Not sure what direction to go...general area of security

Hi,

I am a stay at home dad with 15+ years working in tech, mostly software and IT. I have a MS in CS and I am a decent programmer, but I don't love it...I can do it though, but I don't want to make programming my career. The issue is that I haven't worked for 10 years (other than about 10 hours a week IT work for a local non-profit) and I will be home with the kids for at LEAST another 6 years. I enjoy taking certifications as a way to keep up on the tech and I was hoping that the certifications would help me re-enter the workforce at a non-entry level job. I really enjoy security and want to focus on that area. Any suggestions what to do after the Sec+ exam? I won't have the recent work experience to do a lot of the more advanced certs like the CISSP or CISM. I don't know any Security people IRL, so I feel a bit lost.

Thanks for any suggestions.

Find more posts tagged with

Comments

McxRisley

Honestly if you're going to be staying at home for at least another 6 years I don't know what all you really can do certification wise. I mean you could do some more CompTIA certs like sec+, CSA+, CASP but then you run into the problem of obtaining CEUs. I myself have never had to pay for courses in order to earn CEUs but from what I've heard it can get very expensive very quickly. Also even if you did end up doing some certs, what are you going to do with the knowledge? How do you plan to apply it if you're going to be at home for 6 years? My honest opinion, I don't see any point in picking up any certs until you are closer to being ready to go back to work.

Danielm7

Agreed, you'll be 16+ years out of the field which is a really difficult hurdle to avoid being considered entry level again. Especially in the security field, there is a ton of material that you can learn on your own, but convincing an employer that you can apply that all at a less than entry level rate is a hard sell. Have you considered maybe using the skills you already have? Maybe doing some freelance programming, even if you don't love it (because you don't know that you'd love security either) then you'd have a portfolio of work to show off. Maybe some programming projects you are more interested in might spark some passion?

A few years as a stay at home dad is probably pretty easy to pull off "hey my spouse is a doctor it only made sense" but over 16 is a really long time to be out of the field.

mactex

First; raising the kids is more important than anything we talk about here. So; I get what you are doing.

I understand that you don't love programming; but if you were to re-enter the workforce in Security, you will ultimately end up utilizing this skill bigtime. I absolutely agree with Danielm7; and suggest that you pick something in Security that interests you and contribute to a relevant open source project utilizing your dev background. This will show some work until you can get back into it full time.

CompuGeorge

Great suggestions...

I wanted to add I got a Security Micro Masters from Edx, I did a set of security classes from Coursera and passed an in person set of classes at my local college for cyber security...so I am pretty sure that Security is what I like. Money isn't too much of an issue because my wife does want me to do what I like and I like the IT and security classes. Her job pays enough to cover any money issues....good guess on her job.

The kids are getting older so I can devote more time to my interests while being with them. I was thinking about starting a company and doing my non-profit work through that. That way as the kids get older I can take on more projects and devote more time to it.

CompuGeorge

Any suggestions on finding relevant open source projects that won't require too much time?

josephandre

WGU's cyber bachelors could be a good program for you while you're at home. A degree doesn't expire, covers some good ground, and you'd get certs out of it as well and can do it at your own pace.

The sucky part of your situation is that programming is something you could hop right back into if you were inclined... maybe you could use your programming background to look into malware analysis /reverse engineering? Lots of resources out there.

Pen testing could be an avenue too since ability to code /understanding code is a nice tool. And you could user your time at home to try out boxes on vulnhub, overthewire, hackthisbox etc etc, and then maybe attempt the OSCP which could provide some immediate credibility.

beads

So what is it about security that is going to be any different in ITSecurity? We rely on two core skills in security moreso than any other: Programming and log review. I still do a good amount of scripting and development work on a near daily basis either way. Security just tends to be more intense and "sprint like" that normal IT.

Suppose you could go down the GRC and audit path which is, in my experience, still the best way to leverage yourself into the security field. More meetings and writing time than being a true geek to the field but it is an option. When I hire a GRC person next year I will be standing that person up to all those necessary but boring tasks like the endless interfacing with Legal and HR, updating and drafting new policy, procedure, guidance and standards. These things are not work from home friendly due to the meeting times as I laid out above.

You may be able to find a remote work from home SOC position. Dell has these by client need but usually flexible on the schedule thing. Eight straight and file a report at the end of the day type of job. Few meetings but fewer opportunities for advancement.

Penetration testing. Since you have some dev skills you'd need to really kick this into overdrive to be good at it. Point of contention. I fired two "pen-testers" last year as they didn't go any farther than scanning and applying a burp suite routine. Yawn. Go back to the porch small dogs, your wasting your client's time though you were warned as to depth we contract. To be respected in this field OSCP and if you want the dread CEH would be good a start. Like to see SANS GPEN and a real body of work to back it up. I expect you to know mailman, SYN and a hundred other tools in the development tool box.

Biggest failing I see with "security" people is that as a group your talking a group that talks big but delivers little more than over-hyped opinion. Gotta have and keep those hard skills going at the same time. I am always relearning CISCO, MS AD SCCM, Linux shell commands, etc. Oh and add that plethora of new updates every month from Amazon (I can't keep up!!!) Amazon kills me just from a GRC standpoint.

Find what it is you have a passion for in security and the rest will be easy. Do something your not passionate about in this field and it can destroy you.

- b/eads

TechGuru80

CompuGeorge wrote: »

Hi,

I am a stay at home dad with 15+ years working in tech, mostly software and IT. I have a MS in CS and I am a decent programmer, but I don't love it...I can do it though, but I don't want to make programming my career. The issue is that I haven't worked for 10 years (other than about 10 hours a week IT work for a local non-profit) and I will be home with the kids for at LEAST another 6 years. I enjoy taking certifications as a way to keep up on the tech and I was hoping that the certifications would help me re-enter the workforce at a non-entry level job. I really enjoy security and want to focus on that area. Any suggestions what to do after the Sec+ exam? I won't have the recent work experience to do a lot of the more advanced certs like the CISSP or CISM. I don't know any Security people IRL, so I feel a bit lost.

Thanks for any suggestions.

So you have 15+ years experience (1992 to 2007), haven't worked in 10 years, and won't work for a minimum of 6+ more years...when it's all said and done you will have been out of the workforce for 16+ years.

Are you trying to get a job right now or are you trying to wait the 6+ years? Have you still been programming? To be honest, your previous work experience is not really going to help you as things have changed a lot in the last 5 years let alone the last 10 (you basically left when the iPhone came out).

A few options I see for you...get a remote job, or start getting into bug bounties. For remote jobs, programming is probably your best shot from job openings and because your experience is very limited and most companies won't let a junior role have a ton of remote work. Bug bounties would be a real skillset that is relevant that you can work on from home, have tangible results, and get paid. Do you have the budget to do some of the hacking courses to learn quicker? If not there are books and low cost options but they will take longer to get spun up.

CompuGeorge

josephandre

I looked at doing the MS in Cybersecurity at WGU, but realized I could do a lot of the certifications on my own and decided to go that way. BTW, I really like that the WGU has so many certifications. I already have a MS in CS and I didn't feel I needed another degree.

beads Wow that is amazing feedback. I haven't had a lot of Linux experience. It really looks like I will need to focus a boat load of time on getting good at that. To be honest I have no idea what things will look like on a daily basis. The more I look at Cybersecurity Career Pathway , the more I think that Penetration & Vulnerability Tester is the way I want to go. My absolute favorite thing I did when I worked was make software tools for the testers and the rest of the department.

TechGuru80 wrote: »

Are you trying to get a job right now or are you trying to wait the 6+ years? Have you still been programming?

I am not looking for a job now. I am a stay at home dad and homeschool my 5 kids. In about 6 years I can go to work full time. In the mean time, each year they require less of me actually teaching them because for the most part they are really self directed. Several of the kids are VERY into programming, so I get to teach them that. When we started homeschooling I thought about having them as interns in a family business. The reality is that probably won't happen. I haven't worked on a lot of programming projects, but I have taught all the kids how to do some programming. At first it was Scratch and as the kids got older (and could read) we went on to C, Python and some Java. A couple of the kids are at Data Structures level. I know teaching isn't the same as working as a programmer...I get that, but my focus has been raising the kids and teaching them. I am planning on taking a couple of the kids to at least 2 security conferences this year, since they share the interest.

I love the idea of participating in the bug bounties. I was previously a tester and dev so I think I would be pretty good at that. I do have the budget to take some classes now. I know 1-2 of my kids would be interested in the CEH route, although not at the convention rates ($2200 for 2 days). I would probably want something more self paced and do it with the kids as I learn it. It will take longer, but I have time.

EANx

Most security jobs benefit from other knowledge like networking or Active Directory. Working on a few low-level certs, like the CCENT to the CCNA, while you have the time is one way to make yourself more valuable once you hit the streets. And if you live in an area that has a lot of DoD or other US Government contracts, there are certs that the corporate world often doesn't pay too much attention to that you can work on, like ITIL that will make you more competitive for those jobs.