Advice on getting into INFOSEC

egrizzly

I'd like to get into Information Security. Wether as a Network Security Engineer or as a Security Analyst. Currently I have an Associates Degree in Electronics, 10 years in helpdesk, and certified as a CCNA, CCNP. ok, actually, I'm about to graduate with a Bachelors in Information Systems come December of this year.

I'd certainly like some pointers on the best moves to make that will get me into Information Security (either as network security engineer or security analyst).

Danielm7

You have a CCNP and are planning on having a CCIE within the next few months and you work in helpdesk still? Be prepared to answer that question as to why.

As for security, looking at the two possible paths you mentioned, networking knowledge helps a lot but you'll need more than that. What do you do in your current job that would line up with either one of those roles? Any kind of analytics? Incident response? Do you deal with AV? Firewalls? IPS/IDS? etc. If you tell us what you actually do now at your job it'll help everyone point you in the right direction you need to go. Even if you don't do any of those things at work, do you have a home lab and do anything security related there?

636-555-3226

Agree with Danielm7 - a CCIE with 10 years help desk experience is very strange to me. I'd be curious as to whether it's all book smarts & if you're missing the real-world skillset.

Need to identify what part of the infosec realm you want to do. i assume networking security, so that'd be networking security/lockdown, network forensics, IPS, possibly web filtering, network DLP, etc. there are multiple other infosec paths. browse through https://www.sans.org/courses/ to get some ideas of possible paths

danny069

You should apply for a job so you can apply what you've learned. Helpdesk is just to gain some experience then move on. Finish your CCIE then look towards CCIE Security.

volfkhat

Time-out guys.
He said "10 years in Helpdesk";
but that doesn't mean he's resetting passwords all day.

But even if he were....
there's nothing wrong with earning a ccnp/ccie based purely on "book smarts".
It demonstartes that he grasps the theory.

Both exams have a legit hands-on/lab component; pretty hard to "****" your way through that.


Now, as for pointers... beats me; i'm not in infosec.
But i would probably browse through indeed/etc and read the requirements of positions you like.
There's probably a common secuirty certification that you can identify; go get it (can help you meet the minimum qualifications).

NetworkNewb

It would be a little awkward for a CCIE to be working help desk (if it were a low level one)... I mean you would have to question "Why hasn't his company used this amazing resource and promoted him and kept him doing remedial work?" or "Why hasn't this guy tried to make an advancement his current job or another place?".

I'm going to guess his job isn't low level right now though.

But as far as info sec. Here is a thread with info on how to get a free book that is supposed to give good advice on how to get into Info Security. http://www.techexams.net/forums/jobs-degrees/121665-new-peerlyst-ebook-starting-career-security.html

I received the book, have not gone through it yet though, so can't comment on how great it is yet.

markulous

I'm curious what your experience is at the help desk. 10 years is a while, but if you've moved up the ladder and touch servers, routers, switches, firewalls, etc. then you're in good shape.

DatabaseHead

I always see networking or system skills being a good entry way into security. What about data or programming? I rarely seen that entrance being talked about, maybe for good reason?

markulous

Programming is a good way to get into Security also. Application security is a big aspect of it all. If you know how to code and understand secure programming, you're gold.

egrizzly

NetworkNewb wrote: »

It would be a little awkward for a CCIE to be working help desk (if it were a low level one)... I mean you would have to question "Why hasn't his company used this amazing resource and promoted him and kept him doing remedial work?" or "Why hasn't this guy tried to make an advancement his current job or another place?".

I'm going to guess his job isn't low level right now though.

But as far as info sec. Here is a thread with info on how to get a free book that is supposed to give good advice on how to get into Info Security. http://www.techexams.net/forums/jobs-degrees/121665-new-peerlyst-ebook-starting-career-security.html

I received the book, have not gone through it yet though, so can't comment on how great it is yet.

Thanks dude. I'll check out the book.

egrizzly

...just following up to show gratitude for all the responses so far.

beads

Don't get too hung up on titles as they are fairly meaningless. Titles such as: Specialist, analyst, engineer, architect, professional and associated sub-categories all mean the same thing at the end of the day - analyst. Which is what are - analysts. The other buzzwords truly belong to other professions and trade organizations though surprisingly no on has declared us to be security physicians or lawyers yet but we're working on those takeovers as well.

Jump on the security gravy train with biscuit wheels!

- b/eads

NOC-Ninja

Find a better job to get out of your help desk. Although, theres a guy here that passed cissp and got into security. Maybe that short cut will work for you. infosec is huge. You have the cisco implementation team, forensic team, pen test team, policy maker, physical sec, and etc. Which one do you want to work on?

Also, i see you pass ccie. which CCIE is this? Is it CCIE wireless since it says W?
How come you are not working as a network analyst or network engineer? How come you are not deploying technologies?

beads

CCIE-W(ritten)? Really not uncommon. I have meet a few people who passed the written but nowhere near ready for the lab.

- b/eads

egrizzly

NOC-Ninja wrote: »

Find a better job to get out of your help desk. Although, theres a guy here that passed cissp and got into security. Maybe that short cut will work for you. infosec is huge. You have the cisco implementation team, forensic team, pen test team, policy maker, physical sec, and etc. Which one do you want to work on?

Also, i see you pass ccie. which CCIE is this? Is it CCIE wireless since it says W?
How come you are not working as a network analyst or network engineer? How come you are not deploying technologies?

I actually planned on working on my CCIE-written till my Bachelors degree (BS Information Systems) took priority. I'll be graduating December 2016. the hard core Java programming and 12 hours/semester left little room for the original plans for CCIE

McxRisley

If you want to get into InfoSec the first thing you need to do is pass the CompTIA Security+ and an OS cert of some sort. Most jobs that you find in InfoSec are going to be Government contractor jobs and they all will have that minimum requirement. Where I work they won't even interview you until you have those certs and they can verify that they are legit.

the_Grinch

Your resume is probably something that needs to be reviewed as to ascertain what duties you perform. From there you can pick out the security related duties and present them. If you do a lot of networking related work you shouldn't have an issue getting a security position somewhere. No matter what you are doing in security evidence will always be found on the network. I'd agree you should get a security related certification perhaps CCNA-Security since you are already an NP.