Career Advice for "Long Term Unemployed" in InfoSec

gothicman02

Hello everyone!


I kind of need some advice right now in my life in my field.


I have been particularly in the Info Sec field professionally for 3.5 years, but have been self learning and passionate about IT and Net security since 2005.


Back in January of this year, I was, for a lack of a better word, let go of my first job in IT/IS with a small company due to not seeing eye to eye with the company management. To be honest, I regret it as I wanted to bring up some issues about the direction of the company and how to address some of the toxic issues in the environment with management but of course it didn't go well. They basically wanted me to beg for my job and I refused, as they didn't want to address anything going on. It was a bad decision on my part to bring up the specific issue, and I feel maybe I should have begged at this point, and tried to focus on looking for another job in the meantime. After all, this was my first job/only job in the field in a corporate environment, and now I have been unsuccessful in gaining employment since.


However more to the point, here is the current issue. I feel like I am being left behind in the field. I have been unemployed since January 2015, and I feel that everything I "learned" with the company really wasn't what the industry followed in information security, or IT, at least in terms of what I learned. For example, I see plenty of jobs for "security analyst" or "security engineer", but they are looking for more senior roles that have certain skills that I lack, despite being in my role of managed security engineer for 3+ years. Also, no training was provided at my first job besides what to do for the job nor any kind of guidance on what to pursue in terms of certs, as the company didn't believe in "certs". So right now, I'm working on my CCNA, ISC(2) SSCP, Checkpoint CCSA, and Palo Alto PCNSE6 (self study) in an attempt to prove my skills to employers.


Is this the right move or what else should/can I be doing?

P.S. I have a BS in Information System Security, and have a expired CompTIA A+ if that helps.

brchap

Keep your chin up, pal. The work is out there, but it may not always be the dream job you were hoping for, especially when you're out of work. So, don't be afraid to take a job that might pay a little less than you hoped, not have the ideal schedule, or not be a sub 15 minute commute.

Another word of advice... if you are sincerely interested in security (not just looking for a paycheck), join a couple of good security networking events and/or meetup groups. I belong to a couple of infosec here and everyone seems to make an effort to look out for their fellow security professionals, especially those who are looking for sec work or looking to change employers. In your local area, your mileage may vary, but it's worth a look.

5502george

If you can justify 5 years (-minus the degree) I would go CISSP.

It would be the best $600 investment you can make at this point.

Above all, stay positive and I wish you well in your journey.

ilikeshells

Agreed...a CISSP is probably your best bet to get passed the old guard that is HR. Otherwise, it may be worth transitioning into IT auditing (huge demand in larger markets) by obtaining your CISA.

CCNA is always a good choice but typically in conjunction with another "security" cert.

scaredoftests

That stinks, I am sorry. I have been there, without a job for that long. Keep on sending in those resumes and keep current. You will land something..

mokaz

gothicman02 wrote: »

They basically wanted me to beg for my job and I refused, as they didn't want to address anything going on. It was a bad decision on my part to bring up the specific issue, and I feel maybe I should have begged at this point, and tried to focus on looking for another job in the meantime.

Dude, of course we're all wiser after the deluge. Honestly, i wish there'll be more folks like you out there, because i hate to lick a rather shitty tasting candy and i guess everybody does so. Though there are others, those who sticks to and likes the taste of the **** ice cream.. You can be proud of yourself because you've been faithful toward what your thoughts were about the situation. You might look at things this way now; you're full of perspective and not bound to that blind horse anymore...

Back to your plans, CISSP is your best bet (you've got the needed experience) and for a guy like you it'll be doable real quick. Then i'd go for an OSCP if times permit and if you're still unemployed you'd have every day available for that, perfecto

Cheers,
m.

636-555-3226

I'm honestly surprised you're an unemployed security professional for almost a year now. I live in a relatively good area (100k local, 2M regional) and security jobs go unfilled for months as the demand far exceeds the supply. what types of jobs have you applied for, and what are your skillsets? Why not post an anonymized version of your resume so we can try to find some weak links you can work on or phrase better?

OctalDump

You can learn a lot from working at a dysfunctional organisation. Knowing what not to do, how not to do things, is just as valuable as knowing how things should be done. It gives you real insight into why "best practice" is "best" practice. So, I think you have learned some valuable things working there.

I think not begging for your job, in the big picture, probably was the best thing to do. Any company worth its salt, will respect a worker that has principles and pushes for things to be better. Too many workers get stuck in a complacent rut, too comfortable, or too scared. I think especially in Info Sec, sometimes you have to speak uncomfortable truths and have to be prepared that you aren't always going to get the response you should. But the alternative is to do a shitty job, and it sounds like you are the kind of person who wants to do the best job they can.

I think you are probably doing the right thing by certifying and keeping engaged with the technology. As others have suggested, some of the softer skills might be useful too, like CISSP or CISA.

As they say "This too shall pass", you'll find something better.

gothicman02

Thank you all for the replies!

Keep your chin up, pal. The work is out there, but it may not always be the dream job you were hoping for, especially when you're out of work. So, don't be afraid to take a job that might pay a little less than you hoped, not have the ideal schedule, or not be a sub 15 minute commute.

Another word of advice... if you are sincerely interested in security (not just looking for a paycheck), join a couple of good security networking events and/or meetup groups. I belong to a couple of infosec here and everyone seems to make an effort to look out for their fellow security professionals, especially those who are looking for sec work or looking to change employers. In your local area, your mileage may vary, but it's worth a look.

Right now i'm open to anything so not afraid for sure. Everyone is just looking for the "stellar or superstar" type in their specific role. I'm trying to get a temp job just to get some income flowing again so I can keep working on my certs.

And yes, I still am very interested. This is what I want to do, but it is hard to stay in this field with no real support or guidance which I have been lacking since my first job. I thought I would get that in some way, whether advice on what certs to get or take but I was in an environment of people who was learning themselves and no chief to lead the pack.

Any advice on a centralized site for networking groups/events in IS? I've been having trouble finding one so I'm in the know. I was also going to go to hacker halted in Atlanta, GA, but something personal came up last minute and I had to cancel. Besides that, I keep up to date with news via SANS, hak5, security exploit lists, etc.

Agreed...a CISSP is probably your best bet to get passed the old guard that is HR. Otherwise, it may be worth transitioning into IT auditing (huge demand in larger markets) by obtaining your CISA.

CCNA is always a good choice but typically in conjunction with another "security" cert.

I was already planning on that one, but wanted to get SSCP first as I'm more hands on when it comes to things. Also, any advice on how to get a voucher (someone who has the cert) to take the test? I understand its needed, plus the code of ethics.

As for CCNA, I feel I need more routing/switching exp. I have TCP/IP down, subnetting, etc. The SSCP or CISSP would cover the latter. Also, I prefer something more hands on as that is what I would prefer to do, but getting a CISA would be helpful regardless. Do you feel it would be good to get based on my current path?

Dude, of course we're all wiser after the deluge. Honestly, i wish there'll be more folks like you out there, because i hate to lick a rather shitty tasting candy and i guess everybody does so. Though there are others, those who sticks to and likes the taste of the **** ice cream.. You can be proud of yourself because you've been faithful toward what your thoughts were about the situation. You might look at things this way now; you're full of perspective and not bound to that blind horse anymore...

Back to your plans, CISSP is your best bet (you've got the needed experience) and for a guy like you it'll be doable real quick. Then i'd go for an OSCP if times permit and if you're still unemployed you'd have every day available for that, perfecto

Yes, and unfortunately there are to many that follow the CYA route and not the proper route of "best practice". I am glad I am no longer at that company for sure, but I'd like to not get stuck in another, but regardless i'm taking that risk. I'm just trying to look forward and move on and keep pursuing my career, and thank you for those kind words.

As for the OSCP, should I still pursue it if I'm more on the defensive side of security? Or is it just good to have to give a better "overall view"? From what I know, that is mainly for pen testers/ethical hackers, but feel free to tell me if you think I'm wrong

I'm honestly surprised you're an unemployed security professional for almost a year now. I live in a relatively good area (100k local, 2M regional) and security jobs go unfilled for months as the demand far exceeds the supply. what types of jobs have you applied for, and what are your skillsets? Why not post an anonymized version of your resume so we can try to find some weak links you can work on or phrase better?

I think the main issue is the lack of manager references which recruiters require in today's market along with the resume filters, and honestly not going to security events/groups to get better networked which I should have done regardless of work schdule. I have a few peer references that can vouch for my skills in the field and have seen my work, but my last position was my first job in IT/IS, was a small company (less than 20 employees) and only had one manager, which doesn't give out references. I of course don't want to make excuses, but I feel this is affecting me as I've tried pretty much everything I do know.

Jobs I've applied for mainly focus on security engineer work on the more hands on side (firewall management, SIEM, IDS/IPS, etc) as it is where my background mostly focused on, but also IT related positions. I lacked certain skills that I don't have direct experience in that made another candidate stand out more (i.e. risk management, auditing, DLP, pen testing, scripting, etc.) Was almost hired with ATT and Wells Fargo, but those were either more IT roles which I wasn't quite up to snuff in a certain area or a more senior IS role which require more exp that I feel I lack.

As for resume, I will post at the end.

You can learn a lot from working at a dysfunctional organisation. Knowing what not to do, how not to do things, is just as valuable as knowing how things should be done. It gives you real insight into why "best practice" is "best" practice. So, I think you have learned some valuable things working there.

I think not begging for your job, in the big picture, probably was the best thing to do. Any company worth its salt, will respect a worker that has principles and pushes for things to be better. Too many workers get stuck in a complacent rut, too comfortable, or too scared. I think especially in Info Sec, sometimes you have to speak uncomfortable truths and have to be prepared that you aren't always going to get the response you should. But the alternative is to do a shitty job, and it sounds like you are the kind of person who wants to do the best job they can.

I think you are probably doing the right thing by certifying and keeping engaged with the technology. As others have suggested, some of the softer skills might be useful too, like CISSP or CISA.

Agreed. I think for me, I should have just moved on instead of trying to fight it as I had a feeling the outcome would have turned out the way it did due to how other engineers dealt with it out of fear. But I figured I should at least try. So I'm just trying to move on and improve, and keep searching for the company that wants to do best practice instead of CYA and cover up, because I do want to do the best job, and not start doing the CYA dance when a breach does happen, and get thrown under the bus.


Now as for the specifics on what I have done in security:

-Firewall deployment/management (includes S2S @ C2S VPN)
-IDS/IPS deployment/management
-System/Network hardening
-SIEM deployment/management/integration of devices/systems.
-Incident/network analysis (tcpdump, wireshark, netwitness, etc)
-Vulnerability management (I need more exp in this area, but I have worked with tripwire/nessus, and alittle nmap)
-written KBs for other engineers to conduct proper security implementations

Here is my resume to give some more detail. This is my "full" resume meaning this is all I have done, particularly at my first job. I like to tailor each resume for a job I apply for based on this resume, and add to it if I apply for a job that is slightly out of my scope of focus, but I have relevant experience. Let me know what you think. Also, I removed the company name due to the NDA I signed in which I'm not allowed to "damage" the company based on what I have stated here.



[h=1][FONT=&quot]Objective[/FONT][/h]


[FONT=&quot]An experienced IT Security engineer with an exceptional record of competence, discretion, and attention to detail. Experience in system/network administration and engineering, systems/network security, vulnerability management, incident analysis, and recovery. Seeking a position with a company where I can apply my knowledge and skills to further the success of the company.[/FONT]





[h=1][FONT=&quot]Professional Experience[/FONT][/h]


[FONT=&quot]Managed Security Engineer[/FONT]
[FONT=&quot] Charlotte, NC[/FONT]

[FONT=&quot] [/FONT]
[FONT=&quot]Accomplishments[/FONT]
· [FONT=&quot]Improved Active Directory Group Policy security by implementing a domain wide security baseline for all AD connected systems, and did the same for any local system policies both connected and not connected to AD[/FONT] · [FONT=&quot]Deployed IIS server with separate Active Directory structure for client portal access[/FONT] · [FONT=&quot]Developed and created system diagram for SOC network. Used common mapping techniques for unknown devices/systems[/FONT] · [FONT=&quot]Created and managed custom policies, reports, and parsers for collecting and managing customer data and logs in our SIEM solution.[/FONT]
· [FONT=&quot]Increased network security and Confidentiality by implementing various security features on switches, routers, firewalls, etc at both corporate and SOC locations.[/FONT] · [FONT=&quot]Increased Availability of host systems by adding a redundant VMware ESXi infrastructure at SOC location[/FONT] · [FONT=&quot]Convinced management for me to implement RSA Netwitness Investigator app on our secure systems during Incident analysis and network forensics to give a more accurate picture of what is going on during a potential attack from IDS/IPS systems[/FONT] · [FONT=&quot]Designed and implemented a secure network infrastructure at SOC location to provide better redundancy and scalability.[/FONT] · [FONT=&quot]Assembled various hardware and software on many different platforms as well as configure and harden settings on Windows, Linux, and VMware ESXi barebone systems for various system infrastructure projects.[/FONT] · [FONT=&quot]Created detailed-oriented KBs on various subjects for implementation of various systems for other engineers[/FONT] · [FONT=&quot]Managed and deployed various McAfee M series IPS devices to McAfee NSM in a B2B customer environment via network design and proper security deployment/placement. [/FONT] · [FONT=&quot]Designated as lead engineer for all McAfee deployments.[/FONT] · [FONT=&quot]Managed and deployed Cisco ASA devices, including implementing and reviewing ACL's, Site-to-Site VPNs, client to site VPNs, NAT Rules, installed IPS sigs for Cisco IPS, while providing various needs for the customer.[/FONT] · [FONT=&quot]Implemented, patched, and managed various security apps used in network security including EiQ SecureVue SIEM and McAfee Network Security Manager [/FONT] · [FONT=&quot]Provided solutions for zero day vulnerabilities, including writing IPS signatures, installing/creating Linux patches (e.g., SSH Heartbleed, ShellShock, POODLE)[/FONT] [FONT=&quot]Duties/Responsibilities[/FONT]
· [FONT=&quot]Managed Active Directory users for both Client portal access as well as SIEM tool access for clients[/FONT] · [FONT=&quot]Constructed hardened images (e.g., nessus scans, services tuned, policy hardened) for deployment of windows laptop images, as well as deploy laptops with full-disk encryption and biometrics[/FONT] · [FONT=&quot]Evaluated and diagnosed system/network problems with strong critical thinking, research, and problem solving skills.[/FONT] · [FONT=&quot]On-call on monthly rotations various times throughout the year[/FONT] · [FONT=&quot]Analyzed and resolved incident response alerts for various B2B customers and provided customer support via PCAP analysis of TCP/IP traffic[/FONT] · [FONT=&quot]Managed network devices, IDS signatures, etc in Excel docs.[/FONT] · [FONT=&quot]Managed and performed system/network administration, including capacity planning for SOC infrastructure of SOC bandwidth, system capacity, and redundancy.[/FONT] · [FONT=&quot]Responsible for upgrades, hardening procedures, and integration of devices to the SecureVue SIEM tool[/FONT] · [FONT=&quot]Integrated various devices into SIEM tool for SNMP performance data.[/FONT] · [FONT=&quot]Created and managed DNS and DHCP servers in a SLES Linux environment[/FONT] · [FONT=&quot]Allocated patches via WSUS for Patch management[/FONT] · [FONT=&quot]Handled and executed backup scripts via Linux for daily backup management[/FONT] · [FONT=&quot]Managed and upgraded the McAfee NSM for IPS deployments[/FONT][FONT=&quot][/FONT]

[FONT=&quot]2011-2015[/FONT]

[h=1][FONT=&quot]Technical Skills[/FONT][/h]


[FONT=&quot]Languages[/FONT] · [FONT=&quot]Familiar with: Python[/FONT] [FONT=&quot]Software & Technologies[/FONT] · [FONT=&quot]Platforms: VMware server 2.0, VMware ESXi 5.x, Microsoft [/FONT][FONT=&quot]Windows 95/98/XP/7/8/10, Windows Server 2003/2008/2012, and various flavors of Linux/Unix systems[/FONT] · [FONT=&quot]Software Applications: Wireshark, Netwitness Investigator (e.g, RSA NetWitness/Security Analytics), Nessus, Tripwire, VMware 5.x client, WinSCP, Putty, VNC, RDP, Microsoft Word, Excel, Visio, Project, Power Point, Open Office Applications, Notepad++. [/FONT][FONT=&quot][/FONT] · [FONT=&quot]Network Knowledge: Communications with DNS, DHCP, TCP/IP, OSI model, Telnet, SSH, FTP, SFTP, SCP, FTP, LACP and many other network protocols. [/FONT][FONT=&quot][/FONT] · [FONT=&quot]Hardware: Dealt with SIMMs, DIMMs, CPUs, System Boards, Hard Drives, and other various server hardware.[/FONT][FONT=&quot][/FONT] · [FONT=&quot]Other: Deployed a home corporate-class UTM via PFSense w/snort via serial communication (Cisco Console cable). Includes both snort VRT and Sourcefire VRT sigs that I manage for my home network.[/FONT][FONT=&quot][/FONT]




[h=1][FONT=&quot]Education[/FONT][/h]


[FONT=&quot]ITT Technical Institute – Charlotte, NC[/FONT]

[FONT=&quot]2008 – 2012 [/FONT]





· [FONT=&quot]B.S., Computer Science in Information Systems Security, GPA: 3.86[/FONT]





[FONT=&quot]Penn Foster Career School – Scranton, PA[/FONT]

[FONT=&quot]2007 – 2008[/FONT]





· [FONT=&quot]Career Diploma, PC Repair[/FONT][FONT=&quot][/FONT]





[h=1][FONT=&quot]Training Seminars/Certifications[/FONT][/h]


[FONT=&quot]Check Point Certified Security Administrator (CCSA – Pursuing)[/FONT][FONT=&quot][/FONT]

[FONT=&quot]2016 [/FONT]





[FONT=&quot]Palo Alto Networks Certified Network Security Engineer (PCNSE6 – Pursuing)[/FONT]

[FONT=&quot]2016[/FONT]





[FONT=&quot](ISC)² SSCP (Pursuing)[/FONT]

[FONT=&quot]2016[/FONT]





[FONT=&quot]Cisco Certified Network Associate (CCNA - Pursuing)[/FONT]

[FONT=&quot]2016[/FONT]





[FONT=&quot]CompTIA A+ Certification – Charlotte, NC[/FONT]

[FONT=&quot]2011-2014[/FONT]







Thank you all again for all the feedback. It has been greatly appreciated! I can't express enough how much this means to me.

Danielm7

636-555-3226 wrote: »

I'm honestly surprised you're an unemployed security professional for almost a year now. I live in a relatively good area (100k local, 2M regional) and security jobs go unfilled for months as the demand far exceeds the supply. what types of jobs have you applied for, and what are your skillsets? Why not post an anonymized version of your resume so we can try to find some weak links you can work on or phrase better?

I was wondering that as well, you always hear about "negative unemployment" in the field.

dustervoice

5502george wrote: »

If you can justify 5 years (-minus the degree) I would go CISSP.

It would be the best $600 investment you can make at this point.
.

Cant agree more...

brchap

It's easy to find security groups to attend. Word of warning: Don't go into any of those groups begging for a job. If they ask why you are there, be honest. But, start out with saying that you are a security professional looking to get out an meet other like-minded professionals... then, tell them that you are currently unemployed and that you are currently seeking a new employment opportunities. Also, understand that many security professionals (especially the red team folks) tend to be anti-certification. Don't let that dissuade you from sticking to your plan... Certs get you interviews Experience gets you the job.

As for your resume, I'd drop the certifications that you are pursuing. If you got em, list em. If you just feel like you have to list a certification you are working on, narrow it down to one. Saying you're working on 4 different certs at the same time implies that you are not focused.

Here's a link to some security meetups in your area: Information Security Meetups in Charlotte - Meetup

Good luck, buddy.

gothicman02

I just wanted to thank everyone for all the great input! I meant to post back here sooner, but been super busy for the past month. I had 2 interviews with a well known big bank and well known big ISP/cell service provider and got offers from both companies at the same time! I took the one that was closer (the bank) as the team there are great guys, and the location is great. As for certs, I think I will take everyone's advice and go for my CISSP, but right after I get my CCNA. I'd really like to have that cert to let my network experience shine, coupled with the CISSP, as I know for certain I'm missing some knowledge in the networking field after one of my interviews showed that. But they saw my willingness to learn and grow, and I think that is the reason they both offered. Of course I had to turn one down, but I had to do what was best and within my current reach as I would have to move for the other.

My first day was today and I can certainly say that I am going to enjoy it very much!

Again thank you all for the help. It helped me pull through this hard time in my life, regardless if you realize it or not.

tedjames

Excellent! Congratulations on the new job! As someone who spent 1.5 years without real, meaningful work (in 2001-2002 after the big Motorola layoffs), I'm very happy to see someone else stick with it and get his career back on track.

scaredoftests

Excellent news.

impelse

Congrats

cknapp78

Congratulations!