Career dilemma. Not sure what to do.

So I've been in IT for about two years and I really want to get into security. Currently I do L1 help desk. With that being said, we have a lot more freedom that most L1s. I can basically do anything in a client's environment that I know how to do and feel comfortable doing.

My job was looking into implementing a security role and I got them to make me the security guy if and when that were to happen. I got them to pay for my CEH and my GCIH this year. They ended up not being able to create a security role at this time so my only progression with the company would be me becoming a L2 which I really don't wanna do.

Now I'm torn between trying to get more security certs and sharpening my security skills or getting the required certs at my company to become an L2. Finding a security job or even getting an interview is extremely hard. I have my first one Wednesday. If I don't get that job, does it make more sense to just work to become an L2? I feel like I'd see a sooner ROI if I was to just work at becoming an L2 for my company. Though it's not where my heart is at, it does come with a significant pay raise and is progression. I wanna continue getting security certs but afraid of spending all of my time doing that and still not being able to land a security job with no experience and stuck making L1 pay when I could've been making L2 pay instead if I would've spent that time on the L2 certs.

What do you guys think?

Find more posts tagged with

Comments

DZA_

Personally, sharping your security skills and expanding your security knowledge will help go a long way. Certifications can always come later that help go hand-in-hand with your experience. I've been in the same boat as you and doing more of the security related tasks help provide the foundation for getting certifications later. I'll be writing my CISSP exam on Tuesday which is a challenge in its own but if you're starting out, the best way of going about it is to get your experience then quantify by getting your certs later once you build up. Find what your passion and that will ultimately drive your decision making. Good luck on your interview!

Cheers,
DZA

EnderWiggin

Bumping up to tier two will improve your knowledge base of how systems work. And you need to know how systems work in order to secure them.

Danielm7

If you really want to get into security I wouldn't say your first interview is your last chance at doing that. Keep trying. There is also nothing wrong with taking a promotion at work and getting that training as well. What certs do they want you to get for L2? I bet they'll be helpful for security. Systems, networks, etc, are all very important things to know for a security role.

yoba222

Did you have to sign some sort of agreement to be there at least 12 months after they paid for training + certs? GCIH $6000+ CEH $3000 is a decent chunk of change. Often companies require you to work there for a time afterwards or you'd have to pay back the cost.

If not, I'd do L2 helpdesk for a couple of months, longer if they pay for college courses.

volfkhat

Good grief...
Nobody worth their salt goes into "security" after a total of 2 years in IT.

Ridiculous.

You go into security after you have already gained mid-to-senior expertise at a particular subset of IT.

Everybody's journey is different... but JEEZ, people need to Slowdown on that "Security is the End all, Be all" koolaid.

Actually, I blame the schools . They're the ones telling people "All you need is our DEGREE to work in security".

IMO, Gain some more Experience.

jamesleecoleman

I think that you should use your skills and knowledge and do security related things at the L2 level. I think that if you can some how create work that relates to information security then you'll be better off for when you actually get into security.

But you have to also know about the stuff that you want to keep safe. If you don't then you could break something, bring something down, not secure it the proper way or secure the wrong thing.

Look at what you're working with, research what you can do for the company and try to get blessings on the project.

There have been people who have jumped into security from university or with a couple years of working outside of IT so it's possible but do they know what they're doing??

Be patient, work hard, get knowledge/experience and things will line up for you. Sometimes slow or sometimes fast.

ITSec14

I worked as a sysadmin prior to switching over to security, which was a nice transition.

Perhaps look at taking a role for 1-2 years working within infrastructure first. That will give you necessary experience before switching to security.

fabostrong

Danielm7 wrote: »

If you really want to get into security I wouldn't say your first interview is your last chance at doing that. Keep trying. There is also nothing wrong with taking a promotion at work and getting that training as well. What certs do they want you to get for L2? I bet they'll be helpful for security. Systems, networks, etc, are all very important things to know for a security role.

I agree. I would have to get CCNA R/S and MCSA Server in order to move to L2. And at this point the earliest opening would be February and that's being optimistic. I would love to have those certs but I really need a pay increase also which I can't get until I'm an L2.

fabostrong

yoba222 wrote: »

Did you have to sign some sort of agreement to be there at least 12 months after they paid for training + certs? GCIH $6000+ CEH $3000 is a decent chunk of change. Often companies require you to work there for a time afterwards or you'd have to pay back the cost.

If not, I'd do L2 helpdesk for a couple of months, longer if they pay for college courses.

So I put in my two weeks notice a few months ago because I received an offer from a company for a help desk role with a direct path into their security department. My company informed me that they were in the process of trying to start a security team or at least get a security role going and if I stayed, I could fill that role. I told them if they were serious, to match the pay the company was going to give me and to let me get whatever security certs I wanted. They said I could get at least two definitely so I stayed. The first one I chose was the CEH which cost them $1900. For the second one, I chose the GCIH. They said due to the cost that I'd have to sign on to stay 18 months or pay it back. That wouldn't have been the case if I would've chose something cheaper. About a month ago, maybe more, had a meeting and they said that right now they're not able to make the security role. I told them that if I knew there was a chance they wouldn't make the role that I wouldn't have chose the GCIH and signed on to stay so much longer. I told them I would've chose something cheaper. As a show of good faith, they told me if I decided to leave that I don't have to pay back the cost of the GCIH.

Other than that my company pays for CBT Nuggets for everyone and pays for exam costs. I'd be more open to doing L2 if it wouldn't take me so much longer to get there. I really need the pay increase that comes with being an L2 and as of now, the earliest a position will be open is February. And in order to be considered for it I would have to have my CCNA R/S and MCSA Server.

fabostrong

volfkhat wrote: »

Good grief...
Nobody worth their salt goes into "security" after a total of 2 years in IT.

Ridiculous.

You go into security after you have already gained mid-to-senior expertise at a particular subset of IT.

Everybody's journey is different... but JEEZ, people need to Slowdown on that "Security is the End all, Be all" koolaid.

Actually, I blame the schools . They're the ones telling people "All you need is our DEGREE to work in security".

IMO, Gain some more Experience.

I hear what you're saying but I don't see anything wrong with me working a jr security role if possible. Granted there aren't many jr roles due to the nature or requirements of that kind of role but if I could find one, I'd much rather gain experience in it as soon as possible.

fabostrong

jamesleecoleman wrote: »

I think that you should use your skills and knowledge and do security related things at the L2 level. I think that if you can some how create work that relates to information security then you'll be better off for when you actually get into security.

But you have to also know about the stuff that you want to keep safe. If you don't then you could break something, bring something down, not secure it the proper way or secure the wrong thing.

Look at what you're working with, research what you can do for the company and try to get blessings on the project.

There have been people who have jumped into security from university or with a couple years of working outside of IT so it's possible but do they know what they're doing??

Be patient, work hard, get knowledge/experience and things will line up for you. Sometimes slow or sometimes fast.

That makes sense. I would rather just get into the field as fast as possible. I know I'd learn a lot from being an L2 but it's just gonna be a while until I can become one and I really need the pay raise.