Seriously, how the heck do you spot the right Sec job?

With so many security certifications out there and so many diverse jobs how do you spot the right entry-level security job to apply? ok there are always job requirements that you know you can't match-up. Forget those.

Assuming you are not applying for a position that you came to know from your colleague at another company, below is what most of them do.
>>> search search search... GOOOOSSHHHH... nightmares!!! <<<

Recently my friend told me that he would rather prefer to create his own IDS than having to hunt for the right job. Now I precisely understand by what he means. Just passing certifications might only get you an interview call, but there has to be so many other factors that should have made you apply for one. Kindly share such experience..

how you landed on to your first security job. (like a specific certification upgrading from sys admin,....)
What are the factors that you would consider on your next jump or what did you considered for your current position. (like east or west coast/challenge/certifications/size of company/work culture/expectations etc.)
Any tip that you would want the new security newbie to know.

ha ha.. I'm exercising Social Engineering!! Evil me

(just kidding

)
Cheers.

Find more posts tagged with

Comments

L0gicB0mb508

Most of the time you don't just jump into infosec. Usually people have experience as a server admin, network admin, or programmer (this is really true in the pentesting area).

A lot of the security jobs postings you see are a wish list. No one can be talented in everything. Just because you don't have this skill or that skill doesn't mean the job is totally out of your league.

Certifications help to a point, but when it comes to security most people want experience to back it up. The certifications really come into play if you are trying for a government contractor position where you have to keep a mandated set of certifications.

I found my current position through a recruiter. The job description was very vague, but I went for it anyway. I highlighted areas of security I had done in the past and that's what got me in the door.

My advice to you is just hang in there. Security is a pretty tough gig to get into, but once you have the actual experience it becomes a lot easier. Also, don't be afraid to experiment on your own. There are plenty of tools out there for you to download and mess around in your own lab. It may not be enterprise class experience, but it will give you a foundation to build on. There are also many free sources of information about information security related topics. Read until you have had enough, and then maybe read a little more

.

Good luck.

shednik

I had some desktop support experience and a few certs when I got hired at my current company. I spent 6 months working in the network operations and then moved over to wireless for a bit. After about a year I was moved and put in charge or remote access and VPNs on the network security team. Just find a good company, work hard, and be open with your bosses. With any of your positions just keep a security mind set in your daily work and it will be useful when you land that security position.

Strat_

I worked about 1.5 years as IT Supporter for one of the biggest IT compagny, I left and I got a call to work as security engineer, so I work now with VPN , checkcpoint produts ect ect.

So, read a lot, do some labs, show your skills on your resume and see if the market is open for a newbee

Ye Gum Noki

From the folks at CSO magazine...

How young upstarts can get their big security break in 6 steps - CSO Online - Security and Risk

Mr. Ye

tpatt100

Never seen entry level security positions. Numerous times my past experience as a sys admin helped me perform my security job.

tpatt100

Ye Gum Noki wrote: »

From the folks at CSO magazine...

How young upstarts can get their big security break in 6 steps - CSO Online - Security and Risk

Mr. Ye

I can verify that this link is actually very spot on especially these:

1. Learn how to write: Like it or not, writing is part of your job in the information age. You can't make a difference simply by knowing how to configure a NAC system or do penetration testing. You have to be able to tell colleagues, bosses and business partners what you are doing, in their language. You'll have to do this in board presentations and in reports. And if you really want to make a difference, you can share your experience by blogging. That gets you noticed, and in many cases will get you hired.

2. Learn How to Talk: The days of a security administrator holing up in a dark room shut off from the outside world is over. You have to be able to articulate what you're trying to do in the spoken world. This isn't just about learning how to be a good public speaker, though that is of high value. Learning to talk means learning to speak the language of those who decide how much budget you get for security or who gets hired.

3. Learn how to dress: This might sound weird, because most practitioners will dress according to the requirements of their employer. That could mean suit and tie, business casual, or something in between. But then there are times to dress to match the crowd you are in, particularly at security conferences. Business attire won't help you network in a crowd of hackers at ShmooCon or DEFCON. Dressing like a punk rocker won't cut it at a more C-level event.

5. Learn to work with suits AND mohawks: One of the problems in security today is that the profession is split into two groups who don't communicate well: The executive-level suit and tie CSOs working for billion-dollar corporations or high-level government agencies, and the torn jeans-wearing, ear-pierced researchers. You can see the cultural chasm clearly when you go to a conference like ShmooCon and then something like CSO Perspectives. If you work on being able to communicate and work in both crowds, your stock will rise considerably.

I have spent a ton of time recently doing Excel, Powerpoint and Project due to a new project I was given. I had to research and document and then advise senior directors and managers. Then I had to give presentation/proposals for the requirements, then I have to play email/phone tag with the Army with their liasons, etc.

I am still a tech geek but I am also being pulled into meetings all the time with the higher ups because they want me there to address concerns when trying to find the means to be secure and still stick within budgets.

codeace

Thank you so much folks. This is the best advice I would have ever got till day. Credits go to CSO too!

I feel more confident that I know a pathway to success. Simply awesome