training website. They have all of the basic categories and descriptions (through the course descriptions) of what each role does:

General Security (Analyst-, Administrator-ish)
Developer
Forensics
Management
Audit
Industrial Control Systems

https://www.sans.org/courses/

beads

Seems a bit like going into a fancy restaurant asking why there are no prices on the menu, then proceeding to asking how much each individual item costs. If you have to ask you can't afford it. Likewise with security. If you have to ask and you have no idea about the industry its too expensive for you to "get in to" in the first place. Its expensive both in terms of money (education) and time (commitment, desire and learning).

Security is best done after you have had a career in IT. Everyone else should be treated as a fresher and sent to the audit department for initial training.

- b/eads