Age 50 retiring as Military Pilot, TS/SCI - NEWBIE to Computer Securiy

billDFW · April 2016

Hello Folks

I will be retiring in four years (year 2020) from the military, as an Aircraft Pilot, at the rank of Lt. Col. I have a BA degree and some graduate credits towards an MBA (not finished). I also speak fluent Spanish. I will have an active/current Top Secret/SCI security clearance when I retire. While I will have my pension, I want to pursue new challenges, and have always had a computer geek lurking inside me.

I live in Dallas, TX.

Questions/Comments:

1. I do not wish to seek a flying job in retirement. The wife wants dad home (for the most part), especially in light of the always-gone military life. Flying job=gone. I indeed may buy a Cessna and fly on the weekends, with my kids. When I retire in 4, kids will be 11 and 13 (early adolescents) and in the "Dad needs to be around" phase.

2. In my "next chapter" (what comes next, when I retire) research, it is plainly obvious that computer security indeed is and will be the hot career field. Additional research has caused me to conclude that arguably the best entry-level certificates are Security A+ and Network A+, which I plan to get. Comments/critique wanted. School, provider, for the Security A+ ? Any one in particular look better on the resume ?

3. What are some things I can do, between now, and year 2020, so that when I walk out the door of the military, I am employable ? Please note that due to various ethics rules, etc, I cannot work at a second job or in a paid position outside of the military, obviously until I retire.

4. What would a (some call it a high-school diploma of security) Security A+ guy earn, annually, at an entry level job ?

5. What networking, etc can I do ? Join the local ISSA Chapter ?

6. (Possibly silly question) do any entry-level work from home jobs exist in this field ?

Advice, comments, etc are appreciated.

Thank you

636-555-3226 · April 2016

2 - I generally self-promote my thread at http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html

3 - Study up. Certs are good, structured ways to study and verify your knowledge of the material (as long as you study to learn the material and not just pass the test, which some people do). Download Splunk, Nessus, and other free security tools. learn to use them. work on basic Linux/Unix skills.

4 - Entry-level security job? Totally depends on the work and geographic location. Unfortunately for you, there really aren't entry-level security jobs as usually security people need to be well-rounded and very knowledgeable about a lot of IT areas. That said, demand far outstrips supply, so people by me are snatching up everybody remotely interested in security and training them up, so there is opportunity there. If I was hiring someone right of college for an analyst 1 position (something i don't generally recommend), I might target around 40k. better than help-desk salary, but hard to get more if you can't do more. A good, experienced analyst in my area can expect 100k for a large company. manager roles don't even get experienced infosec mgrs applying unless they're 150k+

5 - ISSA is good. local ISACA or isc2 chapter. look on linkedin for local IT groups that meet up every once in awhile. don't just focus on security groups since even local general IT groups still touch on security and there's more of them out there.

6 - consultant jobs, yes. but none entry-level that i've seen. i suppose there's a chance there's work-from-home log analysts or something. the technology is there at least, but i don't see it in my region.

hope it helps

thomas_ · April 2016

I would definitely recommend Security+ at a minimum especially if you are trying to get a job at a defense contractor. The other thing I recommend is getting a job that uses your clearance when you get out, even if it isn't your ideal job. Your clearance and a few of the entry level certs would be a good way to get your foot in the door and then you can work your way towards your ideal job. Maybe even pick up a programming language? 4 years seems like a pretty good chunk of time to get good at one if you stay consistent at practicing.

TechGuru80 · April 2016

First, are you going to be 50 when you retire or are you 50 now? Also, what age do you plan to work until? In the grand scheme of things people usually never start in InfoSec, they usually start somewhere in IT and move over as they progress. If say you are only going to work 10 years you don't want to go the long way. Something like information assurance might be a good path because not everything will be completely new. Also consider the pay...entry level InfoSec is around $45-60k depending on what you are doing...some help desk type positions are maybe $30-40k...so decide if you can actually be motivated with that pay even with your retirement checks. Last, remote jobs are usually only for more senior levels and if you plan on using that clearance it obviously won't be an option.

billDFW · April 2016

@=TechGuru80

Hello TechGuru80

I will be age 50 when I retire. I am age 46 now. I plan to work full-time until age 65, and then either go part-time or fully retire.

Thank You

dmoore44 · April 2016

Which branch are you serving in? Given that you state you're in DFW, I'm guessing you're either Air Force or Navy (reservist?).

Anyway, if you're USAF, you might try volunteering to be, or getting to know, your squadron COMPUSEC/INFOSEC/OPSEC monitor. That won't get you any hands on experience, but it will get you working with the proper security nomenclature... I'm not sure if there's an equivalent in the Navy.

Where in the DFW area are you? If you're closer to Richardson/Addison/Plano/Frisco, I can point you in the direction of some solid meetups that should help you get introduced to the filed.

What sort of PME opportunities do you have available? I'm sure with 4 years remaining, you wouldn't be able to get them to pay for a graduate degree without committing further time... But perhaps there's an education program you can go through without incurring more time? Perhaps something like Carnegie Mellon's CISO certificate or one of MIT's executive certificates?

Beyond that, check out some of the free resources on the web: Cybrary, SecurityTube, and FedVTE are all pretty valuable resources. You can also check out paid places like Udemy, PluralSight, and CBTNuggets. Also, if I recall correctly, you can get free access to Lynda.com when you register yourself as a veteran on LinkedIn.

billDFW · April 2016

Thank you sir. I live near Flower Mound (public internet...)

Appreciate the pointers to any clubs/etc.

OctalDump · April 2016

4 years of part time study? Yeah, I think you'll be able to hit the ground running.

A+/Net+/Sec+ as a kind of ground level. That might take you 3 months or 12 months part time (depending where your skills are now, how much time you can spend, how much you like it

). Then you'll probably want a little Linux (linuxacademy), Windows and a little networking (Cisco CCNA R+S, CCNA Security). That might be another 12 months part time, more or less.

This is also the time to consider whether you want to do a Master's or another degree. I'd say you want to get a taste of things before you make any commitment like that, and also get your skills up a bit so you aren't struggling.

Then you should be quite ready to sink your teeth into some of the Info Sec tools - basically step 3 of 636-555-3226's post. Splunk, Nessus, Kali. eLearnSecurity and Offensive Security both have 'hands on' online courses.

Somewhere along the line, learn some Python. It is practical both for security, automation etc, but also gives you insight into programming fundamentals.

I'd also add to the recommendations to reach out to people working in the field in whatever ways you can. Getting on people's radar, and finding people to help you along the way, networking and building relationships, will make a big difference once you are ready for work and when you are actually working.

There's a huge amount of resources out there, books, online, free and paid. If you have the downtime to study, you can cram it in nearly anywhere (eating lunch, during the commute, first thing in the morning, late at night, driving).

dmoore44 · April 2016

Here's another online resource that might be valuable: Syracuse University's IVMF - lots of free training for both Vets and Spouses.

As far as meetups go, here's a few that you might find useful:
Dallas Cyber Security Group
Dallas Hackers Association
OWASP Dallas
DFW Pythoneers
NISAG Dallas

CCNTrainee · April 2016

On your way to becoming a retired Lt Col, surprise you don't go the route of being a GS like majority of my officer associates. I am a contractor at an agency, where all the official GS positions are nothing but management billets. Would be a shoe in for someone with your type of networking, unless you really want to start at the frontlines and do the grunt work like us contracted analyst. Lol Thou maybe you are looking to start your own business and want to get some experience being on the "field" first. Not trying to offend but for a retired O-5, sounds kind of backwards to work on the floor and skip out on the management/ops side of things or starting your own business. Good luck with the searching and follow up career.

TomkoTech · April 2016

I would work towards the CISSP if I were you. Whatever path helps you achieve those credentials in 4 years. If you know enough you can skip the whole A+ to Net+ but obviously if you need to learn the materials by all means do those along the way.

If you can attain your CISSP(associate) by the time you get out it shouldn't be too difficult to find a job in the $70k-90k range just about anywhere in the country.

Couple that with a TS, and if you by chance have 30% or more in SC disability(anything from knee instability to hearing loss) you could even consider starting your own IT consulting firm and land a gov't contract fairly easily.

The company I work for does IaaS and Managed IT for clients all across the country. One of our clients started out as a small 2 man operation, 2 years in he landed a gov't contract(for Intrusion Detection Sustainment support contract) based on his being a verified service disabled veteran owned business and is now employing just under 150 people.

joshmadakor · April 2016

TomkoTech wrote: »

I would work towards the CISSP if I were you. Whatever path helps you achieve those credentials in 4 years. If you know enough you can skip the whole A+ to Net+ but obviously if you need to learn the materials by all means do those along the way.

If you can attain your CISSP(associate) by the time you get out it shouldn't be too difficult to find a job in the $70k-90k range just about anywhere in the country.

Couple that with a TS, and if you by chance have 30% or more in SC disability(anything from knee instability to hearing loss) you could even consider starting your own IT consulting firm and land a gov't contract fairly easily.

The company I work for does IaaS and Managed IT for clients all across the country. One of our clients started out as a small 2 man operation, 2 years in he landed a gov't contract(for Intrusion Detection Sustainment support contract) based on his being a verified service disabled veteran owned business and is now employing just under 150 people.

I feel bad telling people to get CISSP. For someone new-ish, it can take a few months to get and it's very shallow; it doesn't really teach you anything concrete. However, HR loves it and it will get you IAT lvl3. If I were you, I would probably get certs to cover IAT levels 1 through 3, and then start doing Cisco (CCENT --> CCNA --> CCNA:Sec)

TomkoTech · April 2016

joshmadakor wrote: »

I feel bad telling people to get CISSP. For someone new-ish, it can take a few months to get and it's very shallow; it doesn't really teach you anything concrete. However, HR loves it and it will get you IAT lvl3. If I were you, I would probably get certs to cover IAT levels 1 through 3, and then start doing Cisco (CCENT --> CCNA --> CCNA:Sec)

I wasn't suggesting he skip anything from entry level up. Just that the end goal be CISSP in 4 years. Work towards it by doing whatever training/courses he needs. Be that A+>Net+>CCNA. 4 years for someone who has the passion, determination, and intelligence to have served 20+ years in the military should be more than ample time to prepare for the CISSP.

joshmadakor · April 2016

TomkoTech wrote: »

I wasn't suggesting he skip anything from entry level up. Just that the end goal be CISSP in 4 years. Work towards it by doing whatever training/courses he needs. Be that A+>Net+>CCNA. 4 years for someone who has the passion, determination, and intelligence to have served 20+ years in the military should be more than ample time to prepare for the CISSP.

You're totally right! I was just saying CISSP is a weird cert to me, so I feel uneasy recommending it

TomkoTech · April 2016

joshmadakor wrote: »

You're totally right! I was just saying CISSP is a weird cert to me, so I feel uneasy recommending it

I agree. However it seems to be THE cert that security contracts/high level positions look for.

ArabianKnight · April 2016

TechGuru80 wrote: »

First, are you going to be 50 when you retire or are you 50 now? Also, what age do you plan to work until? In the grand scheme of things people usually never start in InfoSec, they usually start somewhere in IT and move over as they progress. If say you are only going to work 10 years you don't want to go the long way. Something like information assurance might be a good path because not everything will be completely new. Also consider the pay...entry level InfoSec is around $45-60k depending on what you are doing...some help desk type positions are maybe $30-40k...so decide if you can actually be motivated with that pay even with your retirement checks. Last, remote jobs are usually only for more senior levels and if you plan on using that clearance it obviously won't be an option.

....unless you are Hillary...lol

aftereffector · April 2016

I would definitely recommend targeting an IAT Level III certification such as CISSP. You have four years, so it's a very attainable goal. I would recommend starting with Network+ or Security+ (N+ if you need a baseline understanding of how LANs work, the difference between a switch and a hub and a router, and so on), though you could just get a book for the Net+ and not pay the money for the test. I wouldn't bother with A+.

Start with Security+ and/or Net+, then pursue some kind of vendor-specific certification or specialization. If you like servers, go for a Microsoft exam; if you like Linux, the Linux+ or Red Hat Certified System Administrator (RHCSA) are good; if you like pen testing, try the CEH; if you like networking, go for CCENT and/or CCNA. With one or more of these certifications, when you go for your CISSP, you will have a base of knowledge in that specialty which will help you prepare for the multidomain test - and it also looks good to an employer (for instance, I can highlight that I have a CCNA Route/Switch and CCNA Security and I am interested in network security technologies and solutions).

I have no idea what the defense contracting IT market is in Dallas. I know Fort Hood has a lot of openings all the time, but you probably won't want to commute all the way down there. There is a significant IT market in Dallas, though, so I'm sure you will be able to land on your feet, especially with the soft skills you have built up over the past years as a military officer. If you want to leverage that TS/SCI, I'd recommend checking out clearancejobs.com - I've gotten some leads from that site, and I know several coworkers who became employed from there. It's sort of the indeed.com of contracting jobs.

billDFW · April 2016

All great points. Other sites in the "How to start a Cyber Career" type articles all basically say to get A+ Networking and A+ Security and then start "learning the ropes" with basic computer networking, etc stuff.

If you feel I would be better suited to push the pedal down and go direct CISSP, then I will. According this this article, Price Waterhouse is hiring first, then training later:

https://theconsultantlounge.com/2016/01/pwc-to-hire-1000-cybersecurity-consultants-in-2016/

TomkoTech · April 2016

billDFW wrote: »

If you feel I would be better suited to push the pedal down and go direct CISSP, then I will.

CISSP should be the end goal in 4 years. Based on your current level of knowledge you need to determine how to get there. Starting with the A+, Net+, and then Security+ is a solid plan to gain a fundamental understanding of the basics.

billDFW · April 2016

TomkoTech wrote: »

CISSP should be the end goal in 4 years. Based on your current level of knowledge you need to determine how to get there. Starting with the A+, Net+, and then Security+ is a solid plan to gain a fundamental understanding of the basics.

Thank you great post. Thank you

FlyOnTheWall · April 2016

TomkoTech wrote: »

CISSP should be the end goal in 4 years. Based on your current level of knowledge you need to determine how to get there. Starting with the A+, Net+, and then Security+ is a solid plan to gain a fundamental understanding of the basics.

I agree with this post. I'm not very experienced though, so take what I say with a grain of salt

. Some have suggested skipping the A+ and just going to Net+ & Security+, though if you don't have IT experience, I definitely suggest getting the A+ also as it will help provide you a wider base of knowledge and a stronger foundation to build off of. So yes, I'm basically only echoing what Tomko said

. Best of luck to you.

TheFORCE · April 2016

4 years is a long time, you can do so much in 4 years so that by the time you retire you can have a solid IT career already.
Being in the military you could probably ask your IT guys to give your some of their books or spare things to play with. So far what has been mentioned is a good path for you, A+, Net+, Sec+, you can get these within the next 1.5 years. Your next step would be to tackle one of the Microsoft certifications like the MCSA. This will give you tremendous amount of software knowledge and make you more marketable. Lets say you can get those 4 certifications within 2.5 years. That gives you another half a year of volunteer experience at your IT department of your base where you can get hands on experience. I'm assuming that during all this 4 years your IT guys allow you to enter their area and play around with some stuff. Even if they do not, you can always spin up some VM's and practice on your own.

At the end the certificates and your experience will allow you to gain a junior administrator position with ease. Just make it a plan.

billDFW · April 2016

Awesome thank you guys.

TomkoTech · April 2016

I've been out of the military for about 18 years, but if they are still using Banyan VINES ignore THeFORCE's suggestion of volunteering there lol. That **** was a nightmare.

TranceSoulBrother · April 2016

TheFORCE wrote: »

4 years is a long time, you can do so much in 4 years so that by the time you retire you can have a solid IT career already.
Being in the military you could probably ask your IT guys to give your some of their books or spare things to play with. So far what has been mentioned is a good path for you, A+, Net+, Sec+, you can get these within the next 1.5 years. Your next step would be to tackle one of the Microsoft certifications like the MCSA. This will give you tremendous amount of software knowledge and make you more marketable. Lets say you can get those 4 certifications within 2.5 years. That gives you another half a year of volunteer experience at your IT department of your base where you can get hands on experience. I'm assuming that during all this 4 years your IT guys allow you to enter their area and play around with some stuff. Even if they do not, you can always spin up some VM's and practice on your own.

At the end the certificates and your experience will allow you to gain a junior administrator position with ease. Just make it a plan.

Unless you're deployed somewhere where the FOB has a small tech support desk with their spare stacks for training, no base "IT department" will let you waltz in, "volunteer" to help and gain experience. DOIM has service contracts for IT support and since most of them might deal with SIPRnet, you have to mind the security and need to be there.
I would personally advice to browse these forums or the net to learn what hardware can you buy to set up your small home server to obtain MCSE, router/switch kit for CCNA or whatever.
Eventually, I think that you will need most of that to know what you're talking about when hired for a position. I don't think anyone will want to hire a 50 year employee/retired military for grunt work. You should capitalize on past leadership performance/experience.
My 0.2c.

TheFORCE · April 2016

My advice on this forum is free just like anyone elses. Not being able to volunteer at the base does not mean he should not approach the people there and get recommendations as well. Besides I mentioned other things he can do to get experience in the next 4 years.
If you dont ask, no one will offer to help you. I'm not saying he will go into the IT department and they will give him the keys, relax.

tpatt100 · April 2016

I think you will have a pretty good chance of securing work by the time you get out in four years if you can figure out a plan of study that you can stick to and achieve before you get out.

As somebody that used to be a government contractor the security clearance is a huge advantage and can open a lot of doors for you. Some positions might even let some experience requirements slide if you can show that you put a lot of effort into self study.

billDFW · April 2016

tpatt100 wrote: »

I think you will have a pretty good chance of securing work by the time you get out in four years if you can figure out a plan of study that you can stick to and achieve before you get out.

As somebody that used to be a government contractor the security clearance is a huge advantage and can open a lot of doors for you. Some positions might even let some experience requirements slide if you can show that you put a lot of effort into self study.

This is what I am hoping. TS clearance, great work ethic/attitude, willingness to listen and learn, and entry-level certs with not a huge amount of experience. Maybe I will get some positive feedback, at job application time.