Just when I was getting frustrated...

I came across a job opening which requires a bachelors degree and 0-1 years of experience. I was just looking around, getting kind of upset because I didn't think I would be able to get into information security, because all organizations seem to want 3-5 years experience in that field.

Too bad I'm still in college down here. I emailed about the job anyway. Who knows, maybe they really need to fill the position and would be willing to work something out. I could always move and finish my degree elsewhere.

In all seriousness...I'm keeping my fingers crossed that I'll be able to find a position like this in another year when I do graduate. By that time, I should be able to pick up a job such as this fairly easily.

Everyone (Webmaster and Ten9T6 especially), what do you think about the future of this market? Do you think that we'll still be seeing a few of these "entry level" information security jobs?

Don't let me down.

Find more posts tagged with

Comments

Ten9t6

/usr wrote:

Everyone (Webmaster and Ten9T6 especially), what do you think about the future of this market? Do you think that we'll still be seeing a few of these "entry level" information security jobs?

Don't let me down.

Every company wants to have the gurus w/ 65 years experience in everything.....and even if they can find them, they do not want to pay what they are worth....so, there will always be positions open out there..As the security field continues to grow, they will have to have more entry level people....As much as you see about security, I believe that it is only the tip.

There are 3 areas that are going to continue to be hot for a while: Information Security, Wireless, and VoIP. And if you can do all 3...

Good luck to you..If you don't give up, everything will work out. And it usually happens when you least expect it.

Webmaster

Although it helps to have those 3-5 years of experience, what they mention in the job opening is usually the description of their ideal candidate. The one who gets the job is usually the one who happens to have experience with the software, hardware, or technologies, that the company actually uses. I'm not saying one can get such a job without experience, but if you have 1 or 2 years experience and think you can do the job (and convince them of that) you should apply.

I agree with Ten9t6 there will be more entry level security jobs in the near future. Especially in larger companies where security is not part of a sys or net admin's job, but a job by itself, or even better, an entire departement, or much better: a company.

But regardless of your education and certs, you will probably have to start at the bottom anyway. I don't think there will be many entry-level jobs that relate to CEH for example, but you should be able to get a job to at least involves some amount of security related tasks that will count towards the experience you'll need for the jobs you eventually want to have. To get 'those' job, you may need to reconsider CCNA and or MCP. I also think Check point certs might help you out, as it is something you can actually get experience with (and in one of those reports shown a couple of months ago in the certtimes there is a demand for Checkpoint skills). The problem with Checkpoint though, as with many security related tasks, is that administration is usually done by the company's sys admin (i.e. Checkpoint goes very well with a MCSE). I think you will have to find some more practical security topics you can get experience with more easily than the material you learn from SSCP for example.

It may be and look difficult now, but if you want it bad enough I'm sure there's a way. Although being young is usually a disadvantage when applying for the jobs that are typically senior-level, there is an advantage which is that younger employees are usually cheaper.

I'm going to reply later today to the suggestion you posted, which may help somewhat...

/usr

I do no not plan on becoming a security consultant as soon as I graduate. I realize that this is a far fetched idea. I understand that I will most likely have to start all over, at the bottom of the Information Security ladder, working my way up and aquiring the skills I need to do the job I eventually want to have.

However, that is what I want, a security job. They seem to be separated when you look at job requirements. (3-5 years security experience vs. 3-5 years admin experience) Even if I get a job as an admin, that doesn't necessarily mean that I'll perform many (or any at all) of the security functions for the company. I'll keep my eyes open when I do begin looking for a job, but I'm already seeing more entry level security jobs than I was 6 months ago. Almost every entry level security job I see asks for a bachelors, some require it.

I think you will have to find some more practical security topics you can get experience with more easily than the material you learn from SSCP for example.

So should I return my SSCP books?

Webmaster

/usr wrote:

So should I return my SSCP books?

No, because it contains info relevant for every security related job. I'm just saying that I think most entry-level jobs require more practical skills, in addition to good theoretical foudation.

/usr

You're right. It makes sense that most jobs prefer you being able to "do something" other than just "knowing something". Unfortunately for us, that's always the beginning of the cycle we hate so much. "I need experience to get a job, but can't get experience without a job."

Webmaster

/usr wrote:

"I need experience to get a job, but can't get experience without a job."

And that is probably the main reason why almost everyone has to start at the bottom regardless of their education. Basically meaning you have to do things you rather not, mostly just to build up some experience for on a resume. But, for example, if you would specialize in anti-virus and related software (by learning all the ins and out of some related popular and widely-used software in a home lab), I'd be suprised if you wouldn't be able find an entry-level 'security' job considering your education and certs. Something like that could be considered entry-level but will count towards the experience required by the more senior level jobs. And once you get 6 months to a couple of years doing something like that, a lot of other doors will open for you.

JDMurray

One important thing to realize is that "Information Security" is a specialization and not a core competency. Information Security revolves around foundation professions, such as accounting/auditing, software engineering, legal/law enforcement, and IT administration. You must acquire skills and experience in one or more of these core areas before you can be taken seriously in the specialization of Information Security.