Trying and failing at making the leap into IT security

TCincinnatiK · December 2015

I've been a long time reader of this forum for a while the advice and knowledge offered here is extraordinary. Unfortunately I haven't been able to land a entry level security role for a couple of years. I have had a few interviews (even one internally) with no success.

I currently work for a mid size bank as a technical administrator for about 3,000 ATMS. I know I need to leave the role ASAP as it is a select field and doesn't help the resume much also I'm only getting older (26 now). My question to the forum is what would be the best way to improve my qualifications? I am highly motivated and very interested in security. I am also very confident in the fundamentals of security and networking. The problems I face is not having any experience with commercial software (SIEMS etc..) Is there anyway around this? Or cheap ways to to get familiar with software such as HP Arcsight?

Ive pasted my resume below so you have an idea of my background and if there is anything that can be improved with it.

thanks for any responses in advance.

OBJECTIVE
To secure a position in Information Security where my educational background and experience in information technology will provide positive results

Technical Skills:
TCP/IP Troubleshooting Computer Forensics (education)
Disk Encryption Incident Response
Active Directory Customer Helpdesk Support
Vulnerability testing (education) Network Design (education)
Router, Switch and Firewall Troubleshooting Kali Linux (education)
Python/Socket Programming (Currently learning) ServiceNow ticketing system
Projects:
• In-depth forensic report and analysis of hard drive image (education)

PROFESSIONAL EDUCATION/CERTIFICATIONS
A+, Network +, Security +, CCFE- Certified Computer Forensics Examiner

WORK EXPERIENCE
10/14 - Present: Technical Project Manager (company)
• Preform technical support for software or network related ATM outages
• Provide detail analysis and reports for ATM availability and performance
• Coordinate with Vendors to create and improve processes to increase ATM uptime
• Frequent communication with all levels of the organization including both technical and non-technical associates
• IBM Tivoli endpoint installation and troubleshooting for ATMs

10/12 -10/14 (company) Technical Support Specialist
• Help determine the cause and to troubleshoot network outages for financial institutes.
• Incident response through monitoring of internal infrastructure through HP Sitescope. Includes determining severity and escalating to the correct teams in a timely manner
• Assist Network Engineers in correcting or improving access control lists
• Assist Bank branches and technicians in troubleshooting network ATMS and their hardware

5/11 -8/12 (Intern) (company), Hardware and Software Support
• Promptly remedied requests for troubleshooting a wide variety of PC issues supported administrators through active directory
• Hardware deployment upgrades and enhancements to existing systems
• Software and hardware diagnosing and resolving technical problems in a multi-user environment
• Layer 1 networking support and implementation
• Implemented Full disk encryption on personal laptops (TrueCrypt)

EDUCATION
2013—In Progress-- Virginia Tech, Blacksburg, Virginia
Major: Masters of Information Technology
Blend of software and computer engineering with a in depth focus on network and security architectures

2008–2012 Bachelors of Science, Indiana Tech University
Major: Computer Security and Investigation; GPA 3.3
A comprehensive security and networking program that includes technical aspects of information security, forensics and network design. Simulated large scale networks and configured a defensive architecture using current defensive strategies.

Segovia · December 2015

Hello!

Yeah getting your foot in the door in a security realm can be pretty difficult. Especially for your current job. It seems like a pretty niche role and might not be the best path to security.

Your education and certs look pretty solid though, if anything I would recommend trying to get a cert from GIAC or ISC(2) to help push the direction of security. Also maybe a Linux cert.

Besides that I can't really tell you what path to take. I'm a current security student and I admit the path to get that job seems confusing and very specific. Hopefully another forum member can shed some good insight on this for us.

The biggest problem with your resume though is the Objective. Get rid of that completely and sit down for a while; come up with a good summary instead of what you've done and what you want to do. I like to make this around a short paragraph. (Others will argue that you don't need any type of summary at all, but this is usually for folks that have extensive job history that basically speaks for itself)

Also I would remove the (education) from your skills. I know what this is like because a lot of my resume skills aren't technically gained through employment. But it just looks kind of weird. It seems like you have a lot of forensics and investigations background which in my experience is extremely harder to get into than regular security type jobs. You might want to tone down the forensics aspect a bit and tailor it to something else security related.

Best of luck to you!

Danielm7 · December 2015

I'm a little torn on listing skills but not from a paid job. The fact is the OP has never had a security role, so they are trying to list everything security related that they've done, at work or not. My real issue is when people list that but can't talk about it, I've seen it even helping interview people for very high level security roles. "Oh I see you've done X, that's great, can you tell me about it?" "Oh, well I just sort of installed it at home, haven't really messed with it yet." In cases like that I'd rather you not list it, it might get you the interview but you'll annoy me when I find out you don't actually know what you listed at all.

What actual entry level roles have you been applying to? Analyst type work?

For commercial software, I had an issue with that too, but there are open source versions of a lot of things that you can play with. For a SIEM, try maybe OSSIM, the AlienVault free version? For entry level just be very familiar with what each of the tools actually do, you can learn the software by doing it. There are free versions of nessus and nexpose for vulv scanning, even OpenVAS is completely free. Even if you're going for a more Jr type role, I don't expect you to have SIEM experience, but if you can say, "I've monitored firewall logs, windows event logs, etc, I know a SIEM can pull them all together and draw correlations between it all and I'm really excited to get in front of one!" I'd be worlds more impressed by that answer than, "nah, haven't used one yet, they're expensive, can't get one at home".

TechGuru80 · December 2015

You can download Splunk for free and the basic functionality and many apps are available. I wish they had certification type books for it but at least they have some free videos.

wes allen · December 2015

Check out this talk and try to follow through with what she talks about - esp things like having a home lab, following people on twitter, etc. SOC isn't the only place to start, but Splunk experience, even in just a home lab might get you more interviews at least.

Hack the Hustle! - Eve Adams Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

si20 · December 2015

You wont be able to get access to HP's ArcSight anywhere, nor will you find any good tutorials online. I've been working with ArcSight for 2 years and I still feel like a complete newbie. It's very, very complex software (i'll be moving away from a security analyst role soon and I wont look back). ArcSight isn't a 'fun' tool to use. It can be extremely slow, the rules can be bad (depending on who creates the rules of course!!)

Having read your CV, you should EASILY be able to land at least a junior security analyst role. The problem is, the money isn't usually very good for junior security analysts. Most analysts learn SIEM tools on the job. I learned it on the job and like I say, I never want to see those tools again!

Keep searching, you've got very good experience for someone who is 26 (i'm 26 too!)

Segovia · December 2015

Lol I'm also 26!! 1989 FTW.

Just wondering, what was bad about the security analyst job? What are you moving toward now?

si20 · December 2015

I got offered a job as a digital forensic examiner. I'm just waiting for the contract to come through - but i've pretty much accepted it already. I've always wanted to get into forensics because in my opinion, it's 1000x more technical than a Security Analyst role. Security Analysts get bogged down with compliance and reports and it stops being fun after the first week. Check out this thread for information about security analysts.

Danielm7 · December 2015

Another example of how titles don't mean a ton. We have analysts in a SOC, they don't touch policy or compliance at all. They monitor alerts and escalate to an engineer as needed.

Segovia · December 2015

Read both of those threads. Sounds like a really toxic environment along with soul sucking work. I'm sure not all SOC jobs are like this but I am surprised at the amount of corroborating reports. I'm really happy you landed that forensics job haha

As for me I'm really entry level for now but I will keep this in mind as my career in security develops.

si20 · December 2015

Danielm7 wrote: »

Another example of how titles don't mean a ton. We have analysts in a SOC, they don't touch policy or compliance at all. They monitor alerts and escalate to an engineer as needed.

You tend to find the people doing 'catch and dispatch' and escalating it up the chain are the lower-paid folk (not always true, but has been in my experience). I'm more of a senior analyst, I deal with escalations - but to be honest, I very rarely deal with malware/hacks because the junior analysts and security analysts want to get their hands as dirty as possible. Hence why I get stuck with reports and rule tuning..

Segovia wrote: »

Read both of those threads. Sounds like a really toxic environment along with soul sucking work. I'm sure not all SOC jobs are like this but I am surprised at the amount of corroborating reports. I'm really happy you landed that forensics job haha

As for me I'm really entry level for now but I will keep this in mind as my career in security develops.

Thanks. I can't say that all SOC's are the same, but it's all too real. Just something to keep in mind. I'd never, ever go back to working in a SOC. No money you can pay me (even 100k) is good enough. I'm DONE! I just have to hope forensics will be a good career!

LionelTeo · December 2015

@TC, the first step is to get an idea of the candidates that is applying the same position as you. At that lower tier, you are commonly competing with analyst with a minimum CEH or 2 year experience in infosec, both kind of candidates can easily outshine you. Every candidate would be telling the interviewer that they are interested and keen, hence expressing interest verbally won't give you an edge.

Two work around, first one would be to go for multiple easier certs and bundle them up to sell yourself. CEH, SSCP, CCNA and ACE will slightly improve your resume. Another one would be to aim for a higher tier certs, GCIH/GISP are viable that makes your resume stands out.

TCincinnatiK · December 2015

thanks for the great advice

scaredoftests · December 2015

Relax, don't worry that 26 is too old. It isn't. Sometimes, getting into a job doing something else can help as well. That is how I attained most of experience and am a 'jack of all trades'. That way you don't paint yourself in a corner.

Robertf969 · December 2015

If you are interested in Audit PM me, we are always hiring. (you dont have to relocate)

andSo · December 2015

I would consider looking into the Army's cyber brigade (enlist or join as an officer - the latter a bit more unpredictable until you are selected for promotion to captain at the moment). We have a 3 year program that will train you alongside the three letter agencies. You will learn offensive and defensive cyber-security skills.

TCincinnatiK wrote: »

I've been a long time reader of this forum for a while the advice and knowledge offered here is extraordinary. Unfortunately I haven't been able to land a entry level security role for a couple of years. I have had a few interviews (even one internally) with no success.

I currently work for a mid size bank as a technical administrator for about 3,000 ATMS. I know I need to leave the role ASAP as it is a select field and doesn't help the resume much also I'm only getting older (26 now). My question to the forum is what would be the best way to improve my qualifications? I am highly motivated and very interested in security. I am also very confident in the fundamentals of security and networking. The problems I face is not having any experience with commercial software (SIEMS etc..) Is there anyway around this? Or cheap ways to to get familiar with software such as HP Arcsight?

Ive pasted my resume below so you have an idea of my background and if there is anything that can be improved with it.

thanks for any responses in advance.

OBJECTIVE
To secure a position in Information Security where my educational background and experience in information technology will provide positive results

Technical Skills:
TCP/IP Troubleshooting Computer Forensics (education)
Disk Encryption Incident Response
Active Directory Customer Helpdesk Support
Vulnerability testing (education) Network Design (education)
Router, Switch and Firewall Troubleshooting Kali Linux (education)
Python/Socket Programming (Currently learning) ServiceNow ticketing system
Projects:
• In-depth forensic report and analysis of hard drive image (education)

PROFESSIONAL EDUCATION/CERTIFICATIONS
A+, Network +, Security +, CCFE- Certified Computer Forensics Examiner

WORK EXPERIENCE
10/14 - Present: Technical Project Manager (company)
• Preform technical support for software or network related ATM outages
• Provide detail analysis and reports for ATM availability and performance
• Coordinate with Vendors to create and improve processes to increase ATM uptime
• Frequent communication with all levels of the organization including both technical and non-technical associates
• IBM Tivoli endpoint installation and troubleshooting for ATMs

10/12 -10/14 (company) Technical Support Specialist
• Help determine the cause and to troubleshoot network outages for financial institutes.
• Incident response through monitoring of internal infrastructure through HP Sitescope. Includes determining severity and escalating to the correct teams in a timely manner
• Assist Network Engineers in correcting or improving access control lists
• Assist Bank branches and technicians in troubleshooting network ATMS and their hardware

5/11 -8/12 (Intern) (company), Hardware and Software Support
• Promptly remedied requests for troubleshooting a wide variety of PC issues supported administrators through active directory
• Hardware deployment upgrades and enhancements to existing systems
• Software and hardware diagnosing and resolving technical problems in a multi-user environment
• Layer 1 networking support and implementation
• Implemented Full disk encryption on personal laptops (TrueCrypt)

EDUCATION
2013—In Progress-- Virginia Tech, Blacksburg, Virginia
Major: Masters of Information Technology
Blend of software and computer engineering with a in depth focus on network and security architectures

2008–2012 Bachelors of Science, Indiana Tech University
Major: Computer Security and Investigation; GPA 3.3
A comprehensive security and networking program that includes technical aspects of information security, forensics and network design. Simulated large scale networks and configured a defensive architecture using current defensive strategies.

yellowpad · December 2015

would you share more info on that? how easy or hard would that be to "join"? Prior military required?

andSo wrote: »

We have a 3 year program that will train you alongside the three letter agencies. You will learn offensive and defensive cyber-security skills.

andSo · December 2015

yellowpad wrote: »

would you share more info on that? how easy or hard would that be to "join"? Prior military required?

It's common knowledge, at least in my opinion, that military cyber professionals are not necessarily a "step-up" from their civilian counterparts in terms of skill. What we do to fix that problem is work together and train together. You will rotate in and out of assignments both in the US or outside of the US with or without agency support). In my opinion, this path is better facilitated by joining a military service academy, since you are groomed from Day 0, but not required for success (but it's easier to get an internship with those agencies while earning your degree at the academy). The academy path is the path of being a military officer.

The 3 year program is designed to make you a well-rounded cyber professional. There is also another program that focuses on "general" cyber training which affords you the same opportunities over the course of your career (this will be open like all current branches sometime in 2017). If you are able to complete the training and certifications, you will be utilized at the strategic level in most cases. The details are only available for those with DOD E-mail accounts; so I can't give you the specifics here or in person.

Way to get into this field:
1. Score minimum of 110 GT Score (aptitude test - it's a joke in my opinion) *required to be considered to be an officer or to work in most "cool" jobs
2. Be able to obtain and maintain a Top Secret/SCI (clearance) *References, we will use them as nodes and talk to those you didn't list LOL
3. Be able to pass polygraph *Each assignment you rotate into has their own procedures.

Notes: #3 If you pass the military procedures but fail the same "test" with an agency, your clearance will be suspended. DOD will follow-up with their own tests. If all is well, you will be re-examined by the agency. All goes well there, no problems. If DOD finds the results inconclusive or if they decide to stick with the agency's result of "inconclusive" - you lose your job and career. Be 100% honest. You'd be amazed at the history of your peers (drug use, etc.). Bear in mind that the polygraph doesn't detect deception; it only registers biological indicators. Also, it can be defeated - some will straight up ask you can you defeat it, but agencies have clever ways of detecting that at any rate.

I would talk to a recruiter; but don't be surprised if he or she is not knowledgeable on the new cyber command. It's a new program in the service and is currently being "stood up."

andSo · December 2015

yellowpad wrote: »

would you share more info on that? how easy or hard would that be to "join"? Prior military required?

I forgot to add:

If joining the service full-time is not for you, no problem. There are cyber-security related positions available for those qualified in other areas of the public sector (usajobs.gov). However, if you want to make that search easier (aka check the block with HR), join the National Guard or Army Reserve in military intelligence or signal and obtain your top secret/SCI clearance. That said, I recommend joining as an officer.

wayne_wonder · December 2015

si20 wrote: »

I got offered a job as a digital forensic examiner. I'm just waiting for the contract to come through - but i've pretty much accepted it already. I've always wanted to get into forensics because in my opinion, it's 1000x more technical than a Security Analyst role. Security Analysts get bogged down with compliance and reports and it stops being fun after the first week. Check out this thread for information about security analysts.

Congrats mate knew you'd get something in the end

wayne_wonder · December 2015

si20 wrote: »

You tend to find the people doing 'catch and dispatch' and escalating it up the chain are the lower-paid folk (not always true, but has been in my experience). I'm more of a senior analyst, I deal with escalations - but to be honest, I very rarely deal with malware/hacks because the junior analysts and security analysts want to get their hands as dirty as possible. Hence why I get stuck with reports and rule tuning..

Thanks. I can't say that all SOC's are the same, but it's all too real. Just something to keep in mind. I'd never, ever go back to working in a SOC. No money you can pay me (even 100k) is good enough. I'm DONE! I just have to hope forensics will be a good career!

LOL how long did you work in a SOC?

Trying and failing at making the leap into IT security

Comments