Right Security Position before PhD

codeace

I was reading posts on this forum and it seemed to be the right reason to join and ask a question regarding my career.

• Background:
  • Master of Science in Computer Science
  • Specialization in Computer Security
  • Thesis research on Botnets
  • 2 Conference papers
  • RHCT / RHCE
  • Planning on Security+ / MCTS / SSCP / GSEC / CCNA
• Academic Experience:
  • Computer security - Pen Testing, Framework dev
  • Researching / ESXi Admin
  • Teaching
• Choices at hand:
  • Pursue PhD at a CAE-R
  • Get some Professional experience

I apologize for bragging. Though I'm inclined towards my doctorate, the biggest problem I faced being a student was lack of professional experience and hence underpaid. And of course, I want to make some money before I go back to study. So, I made a choice to get few years of experience first.

To the question - What should be the right entry position into the IT security industry. I was recently offered one position as an Application Security Consultant and another one as Security Consultant. Apart from these 2 positions, I found positions titled Security Analyst, Security Manager, IA Assurance Specialist, Security Admin, etc. But the core of all descriptions are nearly the same. What would be the ideal position to enter and exit before my PhD?

Thanks for any pointers

steve13ad

Well with the recent developments from Comptia, I'd defiently stay away from any of their products!

Look at the CCNA:Security

bwcarty

What do you enjoy working on, and what do you plan on applying PhD level knowledge towards?

veritas_libertas

I would go with Security Administrator. You want to get hands on experience, and work for someone else before you start consulting, and teaching.

Oh, and I am jealous. I which I was in the position to go for a PhD in Security. Good luck and stay in touch with us.

codeace

Well with the recent developments from Comptia, I'd defiently stay away from any of their products!

Look at the CCNA:Security

CCNA Security is definitely on my hit list. Security+ is something to begin with. The obvious debacle in most of the certifications is that they are not hands-on exam like the Redhat RHCE or GIAC GSE and hence the resultant certification value. Another endless debate!! [Let's get over this ]

What do you enjoy working on, and what do you plan on applying PhD level knowledge towards?

I enjoy working towards exploring and defending against future malicious code. After PhD - Eventually, to work for a security product based company as a researcher.

I would go with Security Administrator. You want to get hands on experience, and work for someone else before you start consulting, and teaching.

Thanks. I believe you are right. If you see the big picture, the core of IT security today revolves around vulnerabilities in everyday applications. Wouldn't it be ideal start if one could work as an App Sec Reviewer with development teams before becoming an Admin? So, do you know if Security Admins get to deal with application security? Correct me if I'm wrong.

Oh, and I am jealous. I which I was in the position to go for a PhD in Security. Good luck and stay in touch with us.

Personally, I believe it is important to have the drive to stand out from the crowd. We all probably possess a unique coveted skill in something. But it is the impact of what we do with our skills that makes each of special. As students of science, we carry our passion and innovation to stay atop. But hey, jealousy creates the drive Good luck with your career Veritas. Will definitely stick around this forum.

Slowhand

steve13ad wrote: »

Look at the CCNA:Security

I agree with this, but if you're going for your PhD, then more is probably going to be expected of you, so you'll probably want to continue on to CCSP (and maybe even CCIE Security) at some point. Have a look at the CISSP as well, since that's also a heavy-hitter in the security-world.

As for what position to enter, I don't know what to tell you if you don't have much professional experience. Security knowledge tends to come from "regular" IT knowledge, so most people are usually working for a few years as a standard sysadmin or network engineer before jumping on the security-train. Security is also a field where reputation is king, so having loads of experience before taking a security-gig is usually desired by employers. Still, with your academic experience, and with some more certs under your belt, you could still do very well and probably won't have a whole lot of trouble finding work. (Just be prepare to do a LOT of hands-on, on-the-job learning in the first few months of your higher-end security job.)

codeace

Slowhand wrote: »

Security is also a field where reputation is king, so having loads of experience before taking a security-gig is usually desired by employers.

Thanks Slowhand! Looks like I should target "Security Admin" positions before moving up the ladder.

Is there anything specific that I must look for either in the job description or before accepting an offer to join as a Sec Admin? Also, since I'm targeting security certifications while working, would it be ideal to question about training budget after an interview?

Slowhand

codeace wrote: »

Is there anything specific that I must look for either in the job description or before accepting an offer to join as a Sec Admin? Also, since I'm targeting security certifications while working, would it be ideal to question about training budget after an interview?

The things you should be looking for, first and foremost, are the things you can do. If a job description lists nothing but things you'd have to learn, you're probably out of your league, but that doesn't mean you have to have expert knowledge in everything they list. You should feel like you're at least capable of going to work every day and not COMPLETELY screwing up. (This is true for just about every IT job out there.)

As for a training budget, I would ask them what their policy is on training, if they pay for certs, if they pay for the training, etc. Get as much info from them as you can, (as long as you don't come off as demanding).

Other than that, play it by ear and take each interview as it comes. Polish your resume, try to get some input on it and make sure it's up to snuff with your skills and the professional image you want to put forth. Good luck with the job-search.

codeace

Thanks a ton for boosting my morale Slowhand Will keep things posted here.

codeace

Slowhand wrote: »

Security knowledge tends to come from "regular" IT knowledge, so most people are usually working for a few years as a standard sysadmin or network engineer before jumping on the security-train.

I'm back after doing my bit of research. And you are totally right. So, I decided to jump on to the system/network admin wagon first.

http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html#post192518

As for the certification path to follow, I got a question regarding the above post from the sticky. My plans are to do Security+ >> MCSA:Sec >> MCITP >> CCNA. But the post was in 2008 and a lot of other posts online say that MCSA/E are least valued by HRs. (But I also remember that it is like one of the coke cans.)

My question is -
1. Assuming I have a good resume, some experience, a masters degree, the above certifications and skills to prove all the above, how would you rate my prospects of getting into a system/network admin position in the current IT scenario? (on a scale of 1 to 10) (It'll be great if you could wear the HR hat ).

2. Apart from gaining more work experience, if you believe my chances of making a job is poor. would you suggest me to pursue any other certifications?

Please forgive me if I posted this in the wrong section. Am open to all suggestions!!

Thank you so much!

the_Grinch

Seeing as you already have the RHCE, wouldn't it be better to go for their security cert?

redhat.com | Red Hat Certified Security Specialist (RHCSS)

Good luck either way, hoping to start my Masters in September!