Wanting to pursue IT Security
jackcsprat
Member Posts: 1 ■□□□□□□□□□
Hi, I am new here to the forum and would like to get some advice from some of the wonderful posters here on this site. I work for a large company and have been with them for 8 years as a Systems Administrator. I would like to pursue a career in IT Security now, so I have started speaking with IT Security managers in my company to get a feel of the various IT Security jobs. Most managers don't seem to put much into technical certifications even though I have recently obtained my CISSP. My trouble is deciding what type of Security job to pursue. Studying about security is one thing, but when it comes to finding a good security job....that's another thing.
Here is what I have discovered at my company so far. Firstly we do have intrusion detection jobs, but who wants to look at log files all day looking for possible intrusions ? Secondly, I have an interest in Forensics, but that job (at least within our company) is only given to people with years and years of experience because of liability issues and the threat of being sued if you are wrong when investigating an employee, etc.
I would appreciate hearing from those in the Security industry as to what their typical day is like, how they got into Security, and any valuable links that could help me to decide which security path to pursue.
Thanks much,
Jack
Here is what I have discovered at my company so far. Firstly we do have intrusion detection jobs, but who wants to look at log files all day looking for possible intrusions ? Secondly, I have an interest in Forensics, but that job (at least within our company) is only given to people with years and years of experience because of liability issues and the threat of being sued if you are wrong when investigating an employee, etc.
I would appreciate hearing from those in the Security industry as to what their typical day is like, how they got into Security, and any valuable links that could help me to decide which security path to pursue.
Thanks much,
Jack
Comments
-
keatron Member Posts: 1,213 ■■■■■■□□□□Well Jack, let me see if I can be of some help here.
1. Yes, intrusion detection can be boring (especially if you never have any intrusions). However, the time spent analyzing and learning to decipher those log files will come in handy if and when you become a consultant and you're expected to know a little about all of it. As with many careers, you have to start with the boring stuff before you get to the sexy stuff.
2. It's interesting you should speak of boring, because some parts of forensics can get pretty boring, because essentially, you'll still be sifting through gigs of log files and memory **** files to gather forensics information. While I myself am not a forensics expert, we do package forensics in many of our contracts by sub contracting that part out to one of the firms we partner with on many projects, and trust me, usually the most exciting part of forensics is actually presenting the evidence/findings and watching the oohh and ahhh faces of executives and not so technical people.
3. I do understand what you're saying about liability, but truthfully, as a security consultant, liability is always a huge things. I don't even want to get on how long it took to find the right reputable insurance carrier that would even consider covering us with errors and omissions. And the cost? absolutely insane, but worth every penny of it.
Just curious you said you've been a sys admin for 8 years and it sounds like you don't have security experience. So my question is, how did you meet the experience requirements to sit the CISSP? : -
Olajuwon Inactive Imported Users Posts: 356I would think that anyone with a CISSP would know about what security jobs are available to them and the daily activities for every single one of those jobs."And in the end, it's not the years in your life that count. It's the life in your years"