Security Job Path

markulousmarkulous Posts: 2,389Member ■■■■■■■■□□
So I'm coming up to about two years experience in the IT world and I'm try to evaluate what I aim to do later on, but wanted a little feedback from more experienced individuals.

I was at a help desk for a MSP for about a year and a half and now work at VMware for the past two months. It's still along the lines of break/fix, however it's with VMware products and this company is pretty great. The issue I have right now is that I want to get into infosec at some point and I'm debating at what point I should try to do that. I just started this job so I really don't necessarily plan on leaving right now unless an awesome job smacks me in the face.

My plan right now is: I'm planning on getting the VCP6-DTM within the next couple weeks (hopefully) since it's a requirement here. After that I probably will get the VCP6-DCV, which is a bit more marketable and also looks good on my resume. After that is where I'm not sure...

I am thinking about going back to WGU for the MSISA, which will offer the CEH and CHFI certs in their degree program. However, I'd have to wait until November 2016 before I can get tuition reimbursement here. Obviously that would mean I'd be here a 2+ years as I get reimbursement and finish out the degree. The other option is after I get the VCPs I go after the CEH and/or GCIH then start applying for stuff. I would probably have to pay for those out of pocket but I'd obviously try to see if I could get one paid for.

I've been looking over infosec jobs that I want and Blue Team stuff sounds much more my level. A good work/life balance is key so I was thinking of looking at security analyst jobs or auditing jobs at a bank or larger security company around here. The work that they perform is tedious, but that's the kind of stuff I like. I don't have a clearance so the former may be the better option.

In the mean time I'm subscribing to Krebs, TR, SC, Sans, etc. trying to just absorb everything I can and read security blogs/info/etc.

Thoughts? I don't want to be a job hopper but not sure I stay at break/fix for several years for it to pay for a MS which may or may not help right now. And I'm not sure if the CEH is going to be the decision between me getting into infosec or not.

PS: I think later down the road forensics would be interesting, but I want to get into infosec first then possibly get a reserve deputy job for law enforcement training/experience, but probably after my MSISA.

Comments

  • Danielm7Danielm7 Posts: 2,237Member ■■■■■■■□□□
    I'm never one to look down on more education, but you surely shouldn't need an MS, especially since you already have a security focused BS just to start in security. It's nice to have, and I'll do mine when I get tuition reimbursement as well, but I don't expect it to do much more for my career at this point.

    If you're looking at analyst roles, you already have the Sec+ and the CCNA:Security, which is a nice start. You really could just self study on the topics you need and apply when you feel ready. Try to network with the people in the field if you can, that'll be very helpful. If you could do a SANS work study at some point and try something like the GCIH or GCIA it would probably give you a big leg up on other analyst applicants and won't cost you the 5K+ out of pocket.
  • markulousmarkulous Posts: 2,389Member ■■■■■■■■□□
    Hmm maybe after I get the VCPs I can start self-studying. If I applied now and showed a job on my resume that only lasted 3 months, I think it would look bad. I'd think at least 6 months would be the minimum, but maybe I'm overthinking it.
  • Danielm7Danielm7 Posts: 2,237Member ■■■■■■■□□□
    Sure, I wouldn't do it after 3 months either. But, my point was that you don't need to wait years until you're done your masters to get your foot in the door.
  • markulousmarkulous Posts: 2,389Member ■■■■■■■■□□
    True. I would like to start it within a year or two, but I suppose there's no reason to wait that long like you said. I'll start looking around maybe March/April to make this okay on my resume. Ideally, I'd somehow find a security-related role here so we shall see.

    On a side note, I agree with studying now that I've seen more costs of those SANS certs. Jeez... There's no way I'm paying out of pocket for that. icon_surprised.gif
  • LionelTeoLionelTeo Posts: 526Member ■■■■■■□□□□
    I know this is a generic response. I had compile a list of certifications path associated with each security career path on my site. I had repeated this several times, hence I had gotten lazy to repeat myself.

    Career Certification Path ~ GravitySec[dot]com
  • markulousmarkulous Posts: 2,389Member ■■■■■■■■□□
    LionelTeo wrote: »
    I know this is a generic response. I had compile a list of certifications path associated with each security career path on my site. I had repeated this several times, hence I had gotten lazy to repeat myself.

    Career Certification Path ~ GravitySec[dot]com

    Believe it or not I actually saw that before I made this thread and that gave me a really good idea of which certs to start woth.
  • LionelTeoLionelTeo Posts: 526Member ■■■■■■□□□□
    Good to hear that. For a start, aiming for a job as a security analyst would be the easiest way to get into infosec field. Security Analyst had the most amount of job opening, a SOC usually requires 8+ people to run the show. Unlike other infosec positions which have a slightly lower amount of people.
  • si20si20 Senior Member Posts: 471Member ■■■■□□□□□□
    LionelTeo wrote: »
    Good to hear that. For a start, aiming for a job as a security analyst would be the easiest way to get into infosec field. Security Analyst had the most amount of job opening, a SOC usually requires 8+ people to run the show. Unlike other infosec positions which have a slightly lower amount of people.

    Security Analyst jobs are in abundance but OP should ask "why?". This thread may help explain things:

    http://www.techexams.net/forums/jobs-degrees/113623-soc-experience.html

    If you're planning on working in a SOC, I highly recommend you have an escape plan. Be looking for another job from day 1, so when the time comes that you get sick of it, you are ready to go. Some SOC's are revolving doors. I remember in my first SOC, we were losing staff on a one-per-month basis. I'd come in and see a new face at the desk.

    Also (in my experience) security analysts get VERY VERY LITTLE respect. Because you aren't a hacker, you aren't a security expert or a networking expert, you're simply a guy who looks at alerts for 12 hours a day. There are some good people in SOC's, but for every good person, you tend to get a few idiots which massively impact on the industry.

    I could talk about it for days. Just take my advice, if you become a security analyst, be prepared to move elsewhere. Don't get 6 months in and then spend another 6 months looking for alternative employment.
  • markulousmarkulous Posts: 2,389Member ■■■■■■■■□□
    That's what I'll look for I think. I had an interview for an auditing position which would be great too but I had to travel, which I can't do much. He said I should be able to get a job as a analyst at a bank. Just hoping I don't take too much of a pay cut switching (I make 30 an hour)
  • LionelTeoLionelTeo Posts: 526Member ■■■■■■□□□□
    I had to say that SOC getting the bad rep due to bad company management. Hard truth is that a large portion of the SOC (both MSS and internal) is set up to meet some form of compliance than actually doing the real work. I am a Security Analyst working in an SOC, and higher tier SOC actually requires very skilled people and is very hard to get in.
  • markulousmarkulous Posts: 2,389Member ■■■■■■■■□□
    It sounds like if I go for a SOC job just to do a little research on the company I'm applying to (glassdoor, etc) and not just take the first one that calls. That way I can get a comparable wage hopefully and not want to ditch them right away.
  • LionelTeoLionelTeo Posts: 526Member ■■■■■■□□□□
    And also watch out of bad signs of job posting. Anything that emphasize CISSP for SOC analyst jobs is simply telling you that they do not understand how security works. The first infosec jobs like any first jobs out there would be crap, the best you can ask for is an easy job where you can spend time studying for certifications and move on.
  • RemedympRemedymp Posts: 834Member
    si20 wrote: »
    Security Analyst jobs are in abundance but OP should ask "why?". This thread may help explain things:

    http://www.techexams.net/forums/jobs-degrees/113623-soc-experience.html

    If you're planning on working in a SOC, I highly recommend you have an escape plan. Be looking for another job from day 1, so when the time comes that you get sick of it, you are ready to go. Some SOC's are revolving doors. I remember in my first SOC, we were losing staff on a one-per-month basis. I'd come in and see a new face at the desk.

    Also (in my experience) security analysts get VERY VERY LITTLE respect. Because you aren't a hacker, you aren't a security expert or a networking expert, you're simply a guy who looks at alerts for 12 hours a day. There are some good people in SOC's, but for every good person, you tend to get a few idiots which massively impact on the industry.

    I could talk about it for days. Just take my advice, if you become a security analyst, be prepared to move elsewhere. Don't get 6 months in and then spend another 6 months looking for alternative employment.

    Could not have said it better.
  • RemedympRemedymp Posts: 834Member
    markulous wrote: »
    So I'm coming up to about two years experience in the IT world and I'm try to evaluate what I aim to do later on, but wanted a little feedback from more experienced individuals.

    I was at a help desk for a MSP for about a year and a half and now work at VMware for the past two months. It's still along the lines of break/fix, however it's with VMware products and this company is pretty great. The issue I have right now is that I want to get into infosec at some point and I'm debating at what point I should try to do that. I just started this job so I really don't necessarily plan on leaving right now unless an awesome job smacks me in the face.

    My plan right now is: I'm planning on getting the VCP6-DTM within the next couple weeks (hopefully) since it's a requirement here. After that I probably will get the VCP6-DCV, which is a bit more marketable and also looks good on my resume. After that is where I'm not sure...

    I am thinking about going back to WGU for the MSISA, which will offer the CEH and CHFI certs in their degree program. However, I'd have to wait until November 2016 before I can get tuition reimbursement here. Obviously that would mean I'd be here a 2+ years as I get reimbursement and finish out the degree. The other option is after I get the VCPs I go after the CEH and/or GCIH then start applying for stuff. I would probably have to pay for those out of pocket but I'd obviously try to see if I could get one paid for.

    I've been looking over infosec jobs that I want and Blue Team stuff sounds much more my level. A good work/life balance is key so I was thinking of looking at security analyst jobs or auditing jobs at a bank or larger security company around here. The work that they perform is tedious, but that's the kind of stuff I like. I don't have a clearance so the former may be the better option.

    In the mean time I'm subscribing to Krebs, TR, SC, Sans, etc. trying to just absorb everything I can and read security blogs/info/etc.

    Thoughts? I don't want to be a job hopper but not sure I stay at break/fix for several years for it to pay for a MS which may or may not help right now. And I'm not sure if the CEH is going to be the decision between me getting into infosec or not.

    PS: I think later down the road forensics would be interesting, but I want to get into infosec first then possibly get a reserve deputy job for law enforcement training/experience, but probably after my MSISA.

    Because VMware is part of EMC, you might be able to try RSA as they're all under the same umbrella.
  • markulousmarkulous Posts: 2,389Member ■■■■■■■■□□
    Remedymp wrote: »
    Because VMware is part of EMC, you might be able to try RSA as they're all under the same umbrella.

    Ah! That is a really good suggestion. If the benefits are similar and everything, I'd love to go down that route.

    Saw a SOC posting from IBM this morning (Threat Analyst is the job title). Looks like the pay is more than what I'm getting now and I would think they'd be better than your average SOC. I'm not going to apply to anything this second, but just food for thought.
  • markulousmarkulous Posts: 2,389Member ■■■■■■■■□□
    LionelTeo wrote: »
    And also watch out of bad signs of job posting. Anything that emphasize CISSP for SOC analyst jobs is simply telling you that they do not understand how security works. The first infosec jobs like any first jobs out there would be crap, the best you can ask for is an easy job where you can spend time studying for certifications and move on.

    Good point...Well I am hoping my certs/degree and 2 years of IT experience can put me into a position where I don't have to take the bottom of the barrel infosec job. That wouldn't be challenging and I can't afford a paycut.
  • RemedympRemedymp Posts: 834Member
    Anything that emphasize CISSP for SOC analyst jobs is simply telling you that they do not understand how security works.

    It also can be that managers get a bonus if their team members are all CISSP. This happens quite often and managers pocket the bonus and don't share it with the rest of the team in some way shape or form. A bonus for a manager could be anywhere from $1500 to $5000.
  • goatamagoatama Posts: 181Member
    As someone who did the break/fix stuff for awhile before moving into security, I can tell you that the experience you'll get doing break/fix will go a long way to getting a good security position. The problem you'll face right now is that you only have two years of general IT experience. A lot of companies will give you a couple years for the BS as well, so you're looking at 4 years total. Most decent-paying InfoSec jobs want a minimum of 5 years just in InfoSec; that's part of the reason you see CISSP thrown around a lot, you technically need 5 years security experience to get that.

    If you can't find some way to incorporate some of those 10 domains into your current job duties, it's going to be tough to find a job in InfoSec that pays what you're making.

    That said, your idea of absorbing and reading those sources is a great idea. If you can get the interview, then all that matters is that you know what you're talking about. Going into an interview with a deep understanding of the security industry will help you nail any (worthwhile) interview. I went for two interviews well above my then-current experience level, but I had enough knowledge to impress the interviewers and was offered both jobs.

    Good luck, and don't forget: Denver is one of the top five cities for InfoSec jobs. According to... some blasted article that I can't find right now. :D
    WGU - MSISA - Done!!
    Next up: eCPPT, eWDP, eWPT, eMAPT
  • markulousmarkulous Posts: 2,389Member ■■■■■■■■□□
    Thanks for the advice!

    The biggest thing I don't have a ton of experience in is networking, but at least I have my CCNA and CCNA: S to supplement that a little bit.

    There definitely does seem to be a lot of infosec jobs here in Denver and Boulder so I just need to get a chance to shine in an interview like you said.
Sign In or Register to comment.