Getting around the experience issue

Michael2

I recently (six months ago) graduated with an Associate degree in Information Technology and went on to get my certification. The certification I have appears below my name on the left. I am looking for a job as a Network Security Engineer but all the descriptions I've seen require several years of experience. I am wondering how I can circumvent this requirement as I have no IT experience at all. I really don't want to enroll in school again. Would it help if I piled up on certifications?

Mc5ully

It's going to be difficult to land a infosec job with only 2 years college experience and a sec+ cert. Adding more and more certs won't help you too much, although a CISSP or something similar might help a little. If i was looking to hire someone for an infosec job I would want someone with real world experience, and degrees and certs only help after the experience already gets you past the door.

I would look for an IT job that will give you access to security experience that isn't really a infosec job. Like an IT specialist job of sysadmin, network admin, etc.

MrRyte

Certs won't guarantee a job, but they'll certainly get you noticed. I recommend going for the CCENT and then CCNA: Security for a start:
CCNA / CCENT
CCNA Security

Also; what other certs do you have now?

Michael2

I don't have any other certs, MrRyte. What happened is I was studying for the CCNA but I wanted to try and get it all done in one shot. I had so much difficulty keeping all that stuff in my head that I decided to just go for a simpler cert. I chose Sec+ because I decided to go for a career in information security. I decided after that I would not pursue any further certifications, but I'm wondering if I shouldn't reconsider.

I can't help wondering why you're asking about other certifications, though.

Michael2

I don't have any other certs, MrRyte. I gave up the pursuit of CCNA because I found it too difficult to remember everything. I decided to pursue a lesser cert like Sec+ instead. Then, I decided not to pursue any more certs because I figured my current one along with my educational background would be sufficient for getting into network security.

Michael2

Are you saying, Mc5ully, that I should go for sysadmin rather than Infosec?

wrwarwick

I wouldn't say you absolutely need more certifications, but with no experience, it will only help. To be honest, you are not going to get one of the higher level security engineer positions without any experience. LikeMc5ully stated, I would try to get something that might expose you to some security technology.

But again, to be blunt, you will probably have to start off on a helpdesk or a lower junior system admin position. Unless you get really, really lucky, there is no way around the fact that you have no experience.

Mc5ully

Michael2 wrote: »

Are you saying, Mc5ully, that I should go for sysadmin rather than Infosec?

I'm saying that since you probably won't land an infosec job with your current experience, I would go for another job that will give some security experience. One thing you can do is try and grab an IT job with a small company. That way you will hopefully be one of a few, if not the only, IT person working there. Which means you have to do everything IT related. This includes security related things.

vCole

Like others have said, a certification and a degree doesn't guarantee employment. However, if you're targeting a job such as a Network Security Engineer - aside from the experience look at all the other qualifications they're asking for - things you need to know, etc.
Your best bet is to get into a help desk/desktop support role with a company that is bigger (Fortune 500ish) or government where you could eventually move up or get some of that security experience.

networker050184

A company isn't going to let someone with no experience engineer anything about their infrastructure. You need to aim at jobs that match your experience level. At this point that's helpdesk, NOC, etc.

cyberguypr

I will echo what other have said. Short answer is you can't circumvent it. Truth is in most cases experience is king. How do you define Network Security Engineer? In some places this means a glorified password reset ninja, access badge control, etc. In others it is a very senior position where you will be expected to analyze and secure multiple systems including network, servers, workstations, applications, etc. It is very improbable for you to be able to successfully do the second without experience. I will venture to say that even if you had a Master's and zero experience, you would have a hard time landing a security position.

No matter how you define it, even entry level security position will require experience. In my opinion your best bet would be following wrwarwick's advice and landing a gig somewhere with potential for you to ease into a security role in a couple of years.

YuckTheFankees

Just like vCole and netowrker050184 said, there's no way a company will hire a person with no experience and the security+ cert for that role. You'll need probably at least 4 years of experience in I.T., maybe a bachelors, and probably more certs. Its nice to have network security engineer as a career goal but you need to crawl before you walk. When I first started to become interested in I.T. around April of this year, I was looking for an instant path to become a network engineer or Pentester..but they simply do not exist.

I was lucky enough to find a NOC position without any I.T. experience and now I know I'll have to work my way up in the I.T. field before I can get my dream job. After researching multiple forums and books, I know I'll probably have to take 1-3 more jobs before my dream job but hey, EXPERIENCE is the deal breaker in I.T.

Just start with any I.T. experience and work your way up, this field will reward you nicely.

DigitalZeroOne

Michael2 wrote: »

I decided not to pursue any more certs because I figured my current one along with my educational background would be sufficient for getting into network security.

When you mention education, do you have a degree? Even though a degree doesn't translate into knowing how to perform the job, companies are looking for it. If you don't have the experience, and you don't have the certs, a bachelors may help. Keep in mind that a good portion of the people that you will compete against may have experience, certs, and a degree...you want to stack the deck in your favor as much as you can.

Rappeller

Here is my example. Who would you trust more in the battlefield, a just graduated 2nd LT ring knocker (West Point Grad) who technically does have the knowledge of the job, or a 2nd LT fresh from OCS (Officer Candidate School) who was an E7 before OCS. I'm not bagging on ring knockers, but knowledge without experience tends to get mis-applied in some cases.

Everyone

In Transformers 3, there's a line an interviewer says when Sam is interviewing for jobs...

You want the job after this job, but you need this one first.

I wish I could find a clip of that scene, it applies to this and so many other posts like it on this forum.

docrice

I work as a Network Security Engineer. That's my formal title. In my case, it's not just doing password resets or simple log-watching. I'm responsible for firewalls, IDS, IPS, incident response, log / event monitoring, security product evaluations, packet wack-a-mole, vulnerability scanning, and other things...

And I have quite a few certifications, including the Security+. I don't have a degree.

To be candid, while the certifications certainly helped me with foundations, when it comes to actually doing the job I'm nowhere near as competent as I'd like to be. Real-world environments can be very complicated with a ton of moving parts, stringent uptime requirements, an enormous amount of data to sort through, limited budgets, and gaps in visibility which always need to be addressed. These are things which certification studies (and seemingly academia) don't teach.

Sec+ is certainly a good first step, but there's a lot, lot more to information security beyond that. It very much depends which area of infosec you want to be in as well.

There's no way I'd be able to do what I do in my current position without having done helpdesk / desktop support, server support, and at least junior network admin support in my previous jobs. Those non-security-specific positions really helped me mentally put the puzzle pieces together so things have become a bit more second nature when visualizing data as it moves from one point to another on the network.

This isn't to bluntly or harshly disappoint you, but we all need a reality check. You have a good start, but depending on what kind of "network security engineer" position you're looking for, it would really help you to gain that foundational experience by managing front-line IT systems.

DigitalZeroOne

DigitalZeroOne wrote: »

When you mention education, do you have a degree? Even though a degree doesn't translate into knowing how to perform the job, companies are looking for it. If you don't have the experience, and you don't have the certs, a bachelors may help. Keep in mind that a good portion of the people that you will compete against may have experience, certs, and a degree...you want to stack the deck in your favor as much as you can.

What the hell...I need a vacation. You mentioned in your post that you have your Associates degree, I overlooked that, my apologies.

vCole

Also, I'd like to throw another thing out there. You say you stopped studying for CCNA because it was too hard. The reality is this, to stay competitive and reach your goals (i.e.: dream job/money/etc) you need to put it work. There is no magical certification, degree, etc that will make that happen for you. Just good ol' fashioned hard work. As docrice said, you really need a solid foundation. Do doctors get to practice once they have a degree? No, they put in time, and the same applies for IT.

Some of these responses may seem harsh, but sometimes the truth hurts.

Michael2

DigitalZeroOne wrote: »

you want to stack the deck in your favor as much as you can.

So you're saying that I should stack up on certs?

Akaricloud

Michael2 wrote: »

So you're saying that I should stack up on certs?

You should stack up on more education, certs and most of all experience.

Do you think anyone would hire you as a network engineer if during the interview you told them you have no experience and the CCNA was too difficult for you?

MAC_Addy

Michael2 wrote: »

Are you saying, Mc5ully, that I should go for sysadmin rather than Infosec?

It will be difficult for you go to onto a sys admin job without any experience. Most places want at least 3 - 5 years experience. After I graduated I went on and passed a few certs, though, I had to start out in help desk, which is usually where a lot of people start out.

Your best bet is to take a helpdesk job, but don't stop studying. Keep taking certifications and work your way up.

MAC_Addy

vCole wrote: »

You say you stopped studying for CCNA because it was too hard.

I won't reply the whole post from vCole... But this will do. I definitely agree with you 100%. CCNA for me seemed like a scary subject when I finished studying my Network+ - and i didn't do it. I regret it now, since I took my network+ 5 years ago! I just started to study CCNA, bought a book and just started reading, while I was reading it didn't seem like such a dreadful cert to attempt.

If I were you I'd study and take Network+, then after that think about doing the CCNA again, or at least the CCENT ICND1. That will give you a foundation level into networking, since you wanted to go with infosec certs, this will help you out A LOT.

docrice

In regards to the CCNA being difficult, I'd probably generally agree since it covers quite a lot. My friend failed it the first time he sat the exam, but he was also relatively fresh at the material. I've heard that it's a lot harder than it used to be five or ten years ago. However, even if you don't actually work on Cisco-branded network equipment on a daily basis, the CCNA subject matter does provide information which is very relevant in today's computing networks. The Network+ is a fine start, but the CCNA ups it some, especially with subnetting.

There are some things you should not rush learning, many of the core CCNA topics included. If you find it difficult to get the subject down, take your time. Networking concepts can be a bit abstract to grasp sometimes since things like "OSI model," "packets," "frame headers" and the like are kind of vague to understand since you can't really "see" them like you can with configuration settings on a screen. Even with debug commands you're not really looking at packets in their natural state. You'd have to break out the protocol analyzer. That's another skill set in and of itself.

From a certification standpoint, I'd almost argue that you really should have your CCNA to even be considered for a network security engineer role. There's a reason why so many other certification bodies respect its value. And to be frank, the CCNA doesn't really teach you all you need to know in any medium-to-large sized networks. It's still an elementary certification in my opinion.

Psoasman

Michael2 wrote: »

I don't have any other certs, MrRyte. I gave up the pursuit of CCNA because I found it too difficult to remember everything. I decided to pursue a lesser cert like Sec+ instead. Then, I decided not to pursue any more certs because I figured my current one along with my educational background would be sufficient for getting into network security.

You might try the 2 exam route to CCNA. CCENT>>CCNA. Taking the exam in 2 parts would make the studying easier.