how to get in I.T Security
tvutthikrai
Member Posts: 1 ■■□□□□□□□□
in Pentesting
I recently passed Security+ and CySa but I don't experience in those field, But I have 8 years of I.T from Helpdesk to desktop support to and been I.T Admin with O365 and working in AD for 3.5 yrs. what is best route to get into security. I like to volunteer do hep company with security as part-time?
Comments
-
egrizzly Member Posts: 533 ■■■■■□□□□□
You just posted this so I'll assume their'll be more replies. Here's a couple of suggestions:
1. Setup a security lab environment consisting of:- SIEM Tool
- IDS/IPS
3. Complete these labs from Cybrary.it- Vulnerability Scanner set-up and Configuration part 1- Log Correlation- Log Correlation and Analysis- Conduct Log Analysis and Cross Examination for False Positives
Importantly though, I believe that with your 8 years of IT experience and Security+, CySa certs your quite qualified for an entry level position. For good visibility to potential employers you should post your resume to Dice.com, Monster.com, Glassdoor.com, and Careerbuilder.com. Be absolutely sure it lists your certifications and labs along with the related keywords. Hope this helps buddy, and good luck.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ -
FluffyBunny Member Posts: 245 ■■■■■■□□□□Please no, don't do free volunteer work for companies. Your time and expertise are valuable! Don't sell yourself short!
Naomi Buckwalter recently did a short talk about why breaking into security is hard on "junior" employees -> https://www.youtube.com/watch?v=D9IDqb-Fsak
She also provides some tips and suggestions to people in your position. -
DatabaseHead Member Posts: 2,760 ■■■■■■■■■■FluffyBunny said:Please no, don't do free volunteer work for companies. Your time and expertise are valuable! Don't sell yourself short!
Naomi Buckwalter recently did a short talk about why breaking into security is hard on "junior" employees -> https://www.youtube.com/watch?v=D9IDqb-Fsak
She also provides some tips and suggestions to people in your position.
I recently been watching youtube videos on how to get into security, different types of security etc..... It's more just for the knowledge not to actually do it I am deeply rooted in data and databases. However.... One thing several of these talk heads said was that if you could script Python really well that was one entry way for juniors to get in the door. He named your usually suspects, years of infrastructure, development and then of course who you know. But then at the end (two different people) mentioned that Python in itself can kick down doors for juniors.
I was curious to hear your thoughts? -
JDMurray Admin Posts: 13,101 AdminGoogling 'breaking into cybersecurity' produces a lot of good results, including the Breaking Into Cybersecurity podcast that Naomi Buckwalter plugged.
-
JDMurray Admin Posts: 13,101 AdminDatabaseHead said:One thing several of these talk heads said was that if you could script Python really well that was one entry way for juniors to get in the door.This will only work for getting on to teams that actually do (Python) programming. If you do get a job for your programming skills then likely you will be only a 'programmer' rather than a 'cybersecurity analyst/engineer/architect/etc.' You have a better chance of getting a cybersecurity position if you concentrate on improving your skills that most cybersecurity teams need from their people, such as security event analysis (tools and techniques), incident response techniques, understanding of systems and network security (OS/Cloud/network devices), documentation and ticket authoring, case and customer management, etc.
-
FluffyBunny Member Posts: 245 ■■■■■■□□□□DatabaseHead said:I recently been watching youtube videos on how to get into security, different types of security etc..... It's more just for the knowledge not to actually do it I am deeply rooted in data and databases.
The most important lessons from Naomi's talk (really go watch it) are that junior security folks need A) a portfolio, a network. Because of those bad job listings you will have a very hard time getting past HR when applying for a job. The best way to get a security job, right now, is to know someone on the inside and have them introduce you.
With regards to Python, or any language, my opinion is that it will really help you if you know any one particular language enough to be useful. If you want to be a programmer, you'll need to know one of two languages really well! But if you want to get into DevSecOps, security, system administration etc then knowing one or more scripting languages at a basic level is helpful. No, Python won't "kick down doors", but it can help you be useful. -
DatabaseHead Member Posts: 2,760 ■■■■■■■■■■@FluffyBunny @JDMurray
Thanks for taking the time to go over that info. I trust you all over the talking heads. It's funny you mention it makes you useful in regards to Python. I've had roles where my VBA (Excel and Access) and SQL (~10 years of coding) really made me "useful" but I wasn't any better at that particular role than anyone else except for automating and making tools, well other things as well but you get my point.
@tvutthikrai
Sorry for the hijack.....