How to gain Security experience?

fabostrong

I'd like to get into the security side of IT. I haven't seen and I've been told that there aren't really any entry level security positions. I've heard that getting a network admin or system admin could set me up to go the security route. Even then, I can't get one of those jobs with no experience.

Currently I do desktop support/Imaging. I have A+, Server+, Mobility+, and all of the MTA certifications. I plan on getting Network+ next because it's already paid for by a school I signed up for. I plan on getting Security+ after.

What do you guys think would be the best way for me to get into a security related position or get any security experience? I was thinking of doing the Practical Network Defense and/or Penetration Testing Student course from eLearnSecurity also.

Any advice is greatly appreciated. Thanks!

beads

There is no direct path to a career in "Security". First you need to define what it is in security's 31 tasks you want to career in? The age of the generalist is passing quickly and generally makes you sound like your either trying to do too much or your rather naive about the career field.

Most people like yourself follow into InfoSec after a career in IT: Development, DBA or Infrastructure/Administration. Or you can try one of those four year degrees out of high school and tell your senior architects and security management we are doing it all wrong because you took a course in theory and know everything already.

The later is more akin to graduating from high school and jumping into an Ivy League MBA program and wondering why you fail with no business experience.

Nota Bene

Noticeably the biggest problem in InfoSec isn't the lack of technical talent but the lack of techs who can explain and communicate to ALL levels of an organization both in written and oral communication. In other words: you still need a four year degree with plenty of writing skills and some technical "skillz" as well.

This line left intentionally blank

- b/eads

Clm

I would say find out which part of Security you want to be in. Get the education for that domain and apply for those postions. Or you can just start applying for alot of entry level jobs. After the military I applied for hundreds of security jobs with in a month and both times i have done this i got a job

Remedymp

Some people will go through Corporate Security first before the infosec aspect of it all.

danny069

Go for your Security+ and then branch off into other IT Security related certs (depending on what you want to do of course, pen testing, auditing, etc.) Also a degree in IT Sec will only help you get in the door.

636-555-3226

http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html

markulous

I'd say labbing and joining local security groups to get hands-on experience will help a lot. Getting into sys admin/JOAT roles too will help because you'll be able to implement a lot of security practices.

EnderWiggin

Get some dark sunglasses, a tight t-shirt, and stand outside of a building with your arms crossed.

Wait, nevermind, that's the wrong way type of security.

UnixGuy

To answer it directly (and believe me I'm trying to find the answer myself)...is try your best to get an job in any security related field. You still need all sorts of technical background but to focus on getting security experience, the best bet is to actually get a job in any infosec area. How to convince an employer to take a chance on you? Do everything you can (certs, labs, degrees, ...etc).

fabostrong

Thanks guys. I think I'm gonna get the eJPT cert and then security+