Looking for Direction

Targetcaller

Hello all, I am a new member to this forum and in search of guidance. For the past several weeks I have been scanning the internet and various resources to try and find the best method to get into the cyber sec field. I have not found too many cut and dry answers so here I am asking the forum:). A little about me, I own and manage a business (its not in the IT field) but am looking to pursue a career in cyber sec. I dont have any formal IT experience but am pretty good with computers. My first introduction to the thought of cyber security was some severe ddosing I was on the receiving end of, over a video game when I was younger. I was self taught and learned how to reset IP's and set up proxies and eventually I was doing it for a guild of around 1000 members in-game. It was very basic but I enjoyed it and am looking to see if I have a future in the field. I had a 4.1 GPA in high school and was taking college classes at the same time but got burnt out and never pursued a degree. At this point I would like to only take college classes directly related to IT. I want to stay away from the art classes and history classes that have nothing to do with the field. I am not sure where to start this journey whether it is EC-council or formal college classes. Any help would be appreciated! Thanks all

Targetcaller

TheFORCE

WGU would be your best bet if you only want IT related courses plus you get the certs that you want, some being EC council certs.

Online IT Security Degree | Information Security Degree | WGU College of Information Technology

Danielm7

At this point I would like to only take college classes directly related to IT. I want to stay away from the art classes and history classes that have nothing to do with the field.

That will probably rule out getting a full BS degree anywhere. With that said, with no education, certs or experience it's not going to be an easy path into security. I know there are some very entry level security roles, I also know a company that hires for them and they recruit straight out of college for people with sec related degrees and train them to be analysts. Typically a security role is a specialty and you don't typically get into a specialty without going through the general work first.

I'm surprised you're not finding any results on searching for this, it's probably the most common question on forums like this one and reddit at least weekly. But, I'll take a stab at it.

I know not everyone has this same line of thinking, but I believe you need to know about specific technologies before you can secure them properly. I'll give you an example from just yesterday at my job. I had to help setup a system for secure file transfer outside of the company. To do this I needed to know enough networking to understand the traffic flow, ports that needed to be open and the other restrictions involved. I also needed to know enough about the host OS to make sure that it wasn't wide open when people are able to access it. I needed to know enough about email to make it talk to the email server successfully. Enough about active directory to make user lookups and authentication work properly. I could go on but I'm sure you understand where I'm going with this.

There are a few ways to go about this, you can go for the generalist approach of picking up the A+/Network+/Security+ and try to get a front line support job. From there you'll be studying constantly and trying to get more responsibilities at work or applying to other jobs trying to move up. Once you end up in the systems admin / network admin type role you should have a solid background in enough things that moving over to security should be a lot easier but you'll need to be able to skew your resume to the security related tasks you've done in the past.

Another way is to figure out what you want to do in security, it's actually a really wide field and most people going into say "I want to be in security!" with no real direction about where or why outside of "I wanna be a hacker!" or "I hear there is negative unemployment!" neither of which are really great reasons unless you actually know how to hack things and accept that a fair bit of your job is also going to be writing documentation about it. But, if you narrow down what you really want to do, whether it's defensive/blue team type work, network security, forensics, penetration testing, application security, risk/governance type work, etc. Then make a plan to get specifically there.

Note, in the 2nd option, you'll need a good combo of skill and luck to bypass all the background in other IT and being "pretty good with computers" isn't going to carry a lot of weight. But, if for example you said, "all I want in life is to be a penetration tester!" Well, you can study specific things, but understand that a general background is going to help A LOT because you're going to want to know what a proper configuration looks like before you can know what an open one looks that you can take advantage of. But, in that same example. You could start building up a home lab, maybe pick up the security+ cert for general overview in security. Then working towards specifics and ultimately end up with something like the OSCP certification which doesn't make you a pro but if you get in front of a hiring manager you should be able to sell yourself well enough to explain that you can start at a Jr level and advance from there.

Also, networking (with people, not cables) is going to be your biggest advantage to finding a job. In 2016 "who you know" is still very, very important. Join local meetup groups and other security related organizations and get to know people. If some hiring manager sees 100 resumes for a role and one has no IT background or education it likely won't even get looked at. If his coworker hands him one and says, this guy doesn't have an IT background but I know him through X and he's a decent guy with a lot of drive and I think he'd really fit in well here and I think we should give him a shot... that will get you an interview a lot quicker.

Danielm7

TheFORCE wrote: »

WGU would be your best bet if you only want IT related courses plus you get the certs that you want, some being EC council certs.

Online IT Security Degree | Information Security Degree | WGU College of Information Technology

The OP would have to take all the general ed classes at WGU too.

TheFORCE

Right, but that would be the closest thing that he can go for. There isnt such a program, i dont think so, that has purely just tech. That would be the certification path, but he would still be lacking with no degree.

Targetcaller

Thank you so much for your detailed reply. My main interest would be a white hat penetration tester as I have always loved to break into things just to prove I could. I gained access to a few buddies Netflix accounts, Emails and Facebook accounts on a few bets just for fun. I enjoyed the process of doing it then explaining how I managed to get in.

WGU looks like a great place to begin this journey. Is B.S. Information Technology—Security what I should try to pursue for these goals? I just read on WGU's website that WGU is a competency based college. I understand that means you can test out of classes based on your prior knowledge. I have no prior knowledge (basically) and would be starting from scratch, so I want to double check that this is the best starting point. Also is an AA or AS required to apply for a BS with WGU?

As far as networking with people goes, it would be my strongest talent. I have no issues getting into an employers office and successfully selling myself. I clean up well and am far better spoken than I am typed :P.

My goal is to take schooling of some sort, somewhere that will get my foot in the door of the field. After that I can pursue any degree at any time. I am just struggling to start out because I am slightly lost on where to take the first step. Thank you so much for your time. As a busy professional I really appreciate you taking the time out of your day, to help a stranger who doesn't know his ass from a hot rock in a field you have such a great grasp of.