Switch Career from Programmer to Information Security

darkhors3darkhors3 Registered Users Posts: 4 ■□□□□□□□□□
hi guys

Im a .NET developer with 4 yrs exp and have a pretty decent pay. Im pretty good as a programmer.
I want to switch my career to Information security.
Im thinking of doing Security+ certification, is it going to help me get a job in this field. Also is my previous experience be of any use.
Any advice would be helpful.

Comments

  • effektedeffekted Member Posts: 166
    Security+ is an entry level cert and almost all security jobs aren't going to be entry level. They'll assume you have a solid understanding (usually backed up with experience) of being a system/network administrator and etc. It is a good starting point for certifications and a lot of jobs especially in the DoD field will require that certification before you start getting access to things, etc.

    With your background as a Programmer I would say your best bet at getting a security job would be web application security but by no means am I telling you that you can't go into network security or something, just might require more work and studying to build a solid understanding of what needs to be done in order to secure a network.
  • darkhors3darkhors3 Registered Users Posts: 4 ■□□□□□□□□□
    Thanks for the reply.
    As a .Net developer i design web applications. Apart from that i can program in c, c++, perl, java and have a pretty good understanding of networking and computer fundamentals.
    Can i really get into Info sec with a security+ cert? What profile would i be offered?
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,669 Admin
    When hiring managers see both software engineering and InfoSec experience on your resume, they'll tend to think you are an application pen tester (a la the OSCP certification) or a software dev security engineer (a la the CSSLP certification).

    Getting a job as a software engineer in an InfoSec company (such as Symantec, McAfee, etc.) will have you working ~95% of your time on software engineering problems and ~5% on actual InfoSec issues. If you want to stay in software, but work mostly in InfoSec, you need to be an architect or research analyst/engineer that doesn't write code (and that is a gig difficult for a non-expert to get). Of course, you can always get an InfoSec job at a company that does not write code at all.

    Why do you want to get away from software engineering and into InfoSec?
  • darkhors3darkhors3 Registered Users Posts: 4 ■□□□□□□□□□
    The reason being, developing websites is boring and hardly involves any thought process, atleast that's how i feel about it and i have been doing the same thing for last 4 yrs.
    Developing front end, and saving the data in the Database, that's how most of the web Applications are today.
    Higher level languages like .Net are usually used for designing applications of these kind.
    Though new technologies like Silverlight, WPF etc are emerging i find it too easy and boring no Job Satisfaction for me.

    I have always been a hardcore programmer and Info Sec has always interested me.

    So is my previous exp be any use to me if i switch and wat would be the best cert i should go for?

    Im really in need of some good advice.
  • effektedeffekted Member Posts: 166
    Spice things up, develop a website or database and etc. then try to DOS it or SQL inject it. If you're successful at exploiting it then start looking at ways to prevent the exploits from happening. Work on developing sites/applications that are secure and etc.
  • darkhors3darkhors3 Registered Users Posts: 4 ■□□□□□□□□□
    hi effected
    thanks for the reply, but i dont think this the answer to my question.

    Please provide me some valuable answer to my question.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,669 Admin
    darkhors3 wrote: »
    So is my previous exp be any use to me if i switch and wat would be the best cert i should go for?
    As effekted pointed out, Security+ is the InfoSec cert to start with. This will give you an idea of all of the different domains in InfoSec. Read through the posts in our Security+ forum to get an idea of what you will be learning.

    Most other InfoSec certs are for people who already have professional InfoSec work experience. But there are several hands-on certs, like the OSCP, that combine InfoSec and hacking, and are a good fit for people with programming experience.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,669 Admin
    It looks like there is a need for InfoSec professionals with .NET programming experience: Mass SQL Injection Attack Hits 1 Million Sites - Dark Reading
Sign In or Register to comment.