From Sys Admin to Security - how?

Echoe3Echoe3 Registered Users Posts: 2 ■□□□□□□□□□
Ok, so I've got 15 yrs I.T. experience. 3 yrs as a Comp Supprt Tech, 1 yr as an I.T. Admin and 10 years as an Asst. Systems Administrator. I'm interested in Security, and am looking to make a move from Sys Admin/user support to something where I don't have to deal with users every minute of every day. I'm BURNT OUT on support.

I'm lucky to work for a company that offers training periodically, and have the CASP and CEH coming up. I have obtained my CompTIA Sec+, as well as a couple of MS certs. I have 10 yrs of exp in MS, 3 in Mac, and 1 in Linux. My question is this - how do I go from where I'm at now, to a job in the IT Security field? I originally had planned to go and get a degree in Digital Forensics, but that will take 10+ yrs at the rate of which my employer reimburses., or $90k out of pocket.

Will certs plus my exp be enough to get me a job in Security, namely ethical hacking or digital forensics? If not, how can I make a lateral move to get experience? I don't mind starting as a junior sec analyst or something similar, but I don't want to take a significant paycut. I'm currently at $70k/yr, and while I know I'm worth more, I'm working in Academia, not corporate. I'm willing to work hard, as I learn FAST, and am extremely resourceful.

Ideas?? Any advice is helpful.

Comments

  • Robertf969Robertf969 Member Posts: 190
    Interested in Audit? PM me.
  • JavajunkieeJavajunkiee Registered Users Posts: 3 ■□□□□□□□□□
    Echoe3 I'm in the same boat as you; our experience and certs are similar except I've spent 16+ in manufacturing and 10 in banking. I've got a few MS certs and an ancient Novell one, but like you, I'm burned out on teaching the same people how to copy and paste day in and day out and need a new challenge. I'm studying for the Security+, and once that's knocked out I'm going for Network+. After that I'm torn between CISSP or CCENT. Hopefully you'll get some good responses to your question, because they'll help me out as well.

    Good luck!
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I made almost the exact same transition, was a sysadmin for 14 years before moving into security.

    You could likely get an analyst position now, assuming your current job actually touches security concepts. I think sysadmin > security is a very logical transition because you'll know systems already and likely a fair bit of networking, both of which are really important. The key is your resume, and networking, the people kind, not the wires kind. You may have never worked on a SIEM but have you looked at logs, probably. You might not be a firewall rules expert, but you've likely dealt with them enough to know what of rules make sense, hint, any/any is a bad thing, ha. Know your ports, common attacks, learn any open source tools you can, splunk, alienvault, etc.

    Really though, take the security aspects of your current and past jobs and shine a spotlight on them on your resume. Don't write a resume like you're going for another sysadmin position, tweak it, while still being accurate of course.

    Once you get a foot in the door then maybe you can specialize later into forensics or pentesting. You likely won't, and shouldn't, get a job as a pen tester with just the CEH unless you can really prove that you know what you're doing. Same thing with forensics. If you were really interested in forensics maybe your company could spring for some SANS courses, or even do work study and pay for it yourself, there are lots of ways to learn. Please don't spend 90k on a forensics degree.
  • mataimatai Member Posts: 232 ■■■□□□□□□□
    I hear ya, I started in Desktop Support and am now a Lead Infrastructure Engineer and am completely sick of it. Trying to move into security, even with a degree and certs I'm having a really hard time finding a new position. I'm in the middle of the WGU MBA - IT program and have the GCIH, CEH and CISA to do before the end of the year. My boss is happy to keep paying for training so I'm focusing on that but I can't wait to move on to something different.
    Current: CISM, CISA, CISSP, SSCP, GCIH, GCWN, C|EH, VCP5-DCV, VCP5-DT, CCNA Sec, CCNA R&S, CCENT, NPP, CASP, CSA+, Security+, Linux+, Network+, Project+, A+, ITIL v3 F, MCSA Server 2012 (70-410, 70-411, 74-409), 98-349, 98-361, 1D0-610, 1D0-541, 1D0-520
    In Progress: ​Not sure...
  • TheCudderTheCudder Member Posts: 147 ■■■□□□□□□□
    Danielm7 wrote: »
    I made almost the exact same transition, was a sysadmin for 14 years before moving into security.

    You could likely get an analyst position now, assuming your current job actually touches security concepts. I think sysadmin > security is a very logical transition because you'll know systems already and likely a fair bit of networking, both of which are really important. The key is your resume, and networking, the people kind, not the wires kind. You may have never worked on a SIEM but have you looked at logs, probably. You might not be a firewall rules expert, but you've likely dealt with them enough to know what of rules make sense, hint, any/any is a bad thing, ha. Know your ports, common attacks, learn any open source tools you can, splunk, alienvault, etc.

    Really though, take the security aspects of your current and past jobs and shine a spotlight on them on your resume. Don't write a resume like you're going for another sysadmin position, tweak it, while still being accurate of course.

    Once you get a foot in the door then maybe you can specialize later into forensics or pentesting. You likely won't, and shouldn't, get a job as a pen tester with just the CEH unless you can really prove that you know what you're doing. Same thing with forensics. If you were really interested in forensics maybe your company could spring for some SANS courses, or even do work study and pay for it yourself, there are lots of ways to learn. Please don't spend 90k on a forensics degree.

    Good to read. This is actually my goal. I recently interviewed for a Cyber Security Analyst position, but ended up being offered a Systems Admin position with the same company --- which I was happy to take as it has a strong focus on the security baselines & compliance of the systems I'll be working with. So I'm hoping to do just as you said, and turn the skills I gain from this role into the skills necessary to be a good candidate for a security analyst.
    B.S. Information Technology Management | CompTIA A+ | CompTIA Security+ | Graduate Certificate in Information Assurance (In Progress)
Sign In or Register to comment.