Want to get in the Security field

Ben1373

I'm 18 and currently working on service desk. I've always wanted to get in the cyber security field. The thing is, where I live there's very rarely ever any enter level security jobs. I'm currently running through courses on cbtnuggets and video tutorials on YouTube. I was looking at studying towards CCNA Security. Would employers even consider me for future security roles even if I didn't have any security related experience?

TheFORCE

They will consider you for entry positions if you show interest and potential. One mistake i see that people make when it comes to this is that they believe if you get some <enter security cert name> they will have better chances. Security jobs involve more than security certs. You would need experience. Now you say, but i do not have a security job. And to that I'd say, you do not need a security job, to get security experience. All you need to do is create a lab at home and

1.Install Nessus, and run vulnerability scans on your home network and various devices, create policies, create various types of scans, create schedules and create reports, investigate vulnerabilities and read how to do remediation.
2. Install Wireshark and start capturing traffic and getting familiar with the protocols, ports and information provided.
3. Install free SIEM's and get familiar with how the SIEM's operate. Logs, correlations, reports, event alerts etc.
4. Install some free firewall and learn about blocking traffic and url filtering, create queries on the traffic and understand the difference between source IP and destination IP, understand the difference between egress and ingress traffic.
5. Use namp and other freely available IT security tools. etc.
6. Learn about security policies, and what it takes to create one. Get sample policies online and read them, read the NIST documents.

Doing that not only will help you with passing certifications, but it will help you during interviews when you will be asked questions. that will count as experience even though it has not being getting at a company job, you will have the ability to answer questions based on that experience. Watching video tutorials on cbtnuggets and youtube without focusing on any tools that you will be using, is a waste of time. Few common questions i have been asked in many of my interviews, has been are you familiar with x or y tool.

jamesleecoleman

Would it be possible for you to create your own security experience at the current job that you have?

Say for example, there's no SIEM, risk register, IDS, Vulnerability management or anything anywhere. Would it be possible for you to goto management and tell them that you've noticed (or found out) there isn't a type of security device or policy at the job? If there isn't, express your interest (always do this) and ask if you could help implement it after researching on why it's needed.

I've had to create my own experience doing security things. I do vulnerability scans with Nessus Cloud (it's awesome), work on the risk register and fix the vulnerabilities as best as I can. I'm working on implementing an IDS and I use nmap from time to time. I also plan on implementing an SIEM. Some things that I use/implement, I have to ask for but also explain why it's needed like Nessus.


Some things I won't know how to do without knowing computer networking. I brought down a network by doing port mirroring and I quickly brought it back up.... the strange thing is that the first time I did it, I didn't bring down the network.