Article: "There's nothing whatsoever "entry level" about security."

docricedocrice Member Posts: 1,706 ■■■■■■■■■■
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/

Comments

  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    I felt this was a very good article overall. I hate the term "entry level" security because I believe it tends to confuse things for people. As the article points out, a solid understanding of some body of technical knowledge (systems, networks, etc) can break you into a lower level security position. I've been a JOAT for three years handling network devices, servers, and desktop issues. Three different times this knowledge has lead to job offers for security related positions. I have education in various security concepts, but nothing in the applied realm (other then some home labbing and presentations).

    All that being said, I believe companies have been going about everything incorrectly. If I am in a position where I cannot find qualified candidates for open positions, then I would begin a mentoring program of some kind. Use current expertise to build up new talent from the outside. Say it would take me three to six months to find someone for an open position. In turn, I could hire someone with the needed basics and use those six months to train them to where I want them to be. I believe this will be where the industry will end up heading as it would provide the best solution to the problem at hand.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,667 Admin
    What industries want are more people with fundamental security skills and not people looking for entry-level careers in IT security. Many industries either don't consider security to be an entry-level career, or see security only as an additional skill picked up by people with more traditional IT job titles. Most industries see their org chart as needing very few people with the word "security" in their job titles, and prefer those that do wield an IT security title should be closer to the top of the org chart rather than the bottom.

    The article is correct that not everyone is interested in doing security. I've seen many software and network ops people forced into being security people and not liking it because security does not interest them. But you really need to try all of your people in a security role to see who fits and who doesn't, and let those that don't slide back to what they prefer to do.

    This article also mentions the Breaking into Security series of articles on the KerbOnSecurity blog, in which Brian Krebs interview leaders in the InfoSec industry (Richard Bejtlich, Bruce Schneier, Jeremiah Grossman, et al.) on how to get into InfoSec as a career. Although Krebs does not ask questions directly about IT security certifications, these articles and there comments are worth a read.
  • forestgiantforestgiant Member Posts: 153
    There's not even a general consensus on what constitutes "security" in the computing world. Security concepts get their meanings and assumptions from generic use, so everybody have an idea of what they are (keep the bad guys out, let the good guys in), but few really know how they apply to businesses and organizations of the 21st century. If you reconfigure something to be secure, you're likely to hinder processes and that'd be unacceptable to org' leaders. It's a very delicate balance between security and convenience, that's why it takes years of experience to pick up that intuition. Unfortunately what HR thinks it knows about security and what IT can do is very far apart.
  • mapletunemapletune Member Posts: 316
    It's my long term goal, or should I say "tentative" long term goal, to get into network security. So this was an interesting read.

    Thanks for the article (and the links within!) =D
    Studying: vmware, CompTIA Linux+, Storage+ or EMCISA
    Future: CCNP, CCIE
  • klhatchettklhatchett Member Posts: 29 ■□□□□□□□□□
    I am actually currently studying Information Security and Assurance at Kennesaw State University near Atlanta Ga, although I would love to work in Security, this article is also raising some alarms in my head, because when I am researching current job openings in "entry level" security, Most say that 7+ years of security related and experience is required and also a CISSP or CISA and CISM certification are highly preferred. Makes me wonder if I should just change my major to Information Systems and minor in Information Security?!!!!
    Look me up on LinkedIn, Lets Connect! http://www.linkedin.com/in/klhatchett92
Sign In or Register to comment.