Is there a lot of demand for computer security specialists?

Stochastic13Stochastic13 Member Posts: 17 ■□□□□□□□□□
I'm interested in computer security and I'm planing to get my BS in computer science. I was wondering what the job prospects are and will be in the future for someone with a BS in computer science specializing in computer security and also what kind of salaries are being offered starting and with 5-10 year experience?
«1

Comments

  • hiddenknight821hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□
    I'm interested in computer security and I'm planing to get my BS in computer science. I was wondering what the job prospects are and will be in the future for someone with a BS in computer science specializing in computer security and also what kind of salaries are being offered starting and with 5-10 year experience?

    Just one question. Are you doing it because it offers a lot of money? We would like to know a little more about your computer background, so we can see where you're going, and you are not in it for the money.

    Btw, welcome to TE!
  • JinuyrJinuyr CISSP, SSCP, Security+, Network+ https://www.linkedin.com/in/francis-nunziata-4a95b624/Member Posts: 251 ■■□□□□□□□□
    IT Security in general has gained a lot of momentum. If you check the number of jobs out there that require some level of proficciency in IT Security you'd be amazed if you compared it to a few years ago.

    hiddenknight821 has a point, we need some more information to tell. If you check the boards, there is a survey out there with salaries from TE members.
  • Asif DaslAsif Dasl Member Posts: 2,116 ■■■■■■■■□□
    You can't really be in a security position until you have been in some type of administration position. There is a great thread & post listed here, that goes in to detail about security positions and certifications. The 'Cans of Coke' thread as it is commonly referred to as.

    The best way you can view it is, a 5-10 year goal that you are working towards by gaining knowledge in the different areas such as administration, networking and security. Slowly through experience and being in the right places at the right time you'll eventually get in to a dedicated security position.

    But I agree you don't do it for the salary you do it because you're interested in it, and you'll never know how far you can go until you go through the 'beginner' and 'intermediate' positions. One thing is certain, there is demand for experienced and dedicated security professionals, the question is are you willing to commit what it takes to become one of them?
  • shaqazoolushaqazoolu Member Posts: 259 ■■■■□□□□□□
    In my opinion, if you don't love information security on its own, regardless of how much money you make, you are going to be miserable in it. Just like a security program in any organization, a career in security is a lifestyle or mindset, not a 9-5 thing that you do and then turn it off. If you want to be really successful in it, you will have to surround yourself with it almost to the point of making it an obsession.

    There are several aspects of information security and this is one field where if you try to be a jack of all trades, you will definitely be a master of none. Some aspects of information security are a lot of fun but won't make you rich (pen testing), and some aspects can be a little dry for a lot of people but will likely be much more lucrative in this market (risk management, intrusion analysis, incident response).

    In my experience, entry level salaries aren't really any better than any other entry level IT position, but I'm in a REALLY crappy infosec market so that might be skewed a bit. More experienced folks will do fine, as long as you know wth you are doing. This industry does not tolerate mistakes very well.

    I'm not trying to be discouraging I am just trying to give you realistic expectations. I will say too that your computer science degree will do definitely do you some good in the field, especially if you do start doing pen testing or web app testing.
    :study:
  • instant000instant000 Member Posts: 1,745
    I'm interested in computer security and I'm planing to get my BS in computer science. I was wondering what the job prospects are and will be in the future for someone with a BS in computer science specializing in computer security and also what kind of salaries are being offered starting and with 5-10 year experience?

    1. Job prospects will always be good for experienced, educated, and certified people who interview well, and play well with others.

    2. Salaries starting will probably be on the low side. The more experienced you get, the better the offers will be.

    3. Security is not something handed to entry-level personnel. You can work your way towards it.

    4. Do not do IT for the money. If so, you'll be disappointed, and could have probably done better doing straight sales. Right about now, I am finally starting to get some really good offers, but I have ten plus years experience. If I was doing it for the money, I would have quit soon after starting, due to realizing that the money does not appear right away.

    5. As previously posted, read the Security Forum sticky about "where to start"

    6. As previously posted, read the salaries thread, and you can see that things start kinda low, but can shoot up, dependent upon how hard you're willing to work at it (and continue to work at it).
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • Stochastic13Stochastic13 Member Posts: 17 ■□□□□□□□□□
    Thanks for all of the responses and advise. Let me tell you a little about myself, my number one goal is to become a physician and in the process of taking all of the prereqs for that profession I became unusually interested in computer security, likely due to my computer getting infected about two years ago. Even though I couldn't dedicate much time to this field of study, due to having very demanding time schedule trying to complete pre-med classes, I felt an overwhelming, all-encompassing desire to find-out as much as I can about computer security/hacking. I had to know how the computer works and how it could be used for malicious purposes in order to protect myself form hackers. Since that time I found-out that I don't have to major is biochem/biology in order to make it to medical school and that they simply required any BS degree, that gave me an idea to study what I'm really interested in while I'm perusing my BS degree. Opposed to the prevailing school of thought in the medical profession which causes doctors and would be doctors to cringe from embarrassment when asked about compensation, I believe that if one spend the time and money to receive good education he/she is entitled to a good salary, after-all what is wrong with wanting to make more money? Isn't that why we work on the first place? Getting back to the point--the competition to get into medical school is pretty stiff so I decided to get a degree that I'm very interested in and pays well in case I don't make it to medical school, in my case it was a no-brainer. Because what could be better that getting paid for breaking in other people's computers (legally of course). icon_cheers.gif
  • ibcritnibcritn Member Posts: 340
    Demand - Yes rather large demand atm.

    Will you start out in security? Maybe...it won't be easy and you likely wont be good at it unless you have serious hands on experience with the technology typically earned through administration type roles.

    Will you start out ethical hacking? No, those are seasoned security roles so a nice mid-end career goal.

    Sounds like you really like security so good luck to you as you embark on this journey. My advice is don't expect a college to teach you what you need to know....you will be disappointed. Continue like you started, aggressively going after the knowledge. I find all to often that people who start a degree program expect it to teach them what they need to know and they learn within the scope of the degree......never let this be you.

    Some great security training is offered through SANS courses. They are a little advanced, but as you progress in your academic career if you could do a SANS course over each summer that would pay off....hugely pay off.
    CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+

    Next Up: Linux+/RHCSA, GCIA
  • Stochastic13Stochastic13 Member Posts: 17 ■□□□□□□□□□
    Thanks, I really appreciate the info icon_wink.gif
  • afcyungafcyung Member Posts: 212
    If you want to get into security right out of college you may want to check out the NSA if you are a US citizen.
  • Stochastic13Stochastic13 Member Posts: 17 ■□□□□□□□□□
    One more question, do I have to have experience in order to do the SANS courses or can I get it through internships?
  • Stochastic13Stochastic13 Member Posts: 17 ■□□□□□□□□□
    If you want to get into security right out of college you may want to check out the NSA if you are a US citizen.
    That sound interesting, do I have to become an officer?
  • afcyungafcyung Member Posts: 212
    No you apply through their website NSA.gov
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Just one question. Are you doing it because it offers a lot of money? We would like to know a little more about your computer background, so we can see where you're going, and you are not in it for the money.


    I have never understood why people say this. If he is purely in it for money, who cares as long as he is good? I say, if you are in IT because you want to make money and you don't feel like digging ditches or something else. Not everyone can do what they love. I'd love to write poetry for a living but you know life is life.


    Infosec is vast and you aren't going to get anywhere without the RIGHT experience. If you spend 5 years unlocking accounts and resetting passwords, you probably won't get to be a l337 infosec analyst. Grab some certs while in school and an internship.
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    shaqazoolu wrote: »
    In my opinion, if you don't love information security on its own, regardless of how much money you make, you are going to be miserable in it. Just like a security program in any organization, a career in security is a lifestyle or mindset, not a 9-5 thing that you do and then turn it off. If you want to be really successful in it, you will have to surround yourself with it almost to the point of making it an obsession.

    fully agree with this. I absolutely HATE the InfoSec portions of my job.

    As far as demand, it all depends on what you want to do. My company has quite a few openings presently for Security Analysts, but it's not glamorous. It's basically analyzing a load of events that come in from our clients, determining if you can fix it yourself, and if not, where to route it. It also has quite a bit of customer interaction, and you have to be able to explain security related matters to customers who aren't exactly clueful (if they were, they wouldn't contract their security management out to us - not because we suck, we're actually pretty good at what we do, but because they could handle it themselves).

    And I believe the base pay is starting at around $40k. So it's a good way to get your foot in the door, but it's a job that you should be aiming to get out of in a few years. Security Analysis is a very different animal from Security Research in our house, and the researchers are the seriously hardcore security guys (and they get paid pretty well too)
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    Asif Dasl wrote: »
    You can't really be in a security position until you have been in some type of administration position. There is a great thread & post listed here, that goes in to detail about security positions and certifications. The 'Cans of Coke' thread as it is commonly referred to as.

    That's not entirely true, it can vary from company to company and depending on what you want to focus in. A number of our SOC analysts came to us with no administration background, just a good head on their shoulders, and a good working knowledge of computers, but we're more focused on network event InfoSec. They aren't doing things like server hardening, multi-factor authentication implementations, or Data Loss Prevention implementation. Several of those guys have grown into prominent positions within the company, and several others have figured out that InfoSec isn't really their cup of tea and moved on to other aspects of IT (sometimes within the company, sometimes not)
  • Stochastic13Stochastic13 Member Posts: 17 ■□□□□□□□□□
    researchers are the seriously hardcore security guys (and they get paid pretty well too)
    How does one become a security researcher?
  • instant000instant000 Member Posts: 1,745
    I have never understood why people say this. If he is purely in it for money, who cares as long as he is good? I say, if you are in IT because you want to make money and you don't feel like digging ditches or something else. Not everyone can do what they love. I'd love to write poetry for a living but you know life is life.

    Hah.

    Get your point in here.

    I mean, I enjoy what I do, but if it did not pay, I would do something else that did, LOL.

    Also, nothing wrong with digging ditches. I bet if Army Corps of Engineers had done a better job with digging ditches, we wouldn't have so many bad floods ... back home where I'm from, ditches haven't been dug out in about 25 years ... and yes, it floods a lot there, as the water doesn't have anywhere to go.

    The only problem with digging ditches is that hopefully you work up to using a backhoe, versus a shovel, and maybe work up to foreman, versus backhoe operator, and maybe work up to some higher position, versus foreman ... don't want to be hitting that shovel for too long, LOL.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    How does one become a security researcher?

    Same way you get any other advanced position within a company - you come in with a stellar resume and interview well for direct hire into the position, you spend some time at a more junior level position and demonstrate your desire and ability to move into the role, or you know somebody.
  • chrisonechrisone Senior Member Member Posts: 2,068 ■■■■■■■■■□
    Whether he be in it for the money or not , is none of our concerns.
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), eLearnSecurity: IHRP (completed), eLearnSecurity: THPv2 (in-progress)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCHTPv2
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    chrisone wrote: »
    Whether he be in it for the money or not , is none of our concerns.

    Well, it may not be in our concern, but doing something you don't like just for money tends to lead to an unsatisfying career, so avoiding that is pretty good advice, even if it is unsolicited.
  • chrisonechrisone Senior Member Member Posts: 2,068 ■■■■■■■■■□
    I agree and you are right, but i dont think his question was about if he would enjoy to work in IT security. Unless i missed something in between replys , i just read the first few posts icon_lol.gif
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), eLearnSecurity: IHRP (completed), eLearnSecurity: THPv2 (in-progress)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCHTPv2
  • jonenojoneno Member Posts: 257 ■■■■□□□□□□
    you sound like a wise old man, no disrespect. I always love reading your comments and post.
  • jonenojoneno Member Posts: 257 ■■■■□□□□□□
    Well, it may not be in our concern, but doing something you don't like just for money tends to lead to an unsatisfying career, so avoiding that is pretty good advice, even if it is unsolicited.

    you sound like a wise old man, no disrespect. I always love reading your comments and post.
  • chrisonechrisone Senior Member Member Posts: 2,068 ■■■■■■■■■□
    It was a good comment and very good advice for the fellow who originally asked the question. That is why we keep a good and knowledgeable site here. I was only commenting on the first portion of the thread, since there were some user who were questioning the original posters motives.
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), eLearnSecurity: IHRP (completed), eLearnSecurity: THPv2 (in-progress)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCHTPv2
  • Stochastic13Stochastic13 Member Posts: 17 ■□□□□□□□□□
    Since I'm going to be in school for another four years does in make sense for me to take CompTia certs to help me get internships or should I just concentrate on school since the certs expire in three years?
  • nicklauscombsnicklauscombs Member Posts: 885
    Since I'm going to be in school for another four years does in make sense for me to take CompTia certs to help me get internships or should I just concentrate on school since the certs expire in three years?

    do whatever you can/need to gain knowledge while you are in school. if that means structuring your study focus to pass exams go for it.
    WIP: IPS exam
  • phantasmphantasm Member Posts: 995
    Thanks for all of the responses and advise. Let me tell you a little about myself, my number one goal is to become a physician and in the process of taking all of the prereqs for that profession I became unusually interested in computer security, likely due to my computer getting infected about two years ago. Even though I couldn't dedicate much time to this field of study, due to having very demanding time schedule trying to complete pre-med classes, I felt an overwhelming, all-encompassing desire to find-out as much as I can about computer security/hacking. I had to know how the computer works and how it could be used for malicious purposes in order to protect myself form hackers. Since that time I found-out that I don't have to major is biochem/biology in order to make it to medical school and that they simply required any BS degree, that gave me an idea to study what I'm really interested in while I'm perusing my BS degree. Opposed to the prevailing school of thought in the medical profession which causes doctors and would be doctors to cringe from embarrassment when asked about compensation, I believe that if one spend the time and money to receive good education he/she is entitled to a good salary, after-all what is wrong with wanting to make more money? Isn't that why we work on the first place? Getting back to the point--the competition to get into medical school is pretty stiff so I decided to get a degree that I'm very interested in and pays well in case I don't make it to medical school, in my case it was a no-brainer. Because what could be better that getting paid for breaking in other people's computers (legally of course). icon_cheers.gif

    One thing to add. If med school is your end goal then an undergrad in pre-med (biology focus) will help you more than a BS in CS when you apply to med school. If you don't want to goto med school then CS can be fine. But a CS degree is not needed to work in IT. CS is for software engineering. Most people with a CS find themselves bored in IT and don't last long. Food for thought. You need to have a long sit down with yourself and decide which career you want. Because one is not compatible with the other.
    "No man ever steps in the same river twice, for it's not the same river and he's not the same man." -Heraclitus
  • Stochastic13Stochastic13 Member Posts: 17 ■□□□□□□□□□
    From what I hear from everybody from counselors to students that got accepted to medical school--what you major in is not as important as what kind of grades you get. Biology doesn't teach you how to be a doctor, but computer science will make one stand-out more since medical schools look to have a diversified student body. Bottom line--everyone I talk to tells me to major in something that I like as opposed to picking a major that might increase my chances to make it to medical school. Therefore, I choose computer science. As to being bored in IT, I like to learn about security, so I don't think that I will be bored as long as there is something more to learn, and form what I see almost all interesting, research orientated, security jobs require a four year bachelor's degree in computer science, some even require masters or a PhD.
  • afcyungafcyung Member Posts: 212
    I think you need to decide what you want to do. Comp Sci deals with programming. If you want to do stuff with malware then a comp sci degree is a good one to have. But in other threads you talk about wanting to be a pentester. Well the best degree imo for a pentester would one that focuses on networking and you expand your knowledge from there.
  • phantasmphantasm Member Posts: 995
    From what I hear from everybody from counselors to students that got accepted to medical school--what you major in is not as important as what kind of grades you get. Biology doesn't teach you how to be a doctor, but computer science will make one stand-out more since medical schools look to have a diversified student body. Bottom line--everyone I talk to tells me to major in something that I like as opposed to picking a major that might increase my chances to make it to medical school. Therefore, I choose computer science. As to being bored in IT, I like to learn about security, so I don't think that I will be bored as long as there is something more to learn, and form what I see almost all interesting, research orientated, security jobs require a four year bachelor's degree in computer science, some even require masters or a PhD.

    Did these med students become doctors? Because let me tell you, going to med school with out a rigorous undergrad in biology and anatomy is not a good idea. I'm not a Dr but I discussed this with a friend who is a plastic surgeon and my wife who was 1 class shy of pre-med and also taught anatomy to pre-med students while she was doing her graduate degree in Molecular and Micro Biology. But hey man, it's your life. Just don't come here to complain when that CS degree doesn't help you with med school.
    "No man ever steps in the same river twice, for it's not the same river and he's not the same man." -Heraclitus
Sign In or Register to comment.