What does it take to get into the Security business?

BigO1120

I've been doing Help Desk/Application/Desktop Support for almost 6 years now. I want to get into Information Security. There was a job posting in my company a couple of weeks ago dealing with RAS and the RSA security tokens. The person who beat me for the job had little Information Security experience (almost as much as I do) but he had his CISSP and I did not. I was really looking forward to landing that job because it would've been a great start to my Security career.

I want to know what needs to be done to get your foot in the door in landing an Information Security job!

Thanks Everyone!

spike_tomahawk

Ya know, I dont hold any security certs (yet), but I would guess security+ and CISSP. Just look at the guy who beat you out for the job.

I know the feeling, but not in the IT world.

/usr

The guy had little Information Security experience, yet had his CISSP? That doesn't sound right...from what I understand, that's NOT an easy exam to pass if you don't know your stuff.

Webmaster

/usr wrote:

The guy had little Information Security experience, yet had his CISSP? That doesn't sound right...from what I understand, that's NOT an easy exam to pass if you don't know your stuff.

That does sound strange indeed. Apart from the exam being hard, a candidate needs at least 4 years experience (or 3 +degree).

I want to know what needs to be done to get your foot in the door in landing an Information Security job!

Experience related to that particular job. (plus more experience, more certs, and more education than other candidates.)

BigO1120

What I want to know is, aside from the certifications and all, what does one need to do to get started. Obviously people who are in Information Security needed to start somewhere and I want to know how they got that jump start.

The guy who beat me out was real good with the people with that department (in case most of you were wondering how he might have landed the job). Fortunately, and unfortunately, in order to move up in this business you need to know a lot of people in the business.

I'm not hating though. Just wish it were me!

TURTLEGIRL

I'm quite curious on this one too. I want to get my MCSE Security specialist, but there's so many exams to take. Just starting 270(xp) Passed Security + with 92% but I still have a long way to go. I also want to get into the the security field.

Any advice appreciated.

Ten9t6

GBAGIRL2,

In the MCSE:Security, the security + is one of the easier tests....wait until you take 70-214.

bigo1120,

If you have enough experience to qualify for the CISSP exam, then you have already done several years of security in one way or another. At this point it would be focusing on what you wanted to do in security....and there is a lot you can do. Do you want to do Windows security, *nix security, Cisco security, programming secure software, wireless security, auditing, penetration testing, or a little of everything? There is so much you can do. Where do you want to go? Before you go to an interview for a security job, research what type of devices they use.....(if you can get some of the info)..They should have some stuff in the job description. If they are Certified partner with some companies, those would be good to brush up on and adjust your resume accordingly. (not lie..but focus the resume).

I know you don't want to hear about certs, but I would take some anyway....and if you are getting doors shut in your face, I would try to do some small contracting jobs on your own. This will help with experience and give you more power in the resume. I would also look at local user groups. These are great to meet people that are already in some of these positions. A lot of times it is who you know, not what you know. Look at joining groups like the ISSA.

It is hard to break into the security field....but the above steps can help make it a little easier on you. Before, a company lets you work their security issues, they need to be confident in your skills....There is a lot riding on their security.

I hope this helps...

keatron

Amen!! I just took 214 Friday and now I am MCSE+security. Sad to say, this was my second time taking 214. Everyone calls 216 the beast, I think 214 deserves that title by a long shot. Even 220 was easier to me and it's the security design one. For 214 make sure you got security policies, templates etc. down to an art.

BigO1120

Ten9t6, thank you so much for the valuable information. I want to do a mix of Windows and Wireless security. Of course, any kind of experience would be great! I plan on going for my MCP after I get my Network+ and then from there I plan on taking the Security+ exam. It's just that once I do get the Security+ cert. where do I go from there and how do I get my foot in the door. Certification is one thing (and it's one thing that I feel anyone can achieve) but it's the experience that worries me. How am I going to put the knowledge that I've taken to good use if no one will give an inexperienced security individual, like myself, a shot?

Ten9t6, thanks so much for the advise. I think the ISSA is a good place for me to start.

fondue

I would have to say his CISSP would put him ahead of most candidates.

One thing to note, most security jobs are documentation intensive. You always here of cool techie stuff you get to do but they leave out the 30-50 page policy docs you get to write, or the after action reports, or standing in front of the board of directors explaining why one of the IT staff cost the company $$. Fun stuff.

Munck

I think you should move into system or network administration. Both have aspects of security. That will make it easier for you to move into security 100% later on. Help desk has very little to do with security. Move on , and good luck

- oh, and get your CISSP

bananaman

Okay, here is what to do man. Go for Security+, trust me. 99% of people who touch a computer are idiots. If you can say, "I know something about security in this dangerous world of today", then you have a job. Security+ is one of the fastest growing certifications available today. Reason being is that most security professionals have years of experience under their belt and that leads to security, there was no "entry level" security certs. After you have Security+, and some job experience, I say you should go for (ISC)² SSCP certification. The reason why is that the information covered on Security+ reflects that of SSCP. Before you get to the point of taking SSCP, I would also check out eccouncil.org. They have a new entry level cert called Security5. I honestly don't know much about it, but it can never hurt to have multiple security certifications. You mentioned that you are also doing Network+. Anyone who is going to be entering a networking career MUST know Cisco. Cisco is the corporate whore of networking technologies in the world today. Being affiliated with Cisco or being certified by them is becoming a minimum requirement in many jobs right now. CCNA is a definate must. I would also agree with your choice of MCP. The name Microsoft on any resume immediately catches eyes because it is one of the most well known names in the world. Other things to take into consideration are what technologies are starting to expand. If you can find a way to incorporate security into a fast moving technology such as VoIP and SAN, then you have a special little niche available to you. Other companies to look for certifications from are Checkpoint (another biggie), CWNP, TIA, ICSA, Juniper, and SANS/GIAC. Check them all out and see which ones work out for you. SANS/GIAC has a security cert called GSEC that is also a good entry level security cert. Best of luck to you!

BigO1120

DanDaMAN60336500, THANK YOU FOR THE ADVICE!!!!!