Career Switch from App Support to InfoSec

oltombon

For the last 5.5 years, I've worked in various application support roles at several large financial companies and feel like I have a solid foundation for my resume. I'm contemplating making a concerted effort towards specializing in a particular area of IT as I don't feel I'm gaining any high-end skills in these support roles (not dissing support, I just want more $). I have a liberal arts bachelor's and my first career was in education.

I'm making about $75k in my current role, and I'm thinking about pursuing some security certificates in an attempt to land a job that would start counting as experience towards a CISSP.

1) Is there anyone who's made a similar transition (from generalized IT/Support to InfoSec)? What was your experience like?

2) In all likelihood, am I looking at taking a rather massive paycut (temporarily) in order to gain entry into the security field? What kind of roles would make sense as a first step for a transition like this?

Blucodex

You most likely already qualify for a CISSP if you've got 5.5 years supporting financial institutions.

You just need experience in 2 or more of the 8 domains.

Security and Risk Management.
Asset Security.
Security Engineering.
Communications & Network Security.
Identity & Access Management.
Security Assessment & Testing.
Security Operations.
Software Development Security.

mikey88

I think you have a solid plan and are being realistic about your situation and possibly taking a paycut. A cert like CCNA Cyber Ops could land you a Security Analyst role and from there work your way up to CISSP level.

johndoee

mikey88 wrote: »

I think you have a solid plan and are being realistic about your situation and possibly taking a paycut. A cert like CCNA Cyber Ops could land you a Security Analyst role and from there work your way up to CISSP level.

Are you talking about the same CCNA Cyber Ops that doesn't give any hits on job boards? That cert could land someone a Security Analyst Role? Although nobody is asking for it, it could land someone a position. Interesting thought process.

kiki162

Support can be a bottomless pit and a brain drain on most

You can get 1 year in for your requirement from either your BA degree, or certs such as Security+, CASP, SSCP, MCSE...etc. First, you need to decide what area of infosec you want to get into. That will help you figure out what foundational certs you need to help prepare for the CISSP. Also, take a look in your area on what jobs are looking for.

I've done the transition myself, and I can tell you it took me a good year from making the decision to go for CISSP, to landing my next role. Once you obtain it, make a point to do something to increase your skills every year. Whether getting another cert, more CPE credits, training classes, school, etc.

MIME

I was a systems engineer/administrator for many many years (more than you). After a layoff I decided a career change was in order since I reached the point that I was downright bored. Like you I knew I'd have to take a paycut. I wanted to move into cyber security. The fastest way to do that was to get my Security + certification (which I did). I landed a job doing software assurance after getting that cert. I have the years necessary to take the CISSP so am currently studying for that. Once I get that cert I expect my salary will jump substantially as I will qualify for many more mid level jobs in that field.

ITSec14

I started my IT career in an application support/analyst role for a financial institution. Only difference between us is I moved into a sysadmin role prior to jumping to security. I think if you obtain your CISSP or another reputable security cert you could definitely make the jump. I think even a pay cut would be minimal, if any.

gkca

So for those who made the jump, how did it go with the switch - let's say you were a senior systems administrator then you switch the gears and got your Security+ or CISSP or some other security cert, what kind of positions did you apply afterwards? Junior security analyst or something along those lines like SOC Analyst I or something more mid-level?

oltombon

So, is CISSP the most logical cert to go for in my scenario? I know ISC2 lists the CISSP as "Leadership and Operations". Would something like the SSCP (IT Administration) be a better first InfoSec cert to break into the field?

ITSec14

@gkca I sought more mid level positions, but even many entry level security jobs don't mean entry level within IT itself. We have level 1 SOC analysts at my current job who are making very good salaries since they have prior technical experience, but it will all depend on the location and company.

@oltombon Essentially, I pursued the CISSP as a way to bypass any future HR filters as it tends to show up the most in job req's. Most HR people like to see certs and degrees, where hiring managers want to know what you can do. Don't rely on a cert alone to break into the field, but if I would recommend any it would be either the CISSP or one of the SANS certs.

I'll just say this...don't go into security only because it's in demand and pays well. You have to have a passion for it, because it will demand a lot from you.

NotHackingYou

1) Yes, made this transition. It can be difficult to make because generally, security jobs require security experience. It can be done by a skilled IT pro.

2) If 75K is the going rate for an analyst in your area, I would not expect a big pay cut (if any) if you can demonstrate security knowledge. I think if you study for your security+, you will find that you know more about cyber security than you think.

There are a lot of cyber jobs out there and some employers are willing to take a chance on someone with the IT support experience and a desire to learn security. I would stress these two points on your resume and show at least one security certification to prove it.

oltombon

Okay, so my short-term plan then is going to be to get the Security+ to A) confirm my passion for the field, and evidence to potential employers that I'm interested in making the transition. Once that's on my resume I'll start applying to Security Analyst-type roles and hope someone takes a chance on me with my track record in app support.

mikey88

johndoee wrote: »

Are you talking about the same CCNA Cyber Ops that doesn't give any hits on job boards? That cert could land someone a Security Analyst Role? Although nobody is asking for it, it could land someone a position. Interesting thought process.

It's a new certification that will only gain popularity with time. I think it's a solid option with it's CCNA name recognition.