Moving: What would be a better route to security/ info assurance

YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
So I'm moving to a different city and I've applied to alot of jobs but my lack of certs and experience; none of the call backs were for help desk.

I have two offers: Fiancial company: making 13-15 per hr ( customer service for retirement products); 100% on the phones; they do have tuition reimbursement but I dont know for sure if it would cover IT degree's. (if it doesnt, then its useless)

2. Fraud Analyst for a cell phone company: 11.50 per hour, but its only 5-10% on the phone, and the rest is researching data/ systems to see if people are using phones fraudulently. The manager said people will hack into routers to use their phone services. That's what caught my attention and now I'm thinking about taking the lower paying job because it might give me information assurance experience?

Soo.. My goal is to get into the security/ information assurance field...will the fraud analyst help in any way?


Which option would you choose and why?
Are there any IT security certs that will help me understand people hacking into routers to get access to phone systems?



Thanks everybody

Comments

  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    It sounds like the first job wouldn't be anything IT related, so I would pass on that. As for the second job, it definitely couldn't hurt. You could probably move up and around once on-board. As far as certs, depends on their equipment, but Cisco certs would definitely help. I'd imagine there would be a lot of log analysis and possible configuration changes involved. So if you can afford the pay, I'd take the second job...
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I like the second one. Although it probably won't be technical in the hands-on sense of looking at router logs, it at least provides some kind of investigation / analysis experience. How well that kind of work would apply to infosec directly I think there's some room for debate, but it's parallel to searching for a needle in a haystack and spotting patterns.

    If you're just starting out in the IT industry, you should perform some volunteer work for non-profits, churches, etc., maybe even apply to Geek Squad. Depending on where in infosec you want to go, you'll need a solid understanding of networking and systems fundamentals. You'll need to be able to 1) demonstrate strong commitment by showing the results of your own off-hours efforts (blogs, other contributions back to the community) as well as 2) something tangible which provides useful technical help to others.

    Certs-wise, I think Network+ and Security+ are good starter certs, but they're pretty basic. Still, I think it's good to at least have the knowledge (and if budget is a strict concern, it might be ok to just skip taking the exams for them). The CCNA would be a solid starter cert, and I would definitely consider passing the exam for that. From there, the world opens up to different paths.

    If you want to do the technical side of infosec, you need a good home lab to play around in. This includes a multitude of Windows and Linux VMs, maybe a Cisco switch or two, Active Directory, etc.. You should have multiple networks / subnets. Extra credit if your Wi-Fi network makes use of 802.1X with PKI. You need to be able to read packets. Better yet, host your own webserver(s) in a DMZ, have centralized logging, etc., etc.. Yes, I do all of this at home. This kind of stuff takes years to learn, so get ready for the ride if that's what you want.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    thanks for the detailed answer. I will probably take the 2nd job because I really dont want to be in a call center position again, I already have 3 years of it.

    I started learning about IT security in April, and there is so much to learn, I get off track because once I find out something new...I research that..then it takes me away from what I was doing...just so much info.

    Are there any hacking certs dealing with phone systems?
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I think "hacking phone systems" is rather one small slice of security in general that there's no specific cert for it. It's probably like the old 2600 days when you just have to figure things out. Ultimately, it's really about knowing things inside and out, and certs don't necessarily help you get there.

    In my opinion, certifications provide guidance on a subject area, but not necessarily expertise. The latter comes with time, focused effort, and patience. I may have x number of certs on my resume, but I will candidly straight out tell you that I am no expert in any given area. I still have a long way to go.

    It's easy to get distracted, yes, I know what's like. I've been there plenty of times. But keep your eye on the ball / big picture. If your fundamentals (such as IP networking) are strong, then you can build on that. If not, then no matter how much you learn about a specific subject area, you won't be able to put it in context and have your efforts hold together.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Sign In or Register to comment.