How to get real life experience

TheEmperor

I'm at my current job for over 9 years as a DBA for a proprietary database that is SQL based. I handle all the DB and website
related businesses. I have a BS in Computer Science, and certified in CompTIA A+, S+, and N+. I want to move to
Cyber Security as an Analyst. I sat for the CISA exam (waiting for result) as the first step to hopefully get IT audit job and eventually get to be an analyst. My question is: how do I get real world experience in the security field? I'm willing to volunteer, work part-time, as long as I get real world experience. Do you gentlemen have any advice?

Thanks,

Tommy

tahjzhuan

My experience with experience is that it's learning vicariously as well as through trial and error. When I make a mistake, I realize that experience is being achieved. Doing it and making improvements seems to be the route to take.

exspiravit

You can try MeetUp and look within your area for security related meets, look for a local hacker/maker space that has a network or info sec group. You'll have to network with people in order for them to take the risk of hiring someone, who has experience but doesn't at the same time, as you will cost more than an entry level person.

Also, I'd strongly suggest looking within your company to see if that position might be possible. That is how I moved from systems engineering and into purely cyber security. I was even able to get a minor pay bump as well due to my MS and CISSP. I also let them know that I was "actively" looking to pursue this direction, which politely told them that I'll leave this job if I have too. Most companies prefer to keep their talent pool.

the_Grinch

"You take the fruit of forty years - hard lessons, mistakes - and you call it wisdom." - Stanley Motss - Wag the Dog

I think the best course of action is to move to a company that has a security team. In cases such as that, you prove yourself on another team and possibly assist the security team. In turn they get to know you and they move you to their team when an opening becomes available. In my "experience" that is the easiest way to get experience. Other then that it seems getting a position with a security title, but perhaps low end security work, is the other way to go.

I'd also venture to say the some hands on based certifications offer an option. OSCP would be an example where some of the times a person is brought into a security role after achieving the certification. Again this would not be the rule, but a bit more then an exception.

BlackBeret

9 years as a DBA... I would start applying to pentesting positions anywhere around you. I know a few pentesting or vuln assessment teams that are always looking for someone with a specialty in databases.

The analyst team I'm on has brought in a lot of people with no security experience (with varying levels of success). The largest contributing factor is often how much do you want to learn security. If you go in to an interview and someone asks what are you doing to learn security, be able to explain it. Explain your lab, how and what you've studied, what blogs and sites you follow, why you want to work in security and what you've done to get there. If they ask how you stay up with the latest security threats and you answer with "google", you probably wont get a call back.

ally_uk

Get yourself Kail, fire up nmap and terrorise the nieghbours what it's real life expreince lol

dustervoice

ally_uk wrote: »

Get yourself Kail, fire up nmap and terrorise the nieghbours what it's real life expreince lol

hmm that might get him some experience of prison life where he might need more that a "hardened" system to survive!

TheEmperor

Thank you for your advices everyone.

LoL....I will probably NOT try your method ally_uk...