Job Advice- Direction

Blade3D

I'm currently a Systems Designer for an Engineering/Consulting firm. We mainly work in airports and seaports. I usually end up doing CAD work, design work, and construction administration. I've been doing this job for almost 4 years, and plan on taking the CISSP soon. I'd like to pivot to some kind of Information/Cyber Security role. Any advice on steps to take? I've become fairly discouraged in my current role, as this was not what it was made out to be. I understand some of the shortfalls as it's a VERY small business. Should I just look for entry an level job? They would probably pay roughly the same. I'm just not sure what kind of role I should be looking for especially if I pass the CISSP.

Blade3D

I did end up passing the CISSP today. Any advice would be appreciated.

EANx

Passing the CISSP isn't worth as much without the required security experience to get the certification. Are you able to spin your current role into a physical/logical security gig? You also run the rick of being seen as "overqualified" for an entry-level job. What other certs do you have that might be useful? More importantly, which aspect of cyber do you want to get into? Auditing is very different than pen testing which is very different than IP CCTV.

Blade3D

I do deal with design/engineering of networks and what that entails with security. I feel it's just at a higher level, not on a more technical level. I've been on teams for cyber/security assessments as well. I figured that I might be "overqualified". I have Security+, Network+, and offensive wireless security certs, and a BS in CS with an emphasis in information assurance. I'm thinking Security Analyst, Security Engineer, Information Security Officer, something similar to those and eventually work to some kind of management level or higher.

Blade3D

Here is a better description of what I do from my CISSP passing post:

"I've been a Systems Designer (though 80-90% of what I do is just drafting in AutoCAD) at a small engineering firm for 4 years which has involved network and wireless design/engineering, cyber security and physical security assessments, wireless and network troubleshooting. I've dealt with just about everything a little at a higher level. I'd say access control (non-physical), and auditing were my weakest points, and knowing NIST, ISO, etc which ones they were. I'd like to get into a more technical role with cyber/information security in an IT setting instead of engineering. Also, a lot of this I feel was covered in my CS degree which emphasized Information Assurance, I graduated in 2011 from a B&M college."

We mainly deal with physical security designs and consulting for airports and seaports, but it's all the infrastructure to support that since it's all going IP. Examples: servers, workstations, cabling, firewalls, NMS, wireless, physical access control, perimeter detection, radar, and some A/V IP devices. I've also done wireless surveying, and predictive wireless designs with Airmagnet. It's just most of this isn't dealing with particular systems, or programming/configuring those devices.

I took this job because I had been looking for over a year after graduating and figured some experience was better then none and I was working at Academy Sports & Outdoors. They have been paying for my certifications, and I've been gaining some knowledge. I figure the 4 year mark was a good time to move on especially if I passed the CISSP. I guess part of the problem is I jumped into a "quasi-consulting" job without ever having some hands-on technical time. I wouldn't mind getting back to this one day, but I really would like something more technical so I could move to a management position or my dream job would be self-employed consulting for network/information security.

As my job isn't directly related to the positions I'm interested in nor do I have much interactions with people in those positions I do not know where to start. I know I need to tweak my resume more towards these kinds of jobs. I'm not sure what jobs or positions I should be targeting based on my current experience and this being the only job I've held that's remotely applicable. I'm a quick learner and retain knowledge fairly well, I think if I can get my foot in the door somewhere I can succeed. It's probably going to take someone taking a chance on me. I've thought about attending InfoSec meetings and groups in my area as a way to start networking.

Jaguaaar

I an in exactly same situation and struggling to get proper guidance.
There is lot of noise about the need for more infosec employees but industry does not want to invest anything in training. Most jobs require prior, relevant experience making it very hard to get in.
I have in IT and networking for 15 years but from help desk side. I have been involved with Security on physical, access control , software development and testing, vulnerability scanning etc. but unless i modify my resume to show only Security related experience, i doubt if i will get even an entrey level job.
Like you i too have lots of certs in Security and networking.
I hope industry insiders can guide us better on how to position ourselves, what skills to acquire and what kind if jobs to target initially.