No prior IT experience, want to make a career change into InfoSec..

ekk20ekk20 Posts: 1Registered Users ■□□□□□□□□□
Hi all,

I am looking to make a career change into IT, without prior experience. I'm planning to get my CompTIA A+, Sec+, Net+, Linux+ then, CCNA and then look into doing OSCP, is this path advisable?

Thank you

Comments

  • MooseboostMooseboost Senior Member Posts: 773Member ■■■■□□□□□□
    I think the general view is that Infosec is not really an entry level starting point. Entry level Infosec jobs are not entry level to the field, but to security. From what I have seen (and I could be wrong here) - most people transition into security. An entry level security position may require 1 to 3 years of networking experience. After all, it is more difficult to secure something if you don't understand how it operates in at a fundamental level in the real world. Certification wise, the CompTia trio is a good way to start off if you are coming from zero experience. That may help you land a help desk role or something similar. Working in those kind of roles will provide you with some experience to go along with those certifications. Someone else may chime in with better advice, that is just my .02.
    2019 Certification Goals: OSCE OSWE
    Blog: https://hackfox.net
  • dustervoicedustervoice Posts: 877Member ■■■■□□□□□□
    Mooseboost wrote: »
    Someone else may chime in with better advice, that is just my .02.


    No better advice than this.. you hit the nail on the head.
  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youPosts: 2,710Mod Mod
    What @mooseboost said..
    Never let your fear decide your fate....
  • NetworkNewbNetworkNewb Posts: 3,263Member ■■■■■■■■■□
    If you get an entry level helpdesk job right now, then get all those certs you mentioned, I don't see why he couldn't land an entry level security analyst position in a year.

    Studying time: 1 month each for the Comptia exams, 3 months for the CCNA, 5 months for the OSCP... that would be one year. I think it's possible, not easy at all and you would need to devote pretty much all your free time to it. But possible.
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Posts: 337Member ■■■□□□□□□□
    Possible but unlikely. OP would better be served with a slew of security specific certs than a bunch of general ones. While the knowledge is useful, I care much more whether someone can show me drive and determination within security. The most relevant question we need to ask OP is what area of InfoSec does he want to go into. That should determine how and what he should study.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • Danielm7Danielm7 Posts: 2,265Member ■■■■■■■■□□
    SaSkiller wrote: »
    The most relevant question we need to ask OP is what area of InfoSec does he want to go into. That should determine how and what he should study.

    People always seem to glaze over this and I don't know why. There are a ton of specializations within security, they don't all involve pen testing. Plus, as I've found with talking with a number of people trying to get into the industry, there seems to be a lot of misinformation about what people actually do at their jobs, not exactly like the movies and TV shows.
  • murrayjmurrayj Posts: 5Member ■□□□□□□□□□
    SaSkiller wrote: »
    Possible but unlikely. OP would better be served with a slew of security specific certs than a bunch of general ones. While the knowledge is useful, I care much more whether someone can show me drive and determination within security. The most relevant question we need to ask OP is what area of InfoSec does he want to go into. That should determine how and what he should study.

    So would you just skip the CompTia certs, and skip Microsoft certs (MCP, MCSA, MCSE) and just go straight to something like CCNA & CCNA Security? I'm also someone at the very beginning so it's impossible for me to know what area of security i'm most interesetd in right now as I simply dont know enough - i just want to get the best grounding first and then figure out what area of security from there - given that what would you suggest?
  • 636-555-3226636-555-3226 Posts: 976Member ■■■■■□□□□□
    While it is possible to get an entry-level security role with a little IT experience, you will probably find it close to impossible to find an entry-level security role with no IT experience. You generally have to know the hows and whys of IT in order to be any good at security. Sorry to be discouraging. If you're really interested in security, search on LinkedIn for some local companies that have an information security manager or analyst or something and give them a call. Tell them you're interested in infosec but would like some pointers about how to get started, etc. Hopefully you find a nice person who will give you a few minutes of their time for some advice.
  • xdfeverxdfever Posts: 14Member ■□□□□□□□□□
    im doing the exact thing. Switching from a Master Automotive Technician to IT Security. I was lucky enough to land a entry level job as a help desk based off of my tweeked resume! I was always a tech guy and luckily i knew enough to be trained for this job. I got my A+ cert first month here, now im starting WGU BS-IT Security which will earn me the other certs you mentioned plus the ccna security. i think this is a good path to go, because a lot of the jobs i was looking at wanted at least a AS in a computer related field. Some wanted a BS
  • daschildaschil Posts: 12Member ■□□□□□□□□□
    xdfever wrote: »
    im doing the exact thing. Switching from a Master Automotive Technician to IT Security. I was lucky enough to land a entry level job as a help desk based off of my tweeked resume! I was always a tech guy and luckily i knew enough to be trained for this job. I got my A+ cert first month here, now im starting WGU BS-IT Security which will earn me the other certs you mentioned plus the ccna security. i think this is a good path to go, because a lot of the jobs i was looking at wanted at least a AS in a computer related field. Some wanted a BS

    xdfever,

    I think you're going about it the right way. Start small, work hard, continue education, then transition into infosec. Most hiring managers will require a good amount of IT experience for an entry-level security job, unless it's an internship or something of the sort.
    LinkedIn, twitter - David Schildroth
  • TheFORCETheFORCE Senior Member Posts: 2,297Member ■■■■■■■■□□
    Unless you have some background experience in other areas of IT with no experience you won't be able to get an entry level IT Security job. This is again more difficult because you don't know the different areas of IT Security. In order to find that out you have to observe it from another position and get as much knowledge as possible.
    Consider this, someone wants to be a teache. Ok, so now what? What type of a teacher? Math, English, history, Chemistry, Biology, Physical Education etc etc. That's a simple example but you get my point.
  • exspiravitexspiravit Member Posts: 44Member ■■□□□□□□□□
    Yeah, no IT at all will definitely be a barrier to entry. The help desk route is a good one and then I'd also look at local infosec and security groups on MeetUp and the like. Hopefully, you can find something like a local hacker space or something where you can get involved in CTF competitions which will help you learn about IT/IS. There are also plenty of free resources online to get involved.

    But yeah, first step is to land any job in IT, you need to learn to wax on/wax off.
  • beadsbeads Posts: 1,442Member ■■■■■■■■□□
    Security is best practiced after having a career in one of the three pillars of IT: Infrastructure, Development or Database Administration. Most of us come from Infrastructure and Administration and work into security best through audit and beyond. Developers and DBAs make better blue team (pentesters) than infrastructure people but don't always understand much on the other side of SIM/SIEM and NBAD type systems though cross training helps. Much the same for DBA crossovers though rare make the best pen testers going because of the vastness of skill and pulling data out of tables once a solid breach occurs.

    Breaking all of security down by tasks you'll find more than 31 separate tasks. Now what is it your likely to spend most of your time doing as a security practitioner? Viewing consoles and doing research on vulnerabilities that may be hitting your network. Oh and LOTS and LOTS of reports, reporting and automating more reports.

    The rest of the day we're either found in meetings or getting coffee.

    - b/eads
Sign In or Register to comment.