Need Advice

Many79Many79 Member Posts: 9 ■□□□□□□□□□
Hi Everyone,
i have finished MS in information network and computer security, i am looking to start my career in security field, i had applied for several jobs but didn't get success. every one is looking for some kind of experience which i don't have. Finally i got a contract job in big corporation as a validation tech. i am doing it, just to get an exposure and big name on my resume, but this is not related to my field and interest. I want to pursue career in security field. since most of you are already in the field any suggestion or advise would be helpful to me as well as so many others who are looking to start their career in security field.
Thank you

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    What technologies are you familiar with?

    Security's tough to break into. There's a lot to it, and there can be serious consequences if something goes wrong. It's hard to find a place that's willing to trust someone with little or no experience.

    You're more than likely going to have to start with systems/network administration. You'll gain some security experience from your day-to-day tasks doing that. I also see some people have good luck breaking into it with firewall experience. Consider one of the CheckPoint certifications or Cisco's firewall specialist as well.
  • Many79Many79 Member Posts: 9 ■□□□□□□□□□
    Thank you for the prompt reply, i really appreciate. I have done some school project in IDS, IPS, Network analysis, in undergrad i did programing in c, c++, database related project. i also took CCNA classes. although in my current job, i showed my interest to learn and be a part of security and infrastructure team but i guess as you said no one will take a risk. but i try to learn as much as i can.
    As you suggested, i tried my luck in network and system Admin, but due to lack of experience, no one hired me. i even express my interest in NOC tech but no luck so far icon_sad.gif
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Many79 wrote:
    I want to pursue career in security field. since most of you are already in the field any suggestion or advise would be helpful to me as well as so many others who are looking to start their career in security field.
    Six months ago I completed an MS in Information Security. It took me five months to find an InfoSec research position in a city that I could easily commute to. A big factor in getting this position was my many years of experience in several non-InfoSec-related fields, which made the job even more appealing to me.

    When people look for a job they typically have unreasonable expectations about how quickly they should be hired. When you are starting a new career path, your resume may be devoid of experience in that career. You need to rely on your other work experiences to get into a business that can get your career started. You might need to start in a different department and eventually transfer to the area you want. If you have restrictions on where you will work or live, it will take you even longer to find the start of your new career.

    Your situation isn't uncommon. I think you are taking the correct approach, but you also need patience to build your experience and networking contacts, both of which will get you into the career that you want.
  • Many79Many79 Member Posts: 9 ■□□□□□□□□□
    Hi JD
    You are right thats the reason i am took this job. But, when i started this contract, i was thinking, they might give me an opportunity in my field, but my manager told me "your role is defined". So he can not give me any opportunity and i think he didn't like me asking him. Now the situation is; they are not extending my contract ( reason: i am over qualified ) icon_sad.gif
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Well, this just isn't the opportunity that you are seeking, and it sounds like you'll be better off elsewhere. It's a tough thing to consider that you may need to work through several contract jobs before you find just the right situation to launch your InfoSec career. But when you do, you'll feel that the time and effort was worth it.

    And "overqualified" is usually the excuse used when "overpaid" is the real problem. That has happened to me too.
  • Many79Many79 Member Posts: 9 ■□□□□□□□□□
    Hi Jd
    You are correct, its not about overqualified, they have found some one else who can do that job from some other department. any ways, I hope to get some thing in my field. i am preparing for security + and CEH, what do think? these cert will help me or do you have any other suggestion or the path i should take. please advice me. your thoughts and suggestions are help full and encouraging.
    Thank you
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    The Security+ is a good, general security cert that is recognized by a lot of organizations, and can be used as a prerequisite for several other certs. It is the first InfoSec cert I recommend getting. The CEH is only for people who will be doing network penetration testing, or software testing that uses vulnerability assessment/exploitation methods. It is very unlikely that you will be able to get a pen testing job having only a CEH cert and no work experience.

    What fields in InfoSec are of interest to you?
  • Many79Many79 Member Posts: 9 ■□□□□□□□□□
    Hi JD
    Once again thank you, you are very helpful. Although, i don't know much about security job industry, but i have done some school project Like Analysis of Protocol using snort & Acid, used Honey pot, Nesus, Wireshark etc. I am confuse at this point because; i am not in condition to choose. All, i want is to get in to InfoSec field, if you have any any suggestion please feel free.
    Thank you
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    As keatron has pointed out in another discussion thread, saying, "I want to get into the InfoSec field" is like saying, "I want to get into the medical field." At first, you will study general medicine, but you will eventually need to specialize in the medical field(s) that interest you. The hard part is often determining what fields are of interest to you, but it's necessary so you make the best use of your study time and don't get discouraged with InfoSec as a possible profession.

    Information security is not all about technical controls; there are also physical and administrative controls as well. You might find that you like auditing, accounting, or risk management better than being an IT guy. The Common Body of Knowledge used by the SSCP and CISSP exams is an excellent encyclopedia of the different fields of knowledge in InfoSec. It would be well worth your time to have a long look at the different domains and see what interests you so you can choose a direction. If it turns out that you don't like the direction you choose, then you can choose another. Knowledge is never a bad thing to acquire. ;)

    Build Your Skills: Learn these 10 security domains to obtain CISSP certification

    Rob Slade's CISSP by domain page
  • nangananga Member Posts: 201
    Well to be frank we are in the same situation, baring off some points. I am also a Masters student in information technology. I started off with CCNA, Security+ whicih helped me to get an internship with a big wire less industry.

    Try getting certifications which no doubt increases ur knowledge but also looks good on ur resume.

    I would suggest get CCNA ( gives a good grasp abt routing, switching) ,Security + as the first stepping stone into security arena.

    Then u have many options open, SSCP/CISSP,CEH,CCSP, CISA,CISM...............but again theu require some work exp.

    Start of with a job which is realted to networking and u shall get to know more abt security and networks practiced in the real world. By studying certifications u can make recuitters look at ur resume.

    Hope this helps.
  • Many79Many79 Member Posts: 9 ■□□□□□□□□□
    JD: I went through 10 domain you mention, i am sure it will clear me confusion. so thank you. I am thinking of taking security+ exam end of April, do you think, 3 to 4 week of study is good enough?


    Nanga: i am thinking of taking security+ first, i have not looked CCNA but once i am done with Security+ i will definitely start CCNA, what about Network+? i am thinking of taking Network+ also. any thought s on that
  • nangananga Member Posts: 201
    Goood to see u motivated....I took my CCNA,N+ and then Sec+

    but I guess Sec+ would b good.....I referd to sybex book and read as much as possible for the basic security...belive me each author as to offer something more...

    If u dont get the concept on ..just google it or wikipedia is the best source.

    www.tcpipguide.com/free/ - 23k

    something to help with ya tcp fundas

    best of luck
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Many79 wrote:
    I am thinking of taking security+ exam end of April, do you think, 3 to 4 week of study is good enough?
    There is no way anyone can answer that question except you. It depends on how well you already know the material and how much time you put into studying well. You should take the exam when you feel that you can explain the material to other people, as if you are teaching them the objectives of the exam.
  • Many79Many79 Member Posts: 9 ■□□□□□□□□□
    I know the material, but still not confident enough to take it right away, so will probably study one month and then take the exam. I have a book from SYNGRESS, and rest i will find from internet. any more recommendation about the book.

    Thank you
  • Lando56Lando56 Member Posts: 4 ■□□□□□□□□□
    Just a note about what nanga said: "but I guess Sec+ would b good.....I referd to sybex book and read as much as possible for the basic security...belive me each author as to offer something more..." (Preface about me here: MCP, Security+, C|EH, current study in GCIH)

    I had a problem with Sec+ because I found so many misleading statements and/or just plain errors in a number of different books I studied from! Of course all 3-4 were industry recognized. Even a few sample exams I tried had errors. I was beginning to wonder if I knew anything, until I finally figured out I was right and they were wrong! Yes... errors documented down to the page, paragraph and sentence(s) :)

    (And I PAID for this??)

    Even had a sec expert, who had credentials longer than my finger, reply to me in one day after I pointed out a few errors he had in re: asynchronous vs synchronous encryption in a white paper he wrote. He thanked me and apologized and said he'd correct it immediately.

    My point; be careful about your training material! I finally ended up in a bootcamp, had a great instructor and got my cert with a score in the mid to upper 800's ( I forgot exact score! Been awhile.)

    BTW.... still looking for work icon_sad.gif Midwest doesn't seem to be a 'hot bed' for IT security!
    Lando
Sign In or Register to comment.