What kind of Security job should I focus on getting?
I have almost two decades of IT experience but mostly in Networking & help desk. The work I do is not deep, hard core IT but is very wide and touches upon several aspects of IT including server administration, Networking, Software testing, OS Installation, Resolving Security related issues, Vulnerability scanning, 2nd and 3rd level Troubleshooting etc. I have never worked with Routers/Switches but have worked on Firewalls, Disaster recovery plans, Auditing and Physical security etc.
I zeroed on InfoSec as my career of choice way back in 2014 and have since acquired some knowledge and certs like CCNA Security, Sec+and CISSP.
I want to start a full fledged Security job this year but am badly confused as to how much preparation I need and how to go about it. Obviously I have lots of questions and can use some help from folks like you who are working in InfoSec. Luckily I am not in a hurry to jump ship so want to use the time I have for solid preparation. Also I dont want to get stuck into a soulless helpdesk type job (again) or in a job that does not pay much. Ideally I want to join a big corporation with a team of security professionals so that I can gain real world security ops knowledge.
I will really appreciate if you can provide me with some direction about following questions:
1. What kind of "first" real security job I should focus on getting into?
2. How much knowledge of Cisco Routers and Switches I should acquire before applying for Security jobs? Is a good overview enough or I must set up home lab and work on it for at least 200 hours or so?
I zeroed on InfoSec as my career of choice way back in 2014 and have since acquired some knowledge and certs like CCNA Security, Sec+and CISSP.
I want to start a full fledged Security job this year but am badly confused as to how much preparation I need and how to go about it. Obviously I have lots of questions and can use some help from folks like you who are working in InfoSec. Luckily I am not in a hurry to jump ship so want to use the time I have for solid preparation. Also I dont want to get stuck into a soulless helpdesk type job (again) or in a job that does not pay much. Ideally I want to join a big corporation with a team of security professionals so that I can gain real world security ops knowledge.
I will really appreciate if you can provide me with some direction about following questions:
1. What kind of "first" real security job I should focus on getting into?
2. How much knowledge of Cisco Routers and Switches I should acquire before applying for Security jobs? Is a good overview enough or I must set up home lab and work on it for at least 200 hours or so?
Comments
-
Mike7
Member Posts: 1,107 ■■■■□□□□□□
Security covers a wide range of roles. Since you are not in a hurry, I suggest you read
https://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/
https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
https://tisiphone.net/2016/02/10/starting-an-infosec-career-the-megamix-chapter-6/
and
https://danielmiessler.com/blog/build-successful-infosec-career/ -
kabooter
Member Posts: 115
MIke
Thank you very much for taking time to post the links. Actually I have been searching around for some time and did come across the above links. They were very helpful to understand as to what kind of opportunities might exist in InfoSec. I also stumbled across 2 youtube videos by a lady named Anne Marie who laid it out very well.
However what I am still not clear is that do I must work in a NOC/SOC for 2-3 years before getting jobs that involve designing and planning for overall information security of an organization? I loved the CISSP study but wonder if I must become a keyboard warrior (ie work with nmap, nessus, kali linux etc.) or Cisco nerd (router/switch/firewall specialist) for 2-3 years before I can hope to find a job that allows me to expand into auditing, designing etc.?
In other words should I not expect to practice what I learned during cissp study for first few years of my InfoSec career? -
paul78
Member Posts: 3,016 ■■■■■■■■■■
Just my 2 cents - but there really is no magic bullet. I would say just try to get a job that gives you an opportunity to get into infosec. What type of jobs have you applied for and did you get any interviews. Regarding your question about Cisco routers etc. - It entirely depends - people that don't work in network security don't need that experience.1. What kind of "first" real security job I should focus on getting into?
2. How much knowledge of Cisco Routers and Switches I should acquire before applying for Security jobs? Is a good overview enough or I must set up home lab and work on it for at least 200 hours or so?