Sufficiency

Tech333Tech333 Member Posts: 21 ■□□□□□□□□□
Are security certificates enough to land a job in cyber security? Is experience necessary? What about a computer science degree? I know you need programming experience so do degrees prove that , so are cyber security or computer science degrees better?

Comments

  • MrAgentMrAgent Member Posts: 1,309 ■■■■■■■■□□
    While certifications help, they aren't the only thing that is going to land you a job. Typically experience is necessary, but it is not always the case. I have seen places that will hire someone fresh out of school or with little experience and get them trained up.

    As far as the degrees, they really don't prove anything other than you can make a commitment and stick to it. Some people actually do learn along the way during a degree program, where others just squeak by to get that check mark done. However, if I were to do it all over again, I would done a BS in CompSci instead of IT sec. The CompSci would have given me a better foundation in programming, where as the IT sec degree taught me how to read and write policy. Luckily for me by the time I started college, I already had years of experience in addition to serving in the military.
  • aftereffectoraftereffector Member Posts: 525
    MrAgent hit the nail on the head. Certs are great, but they aren't going to get you a job. Conversely, though, if you don't have any certs, you will probably have a tough time getting a job. The same goes for a degree (to a lesser extent) - many jobs require a bachelor's, and if you don't have one, you will be placed behind all other candidates who do. However, just having a degree isn't going to land anyone a job automatically.

    If you have the choice, I definitely recommend getting a computer science degree. That is something I wish I had studied; I'm now having to learn many of the concepts that I could have learned through a structured course environment on my own. I chose to take the quicker route, and while it has not held me back, it also has not taught me much that I didn't already know from just a few years of work experience.

    I'll close with a case in point. My company has been actively trying to fill a couple of cybersecurity positions for some time now, but our pay bands are limited to the point where most qualified candidates are not interested. We would absolutely hire someone with no experience and at least a baseline certification as long as they had a clearance and met some other nonwaiverable prerequisites. The opportunities are out there, but if you don't have the minimum requirements (CISSP for this job, Security+ for that job, a bachelor's for this other job, etc), you won't even make it past HR. We are not legally able to employ someone on our contract if they don't have a certification.
    CCIE Security - this one might take a while...
  • Tech333Tech333 Member Posts: 21 ■□□□□□□□□□
    MrAgent hit the nail on the head. Certs are great, but they aren't going to get you a job. Conversely, though, if you don't have any certs, you will probably have a tough time getting a job. The same goes for a degree (to a lesser extent) - many jobs require a bachelor's, and if you don't have one, you will be placed behind all other candidates who do. However, just having a degree isn't going to land anyone a job automatically.

    If you have the choice, I definitely recommend getting a computer science degree. That is something I wish I had studied; I'm now having to learn many of the concepts that I could have learned through a structured course environment on my own. I chose to take the quicker route, and while it has not held me back, it also has not taught me much that I didn't already know from just a few years of work experience.

    I'll close with a case in point. My company has been actively trying to fill a couple of cybersecurity positions for some time now, but our pay bands are limited to the point where most qualified candidates are not interested. We would absolutely hire someone with no experience and at least a baseline certification as long as they had a clearance and met some other nonwaiverable prerequisites. The opportunities are out there, but if you don't have the minimum requirements (CISSP for this job, Security+ for that job, a bachelor's for this other job, etc), you won't even make it past HR. We are not legally able to employ someone on our contract if they don't have a certification.

    What does your company require? And what are these prerequisites?
  • Tech333Tech333 Member Posts: 21 ■□□□□□□□□□
    @afterffactor also would your company expect applicants to have shown an interest by playing around experimenting with programming etc or would a qualification and clearing equate to a job offer?
  • Tech333Tech333 Member Posts: 21 ■□□□□□□□□□
    Also would you say meeting the requirements equate to a job offer in your company? Would you be expected to show interests by doing stuff in tour spare time?
  • aftereffectoraftereffector Member Posts: 525
    I can't send you a PM, so I will summarize generically... for what we do, the only ironclad requirements are 1) DoD Secret clearance, and 2) 8570-compliant certification (usually Security+ although there are a few others). I can't speak for other contracts, but I imagine we aren't the only ones.

    As far as what we look for in candidates, yes, if we see an indication that a candidate is learning the technologies on their own by reading, labbing, getting additional certifications, and so on, it looks really good. We don't see a lot of those candidates at our price point, unfortunately :)
    CCIE Security - this one might take a while...
  • Tech333Tech333 Member Posts: 21 ■□□□□□□□□□
    I can't send you a PM, so I will summarize generically... for what we do, the only ironclad requirements are 1) DoD Secret clearance, and 2) 8570-compliant certification (usually Security+ although there are a few others). I can't speak for other contracts, but I imagine we aren't the only ones.

    As far as what we look for in candidates, yes, if we see an indication that a candidate is learning the technologies on their own by reading, labbing, getting additional certifications, and so on, it looks really good. We don't see a lot of those candidates at our price point, unfortunately :)

    Ahhhh would you need experience beforehand to get a CEH or as one with nothing at all is that too high up the ladder?
  • Tech333Tech333 Member Posts: 21 ■□□□□□□□□□
    If I got a degree in computer science along with the required certificates, and did outside programming projects such as contributing on github would that look really good? Do most candidates have degrees?
  • Tech333Tech333 Member Posts: 21 ■□□□□□□□□□
    Do the applicants who don't read around the subject but just pass the qualifications get the job due to a shortage or do they get rejected due to an absence of skill?
  • Tech333Tech333 Member Posts: 21 ■□□□□□□□□□
    My question is could I literally do a 5 day training course and nothing else but still just get the job?
  • SlythSlyth Member Posts: 58 ■■■□□□□□□□
    I do agree with MrAgent, but on the other hand it really depends on the school you go to and what classes they teach. I have my BS in Cyber Security & Forensics, some of the classes i took near the end of my degree are just above the level of CEH & the policy and management side of sec. BTW MrAgent im on the 3/12/16 start date for OSCP is that IRC channel you setup still open?
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■□□□□□
    MrAgent wrote: »
    While certifications help, they aren't the only thing that is going to land you a job. Typically experience is necessary, but it is not always the case. I have seen places that will hire someone fresh out of school or with little experience and get them trained up.

    As far as the degrees, they really don't prove anything other than you can make a commitment and stick to it. Some people actually do learn along the way during a degree program, where others just squeak by to get that check mark done. However, if I were to do it all over again, I would done a BS in CompSci instead of IT sec. The CompSci would have given me a better foundation in programming, where as the IT sec degree taught me how to read and write policy. Luckily for me by the time I started college, I already had years of experience in addition to serving in the military.
    Agreed about experience in that it depends. With the large shortage of qualified people in the workforce, I think the amount of companies just sucking it up and being willing to train will happen more and more.

    In the end, a lot of degrees will cover a wide variety of topics...some of which you will not use at all, or use immediately. Additionally interests will change and you will evolve as a professional. The commitment piece is one of many that degrees serve. Communication skills (both verbal and written), the ability to present, and many others exist but it will depend on the school....obviously you might not get some of the soft skills at an online only college.

    Ultimately, the goal is to get that first job and then keep progressing. Certifications can help show you have a baseline of knowledge but if you look at a lot of higher level certifications...answers can draw on your experience because not everything can be stated in a book.
  • MrAgentMrAgent Member Posts: 1,309 ■■■■■■■■□□
    Slyth wrote: »
    I do agree with MrAgent, but on the other hand it really depends on the school you go to and what classes they teach. I have my BS in Cyber Security & Forensics, some of the classes i took near the end of my degree are just above the level of CEH & the policy and management side of sec. BTW MrAgent im on the 3/12/16 start date for OSCP is that IRC channel you setup still open?

    Yes it is still open.
    irc.osswg.com #oscp
  • mokazmokaz Member Posts: 172
    Tech333 wrote: »
    Are security certificates enough to land a job in cyber security? Is experience necessary? What about a computer science degree? I know you need programming experience so do degrees prove that , so are cyber security or computer science degrees better?

    Honestly i think infosec is a hard field to get in, sometimes i even wonder if its a "cool" field indeed.. although, i do like it and i'm very interested into it.. So to sum up, I've been a data center infrastructures technical consultant for many years, from the Novell days to the zindows early BSODs and on and on. I've tried since two to tree years to switch to a security focused position, though clearly on the techy side --> that has proven for me to be very hard, always had the "well, we can see you're dedicated to the cause but you can't show any experience is it?".. So really i think it's always a very "age" related question, by which I mean a young dude would have its chances without experience, for an older fella things might be a little more complex..

    Though, specifically i think certs like the OSCP clearly makes you stand out, it kinda show that if given something you're hungry for, you'll eat it.. I bet sometimes as well a CISSP helps but let me be clear here as well, there are a crap load of folks that'll ask you questions while interviewing you for a job that don't even barely understands what this or that certification means on a personal level (time & dedication). They simply don't understand it, it's out of reach for them, so do not expect them to respect it.. Which in turns clearly also let you know pretty rapidly where you should go and where you shouldn't...

    As well, with the years going by, I tend to have the feeling that the IT field has taken aboard a ridiculous amount of IT clueless people.. They just don't want to understand it, they want it to work period..

    So usually they're looking for a teenager (salary wise) with 50 years of experience (duties wise) and that is the challenge to tackle in an interview hehe

    My two cents =)
Sign In or Register to comment.