How to get into security career QUICKLY?

QUICKLY - Because I am tired of studying, gathering certs and having practically no real world InfoSec knowledge. I am rotting in my present job of almost 20 years in IT Help desk. Tired of helping angry customers and bankrupt managers

I need a job, any entry level Security job in Greater Toronto area. I make 80k currently but my job and career and company are going downhill...very fast unfortunately.
I need to jump.
Please advise me how to land an entry level job in InfoSec.
PS: I have CCNP SECURITY and CCNA Sec and R and S. But very little indirect security experience.
And what should be my salary expectations to start?

Find more posts tagged with

Comments

Danielm7

Same question as I ask everyone else asking to get into security, what do you want to do in security? What interests you in security? You have the CCNA and CCNP:Security, do you have actual hands on networking experience? Have you only been studying Cisco stuff or have you learned a lot about other areas of security? Do you have any security related tasks in your current job that you can highlight?

Be prepared to answer why you've spent 20 years at helpdesk and now want to jump on the security train.

alias454

And be prepared to take a pay cut. I am assuming that 80k is in Canadian currency right? Don't take this the wrong way, but you just now got tired of working with angry customers after 20 years? To help us with a little of the background here, What type of work are you currently doing on the helpdesk? Have you been applying for entry level sec jobs? Have you been getting callbacks or interviews? If not, maybe working on your resume might help.

kabooter

alias454 and Danielm7
Thanks for sparing your time.
I made the mistake of sticking around in IT helpdesk as job was pretty easy for me and workgroup and environment was excellent. Job involves fixing complex network/workflow/software/applications related issues on phone and remotely, recreating problems in lab, escalating to engineers for patch development and testing patches. Touches Unix/Windows/networking/applications/printers/routers etc.
why move now? 1. Industry is almost dead....think of VCR rental stores. 2. Still not too late for me to take up one more assignment before becoming too old to learn new techs.

3. No raise in past 10 years and no hope for next 3. Wont exist after 3/4 years.
Why InfoSec - I am currently riding a sinking ship, infosec is going up. I like technology, love to solve complex issues. I love CISSP course material and questions...they tickle me LOL. I do like auditing, making sure latest patches are applied.
But
Sorry, I do not have real word hardcore security experience. I have certs, I know what is going on but in theory. I want to start somewhere. Will start applying tomorrow hence the questions.
Paycut? No problem, I wont mind climb down. But how much is the question? ccna or ccnp security entry level - How much to expect 50K to start in Toronto? or 30-40/hour as consultant??

TheFORCE

First step is to update your resume and focus your efforts on getting a security job by emphasising the security aspects of the job you are doing now in order to score an entry level security role. If you doing troubleshooting on network componets, focus your resume language on those topics. If you are doing patches or testing focus your language on vulnerability management. 20 years in IT, no matter if it's Helpdesk, i bet you, you have done some security related task either access controls or patches or updates to using networking tools for scanning etc etc. Just update your resume and show the strong points of the job as they relate to security.

Replicon

You got 80K as help desk!!! Stick to that job man, you wont find that paycheck easily. I am just curious, as here in Calgary, help desk usually are doung 40-45K.

kabooter

Replicon wrote: »

You got 80K as help desk!!! Stick to that job man, you wont find that paycheck easily. I am just curious, as here in Calgary, help desk usually are doung 40-45K.

Yes it is a bit higher than normal help desk because of tenure and company etc. But 50k in ON can not keep an employee for a decade.
And sticking around is not an option - I don't see any reason why I can not make $85/hour, in a different career

Danielm7

TheFORCE wrote: »

First step is to update your resume and focus your efforts on getting a security job by emphasising the security aspects of the job you are doing now in order to score an entry level security role. If you doing troubleshooting on network componets, focus your resume language on those topics. If you are doing patches or testing focus your language on vulnerability management. 20 years in IT, no matter if it's Helpdesk, i bet you, you have done some security related task either access controls or patches or updates to using networking tools for scanning etc etc. Just update your resume and show the strong points of the job as they relate to security.

This is great advice and I did the exact same thing when I switched from sysadmin work to security. Most jobs in IT touch security functions in different ways, it's all about framing it well.

Also, read this, the whole thing, there is a ton of really great info in there including picking a speciality to focus on.

https://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/

kiki162

Wow you put up with that for WAY too long.

Since you have CCNP/S and CCNA R/S, do you have any experience working with Cisco at your job, or has it been all help desk? I'd use those certs to get yourself into a network admin or NOC role. Unfortunately, you'll also have to be willing to accept a lower salary if you don't have any experience. If it were me, I'd say no less than $60K, but again you may have to take what you can get.

Do you have a Bachelor's degree at all? Or just a few certs? If you don't, I'd get on board with a company that provides tuition benefits, and use that! Yes, getting your CISSP would also be good for you, however if your not ready for that, go for the SSCP instead.

Now as far as infosec, you really need to have a base skill set/background, but also have knowledge of other areas, such as Linux, Windows system administration, etc. The broader the experience the better. I can't stress enough the Linux experience.

Grab a few infosec books off of Amazon, and get a few VM's setup. Look at getting setup a SecurityOnion and Kali Linux VM. Get familiar with compliance standards such as PCI, SOX, NERC, ISO 27002, NIST 800-53, and NIST CSF. You don't need to know the whole thing, but know what each are, and what they are used for. Getting into an infosec role takes time and effort on your part. I'd get a bit more of a foundation in place before making that type of jump.

kabooter

Danielm7 and kiki162
Great posts. Appreciate you sparing time to let me know your thoughts.
I do have the certs...CCENT CCNA AND CCNP. I certainly have some experience too as I touch security almost everyday in my job. And I do have a Bachelor's degree in Science, not in IT.
I wont have the real life experience problem to a small extent, I have already a game plan.
I tried to stay in present position so I could clear the cissp exam but now that sky is falling, I better take the bull by the horns and jump right into it.
hence the question - How to land an entry level job in InfoSec?

brewboy

Good to see you are looking to move forward in your career
Have you applied for or interviewed for any infosec jobs yet?

alias454

It's hard to give advice that will help you get a job quickly as everyone has a different experience but if you start looking now, hopefully you can get something before you are out of a job. Since you live in a large city, start looking for meetups in your area. Find Linux user groups in your area or security conferences to go to. There are going to be people there you can network with, which can help you get a job if you meet the right person.

Honestly, just start applying to jobs. If you aren't getting any callbacks post your resume here for advice (Just remember to post a cleaned copy with your name and personal details redacted).

JoJoCal19

With your listed experience and certs, I would say it's highly unlikely you will be able to just jump into an InfoSec role. What I would do, is utilize your CCNP and knowledge (hopefully you've retained what you've learned since you're still in the help desk) and land a networking role. It seems that most network administration or network engineering roles deal with network security (a subset of security) so you will be able to get hands on experience in security, in order to be able to possible move to a pure security role down the road.

Danielm7

I'm going to reply to your other thread questions here just so we don't get a bunch of threads for the same topic on the same page.

Danielm7 - Its very nice and encouraging of you to respond to my request for help.
As you might have noted from my other thread I have been studying InfoSec for over 1 years now and was hoping to grab cisspbefore quitting my current help desk job for 2 decades. Obviously I am an outsider to the world or Infosec and have some questions like
1. What kind of jobs are available when starting in infosec?
2. Should I jump at first chance or wait for better position considering I already have ccnp and 20 years experience in IT?
3. What exactly are responsibilities / day to day activities / challenges of various security jobs such as those of security analyst/network admin/security officer etc. This can help me pin point which direction I want to go towards, what to expect etc. I don't want to get into security jobs only to find that is similar to that of a programmer requiring me to fight with technical issues all day staring at monitor.
and so on I find CISSP jobs to be more in tune with my natural inclination but what kind of job I can get into to start?
As you can fairly simple newbie questions

1. Check the link I already posted here.
2. If you get a shot at a real security job without any experience I'd take it.
3. Check the link I already posted here.

I see you also posted another thread on getting into auditing, which might be difficult as well without any security background or audit background, that's not really my area though so I'll leave that to someone else.

HolyPuck

Apply to every security job on linkedin or whatever it is in Canada. Prepare for interviews, update resume to incorporate as much security stuff as you can. Don't know vuln scanners go watch youtube - dont know any IPS/IDS go watch youtube.. Add them to your resume.

APPLY. APPLY. APPLY.

as Wayne Gretzky said " you miss 100% of the shots you don't take."

Chinook

@Kabooter

The first thing the recruiter is going to wonder is why you were in Help Desk for 20 years. Have you did projects in that time? If so, list them under "Accomplishments" in your resume. As for the salary it's unlikely you'll get $80,000 a year to start in security. BUT, on the flip side if you lose your job you'll never make $80,000 at another firm.

To get into security you need 2 things. The first is a basic understanding of the fundamentals of being a security practitioner. Consider taking Security+/SSCP and then the CISSP. Along the way learn the basics of hacking like SQL injection, XSS, tools like Nessus & MetaSploit, NMAP and one you'll find easy; Wireshark.

After that, maybe consider getting into a place that has extensive CISCO infrastructure and work your way into the security side of things. Certainly knowing CISCO is going to help you do that. Your first job will likely be pretty basic, vulnerability scanning, etc. Don't focus on solely on certifications either. Knowing how to use the basic tools of penetration testing = important.

If you are willing to move to Ottawa, consider that. The government of Canada is beefing up it's cyber security practice but the average pay is just over $80K.

DatabaseHead

Move into an access control/management position?

You have the desk experience along with access control. You could move into access management and then transition out into another security role.

Just a thought.

beads

Audit also comes to mind which is where many security careers start. Reason being is that many companies want fresh faces in audit. That way they can train them exactly how to audit to there standards with ditching all the old baggage along the way. Besides, audit teaches so many security basics its no longer funny to try to explain.

- b/eads

kabooter

brewboy wrote: »

Good to see you are looking to move forward in your career
Have you applied for or interviewed for any infosec jobs yet?

Not till today as I wanted to get CISSP first but due to change in current work circumstances, I might have to start applying tomorrow

kabooter

b/eads, DatabaseHead, Chinook, HolyPuck, JoJoCal19, alias454
Wow. That is lot of useful information and tips. fantastic, let me digest these and revert back with questions, if any.
Very nice of all of you to pitch in. Much appreciated.

Cyberscum

Join the reserves or guard in a cyber field. Less than a year you will be marketable if you get the right career field.

Cyberscum

Let me clarify....Air Force guard or reserves. I can't speak for other branches

xxxkaliboyxxx

Cyber command is all 4 branches. 20 years in the workforce, he is at least 38. I seen people join at 40 but only twice in my career. Military isn't for everyone.

kabooter

beads wrote: »

Audit also comes to mind which is where many security careers start. Reason being is that many companies want fresh faces in audit. That way they can train them exactly how to audit to there standards with ditching all the old baggage along the way. Besides, audit teaches so many security basics its no longer funny to try to explain.

- b/eads

Actually Audit and Compliance is what I really would love to get into. Now if only I can find some entry level job postings ....

olaHalo

Lots of good advice in this thread.

However I have seen lots of unqualified people get hired into Security jobs (amongst other types) almost everywhere I've worked.
If you have good soft skills and can pad your resume a bit, I bet you could land a job right now.

Start applying and study up.

UnixGuy

Apply to every security job you see advertised, keep it doing until you get a job.

Meanwhile study for the CISSP and pass the exam

Network with security professionals.

Ask your current boss if there are opportunities to get security work experience

Pass the Security+

kabooter

Thanks all. I am currently focussing on cissp as I have been studying off and on for over a year now and obviously not getting anywhere. I am hot now! If I cant ace it I will clear Sec+ and start attacking jobs in 2/3 weeks. For the time being its time to lock horns with cissp beast