How to get experience?

jase67jase67 Member Posts: 6 ■□□□□□□□□□

I just finished my Sec+, and want to move towards SSCP and CISSP, however, my current job does not really let me get the hands on experience required by these certs. Are there places that will hire an entry level security person, so they can gain the experience? How should I proceed? What about the GIAC exams?



  • keatronkeatron Security Tinkerer Member Posts: 1,213 ■■■■■■□□□□
    What does your background look like? The best way to do this is get into an organization (it might even have to be a help desk spot), then wait for an opening in the on the security team or in the security department.
  • jase67jase67 Member Posts: 6 ■□□□□□□□□□
    I've actually been working in computers for the last 10 years, but never in a security role. I started in a HelpDesk role, and now am working as a LAN admin, and have been doing that for about 3 years.

    I've been trying to work with our ISO, but now he's leaving the company, and they're going to bring in consultants to take his place. He had just started me on learning some Cisco stuff, and I received a Cisco ASA 5520 that he wants me to learn to configure, and install on the network. Fortunately I'm not on a strict time limit, so I have time to mess around with it.

    As far as official certs, I have A+, Network+, and Security+, and have just started on my MCSE: Security, and CCNA. I could sit and read 100 books, but I learn the best from hands-on stuff.

    Thanks for any advice you can give me.
  • keatronkeatron Security Tinkerer Member Posts: 1,213 ■■■■■■□□□□
    jase67 wrote:
    . I could sit and read 100 books, but I learn the best from hands-on stuff.

    The fact of the matter is, most people feel this way. However, you have to get the reading in too. Sometimes if you don't approach the hands on part of learning with a solid theory and understanding, you could end up learning something "the wrong way" or not the best way. Besides, if it takes two years before you finally do get a position that will let you get hands on in security, what's to stop you from reading and learning in the mean time? Right!!! Nothing!!!!! So keep reading, keep learning. Remember, "luck is when preparation meets opportunity". In other words, keep preparing, and the opportunity will come.

    Good luck.
  • lopezcolopezco Member Posts: 38 ■■□□□□□□□□
    I just passed sec+ cert.
    I started working for an IBM aliace company for five years giving support in HW and SF.
    Later i was hired for providing security to the company i work today. I didnt know anything about so i started learning ibm Iseries security, although i was working in security i was hired as a programmer (that was an empty position my boss had to fill)....
    I implemented the security in our Core system (IBM Iseries), HA solutions (visions-Orion) and planning, got some certification in Monitoring software and implemented some security software, also wrote some security policies.
    We are currently working on Disaster Recovery planing.
    Recently i was named as security assistant, with another assistant working with me, we, only two are responsible for security.
    There is no management still in security, but i bet they will be forced to put someone in charge with a new department, i want to be prepared for that time.

    I just wonder if the time i was named programmer will count as expirience. I could get a letter from human resources who said i have been working in security for 4 years, is that enough?

    Also i have seen everyone who goes for cissp first try Microsoft certs, Can i go for CISSP?
    Thank you and sorry for the spelling.
    "If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees." — Kahlil Gibran
Sign In or Register to comment.