Seeking Advice/Suggestions

espi_251espi_251 Member Posts: 21 ■□□□□□□□□□
Hi all,

I recently started pursing the information security field and looking to get your input to see if I'm on the right track. If not, could you please help me so I can start working towards my long-term goals.

Last year, I successfully passed Compita Sec+ and Linux+ exams and currently looking for an entry/junior level position in infosec field. My current role, DBA, doesn't help me much with my long-term goals, neither does it help me grow in the field unfortunately. I'm trying to do everything possible during my leisure time to learn and understand this field better and how best to approach it.

As of right now, below are my goals for 2017 and 2018 and then perhaps in 2019/2020.

2017: Pass CCNA: Security or CCNA R&S -- I'm not sure which one would align better, but I'm assuming it'll be CCNA: Sec.
2017: Become CE|H Certified

2018: Pass GSEC exams

2019/2020: Pass CISSP exam


Any input/thoughts would be greatly appreciated.

Thank you!

Comments

  • EANxEANx Member Posts: 1,077 ■■■■■■■■□□
    Infosec is a diverse field, what do you want to do in it? Analyst is different from auditor which is different from Red Team which is different from Blue Team. Then there's the whole piece about having an infosec role within a larger project.
  • espi_251espi_251 Member Posts: 21 ■□□□□□□□□□
    EANx, I'm leaning towards the Security Analyst role.
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    espi_251 wrote: »
    EANx, I'm leaning towards the Security Analyst role.

    Security analysts in medium/large size organizations will never touch switches, routers or firewalls. They will not do vulnerability remediations either. Most likely you will look at the logs from the security tools, do research and provide recommendations. Security Engineers on the other hand are the ones that do all the hands on work.
  • espi_251espi_251 Member Posts: 21 ■□□□□□□□□□
    TheFORCE, I get that, but most of the job descriptions I've come across prefers one or two of the certifications I mentioned above. I might not know exactly what I want out of this field until I get in there, but I believe I'm on the track.

    I didn't realize getting an entry/junior level role as information security analyst or cyber security analyst would be this difficult. Most of the job descriptions are ridiculous and asking for years of experience in the field for a junior level role.

    You and EANx obviously have much more in-depth understanding of this field than I do at this point, but I'd like to ask you what you would do if you were in my shoes, someone with no experience in information security field and looking to get into it.
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    Certifications are good and they will help you but you need to get your feet wet and get some experience first. The reason the job descriptions seem ridiculous is because people usually transition to infosec from other roles where they got some experience. Try to get a job that will get you some experience first and will expose you in different infosec areas. Formating your resume and restructuring for inosec jobs also helps. People here can help review your resume also, point is, ypu have to try until you get something.
  • espi_251espi_251 Member Posts: 21 ■□□□□□□□□□
    I completely agree with getting my feet wet in this field and that's the plan. It's funny I was just going through the resume section of this forum and I was thinking about posting mine there to get some feedback. I definitely need to tailor my resume to infosec jobs, but simultaneously I do not want put something on there that is not true.

    Thank you though for taking the time to post!
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    espi_251 wrote: »
    I definitely need to tailor my resume to infosec jobs, but simultaneously I do not want put something on there that is not true.

    Try putting some alternative facts on there. :D
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • espi_251espi_251 Member Posts: 21 ■□□□□□□□□□
    E Double U wrote: »
    Try putting some alternative facts on there. :D

    Hahahaha! Now that's funny! :):)
  • NOC-NinjaNOC-Ninja Member Posts: 1,403
    If there is a SOC at your work then I would talk to them and ask them if you can help for FREE. This will get you expose right away and you can put that in your resume.
    Its very hard to get into infosec unless you know someone that works in it and they recommend you. Some are just pure luck. However, I have never met anybody that was pure luck. Usually it comes to the point that they were there for a long time and they got drag to that infosec position.

    Now depending on infosec positions. Enterprise usually have guys that deal with incident, looking at the logs, pen testers, and then you have the engineers that deal with VPN/Firewall. The incident handlers usually dont touch vpn/firewall. I dont even think they get paid well than the vpn/firewall guys.

    If you dont have any connections, I recommend that you go to meetup.com and meet IT guys that actually work in the field. You can always get CISSP. I heard people get good infosec jobs after they get that.
  • espi_251espi_251 Member Posts: 21 ■□□□□□□□□□
    Ninja, I think you might be right, but I have to keep applying and hope one of the companies will take a chance on me. As for CISSP, I do not qualify to sit down for this exam as one of the prerequisites for the exam is to have 5 years of experience in infosec or 4 years of experience with Sec+ certification.

    I'm pursing certifications as a way to get in somehow and then learn & grow on the job.
Sign In or Register to comment.