How does one "break" into the IS Security industry?

MSP-ITMSP-IT Member Posts: 752 ■■■□□□□□□□
By 2014, I'll have my B.S. in IT Security from WGU and will hopefully have the C|EH and SSCP alongside my Security+ and CCNA Security. Basically, I will want a job that can contribute towards the 5 years required experience for the CISSP. I would like to get into the industry as soon as possible. What type of entry level jobs are there? I searched for entry level network security, but not much came up.

Ideas?

Comments

  • dbrinkdbrink Member Posts: 180
    My advice would be to find an internship as soon as possible to get experience.
    Currently Reading: Learn Python The Hard Way
    http://defendyoursystems.blogspot.com/
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    This has come up a lot lately. I would recommend a forum search.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    One of the unspoken tests of your potential as a future infosec professional is your ability to research and figure out the details on your own. Searching this forum should yield many results.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • dontstopdontstop Member Posts: 579 ■■■■□□□□□□
    via a Buffer Overflow
  • zrockstarzrockstar Member Posts: 378
    1HeAJ.jpg

    Man I'm sorry, I just read the title and couldn't resist :P
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    zrockstar wrote: »
    Man I'm sorry, I just read the title and couldn't resist :P
    ROFL, I just watched the FotR a few days ago, and so this one was right on
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    MSP-IT wrote: »
    Ideas?
    There are dozens if not hundreds of threads on TE started with a question just like this, with some extremely valuable and detailed responses from some very respectable people. I trust you can find them easily.
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I nominate that picture to be the official infosec sticky.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    docrice wrote: »
    I nominate that picture to be the official infosec sticky.
    I absolutely second that
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • MSP-ITMSP-IT Member Posts: 752 ■■■□□□□□□□
    zrockstar wrote: »
    1HeAJ.jpg

    That is truly wonderful.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Oh, that's just too good :)
  • About7NarwhalAbout7Narwhal Member Posts: 761
    Guess everyone beat me to the punch on the "Break" play, huh? Well, on a more serious note: Does security really have that high of a demand? While I understand that things need to be secured, and businesses are looking for specialists to fill those roles, it seems to me like the flooding of Security Specialists will eventually result in a recession. How common is it for a company to need more or new security techs?
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    ^ From what I have seen in my own organization, Security Operations has relatively high turnover due to burnout and/or leadership changes. I don't have statistics on the supply/demand of Security, so take that for what it's worth.

    I did want to bring a different perspective to the table as someone who just accepted his first security role. I recently obtained a job as a Security Analyst working in a SOC and here are a few things that stuck out in my interview:

    +Broad knowledge: I was asked about OS's, malware, networking theory, network devices, etc. While I may start off in a network-related role in the SOC, it seemed important that I had a broad range of knowledge covering a large amount of IT.

    +Mindset: I believe it was docrice who in another thread said security is a mindset. Absolutely correct. I was asked questions that would force me to convey my philosophy of information security.

    +Interest/Passion: Last but not least, it was blatantly apparent that my hiring manager was looking for someone who geeks out on this stuff. 'Who do you look up to in this field?' 'What infosec publications do you stay current with?' 'What have you done to prepare yourself for work in security?' 'What related formal training have you taken part in?'

    My two cents.
  • dnvs1dnvs1 Registered Users Posts: 1 ■□□□□□□□□□
    Hey thank you for your input. I have been in he'll desk/Jr admin positions for 6 years. I have been planning to move on this to move on to security. However I have been struggling with scheduling time to study and the demands of home, office, and r&r. I am a geek on technology and have a natural sponge when it comes to technology. Hard wired that way I guess. Where would suggest I start? Security+?
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Security+ is a nice jumping off point because it touches many different domains from a bird's-eye view. I also think networking is important because the network is the backdrop for legitimate business activity in most organizations. Protecting it is important. As far as networking is concerned, Net+ is a nice start and if you want to go deeper CCNA or the Juniper equivalent is the next step - CCNA is also the prerequisite certification for CCNA: Security so it has value there too.

    This is starting to look like a you-should-do-what-I-did post, so I'll stop here. In the end we all instinctively do what we believe is best, and if you work hard I like to believe it will pan out for you. I don't have any connections in this field and nobody handed me anything. It is something you have to earn and take.
  • SimberTarianSimberTarian Registered Users Posts: 1 ■□□□□□□□□□
    I have always known the term "It is not what you know, it is who you know". For instance, getting your Ethical Hacker Cert, go find some other hackers and network. Go to the conferences and network (whilst having a blast and learning), volunteer at security organizations (sometimes they really do just need grunts to gopher things), join hacker groups (hackerspaces, local Defcon groups, etc), network with them on twitter, do some things that add value.
    Be a part of the InfoSec community. Before you know it you are inherently sitting next to a senior VP who happens to be hiring or knows one of his buddies who is and has taken a liking to you. Heck, maybe you get a mentor at the least and who wouldn't want that?

    What do hackers do? Solve puzzles and find another way in.....
  • LinuxNerdLinuxNerd Member Posts: 83 ■■□□□□□□□□
    I have always known the term "It is not what you know, it is who you know". For instance, getting your Ethical Hacker Cert, go find some other hackers and network. Go to the conferences and network (whilst having a blast and learning), volunteer at security organizations (sometimes they really do just need grunts to gopher things), join hacker groups (hackerspaces, local Defcon groups, etc), network with them on twitter, do some things that add value.
    Be a part of the InfoSec community. Before you know it you are inherently sitting next to a senior VP who happens to be hiring or knows one of his buddies who is and has taken a liking to you. Heck, maybe you get a mentor at the least and who wouldn't want that?

    What do hackers do? Solve puzzles and find another way in.....

    There is this ^ and there is also straight knowing your stuff. Coding some programs, writing a few white papers. Both are paths.

    It's never a requirement to know people, although it is one path.

    The Industry is in a bubble and will pop in 5 years, but until then the going is good and there's lots of money to be made. In 5 years time be prepared to already transition into something else or be the top in your field else it's the unemployment line.
Sign In or Register to comment.