InfoSec Major/ Direction Help Needed!

First off, hello this is my first post on this forum!

A little about me ... im a soon-to-be highschool graduate looking to get into the IT-Security field. If everything goes right, im walking out with 3 years of a Vo-Tech IT Networking Program under my belt and a CompTia Network+ Certification. I've always been interested in the InfoSec field and I have done some small time computer hacking (legally) and cryptography. I plan to study for and get my Security+ Cert as my next to acquire. From a System Admin's prospective, I understand how computer attacks are implemented and defended against, what protocols they often use, and what measures attacker's use to gain access or root as one might call it. For programming I don't have a strong background, Im capable of simple Pyton/C/Bash/Shell scripts that accomplish very little.

With that being said i'm facing a little delmma on how about I pursue my collage education? I've read that anyone with a degree in IT whether it be CS, IT-Net or Database management could get a job in Cyber Security depending on their Certs and experience. Now someone might say, "Well go for a Computer Security Degree son! Whats the matter?" That way I look at it is from a Job perspective. If I graduate with an IT-Net degree and get Security Based certification im qualified for Administration and Administration with a security focus. If I have the Comp Sec Degree and the Comp Sec Certs... im qualified only for that Comp Sec job. The same thing goes for any other direction as well, if it may be CS or not!

I base my worries on this article: Let's scuttle cybersecurity bachelor's degree programs - Computerworld

"Now, a general degree in computer science can pretty much qualify a person for any entry-level position in the computer profession, including a cybersecurity position. But a person with a highly specific degree may have a problem getting a broader position. And I don't think new graduates armed with a bachelor's degree in cybersecurity are going to want to limit themselves to that relatively small subset of available jobs.Think of it from a hiring manager's perspective. She has an opening for a database manager and must choose between two candidates. One has a general CS degree, and his studies included classes in database management. The other has a cybersecurity degree, but though he says he can write a database management security policy, he never took a course in database management. Welcome aboard, CS graduate!
[FONT=Helvetica Neue, Helvetica, Arial, sans-serif]While you might contend that the cybersecurity graduate will look for the plethora of cybersecurity job openings, and not a database management position, this first assumes that the new graduate wants to limit themselves to a very specific, and small, subset of computer related job openings. Again, they will still be competing with general computer degree holders." -2nd Page 1-3 Paragraphs [/FONT]

[FONT=Helvetica Neue, Helvetica, Arial, sans-serif]So looking ahead, this is quite the question. I'd like to start as a Penetration Tester (CEH) and move up the ranks to get my CISSP and possibly becoming something better like Risk Analysis , Forensics, or possibly a Project Manager in Infosec. All of those require different skill sets and that sorta sets me off, but I could be wrong.
[/FONT]
Is there anybody in the Industry who would be kind enough to point me into the right direction based on their experiences?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dmoore44

I would definitely gravitate towards the more general degree programs of Computer Science or Systems Engineering for an undergrad degree. The reason is that you'll want a broad degree of experience when you leave college and look to enter the workforce. As a general rule of thumb, there's no such thing as "entry level INFOSEC", which is to say that there are virtually no INFOSEC jobs for someone just entering the IT workforce. To succeed in INFOSEC, you need to gain as much experience as possible before going down that path. If you go after a degree in a niche field, you've effectively minimized your chances at getting a job a job in a foundation skill (i.e. systems administration, network administration, DB administration, etc...), which in turn hurt your ability to build up your resume and start the transition to INFOSEC.

pinkydapimp

This. Comp Sci gives you a strong base of knowledge to build from. As dmoore stated INFOSEC requires broad knowledge so i would suggest building your foundation and going comp sci. Then get more specific ie. ethical hacking, pentesting.

ChooseLife

On the one hand, my gut feeling is that a general CS degree is likely marketed better than a specialized one for both general IT and InfoSec career.

On the other hand, I myself have a degree that says "Bachelor CS. Specialty: Network Security" and from what I can tell it has not negatively impacted my prospects for sysadmin jobs. If anything, it only helped as I often would get remarks like "Oh, so you have security background... That's good, we need those skills in our sysadmin team".

RoyalRaven

Find out if there is a Center of Academic Excellence in Information Assurance, sponsored by the National Security Agency near you. (Centers of Academic Excellence - Institutions - NSA/CSS) You'll have to look closely at the programs offered and find out how good they are, but it should give you a baseline of schools that are more focused in InfoSec.

If I had to do everything over, I would go through my undergrad and grad school studies through an InfoSec program (or IA - Information Assurance) and skip the general-type degrees. I ended up getting a 2-year in Network/Sysadmin, then a 4-yr of a lot of mixed stuff (BS degree, but wasn't on a certain subject), then got a grad degree from CAE-linked school (this is when I got into InfoSec). Best decision ever with my educational goals. Doesn't hurt that CISSP was my capstone at the end of the Masters program. It's what I wanted to do anyway vs. writing long papers

Kantarvo

Thanks for the input guys. I live in Southeastern PA and based on your input I think these schools should cover my bases.

MCCC :: Computer Science AS Thats an associates in CS , which then I would transfer over to
Computer Science - Ideally the Computer Security Degree, which in this course has a well rounded base in Programming; the first two years are nearly idenctical in courses taken.

Im starting at the community college "Montco" as they call it for financial reasons.

From there its certs like Security+, CCNA, CEH, ect.

Any more inputs? Ideas? Details?

Kantarvo

Nailed my Net+ Exam today!

I looked into WGU for IT Security, I really like the Idea of a cheap online school that gives one 14 certs walking out of the door! Im turned off by the fact its not accredited by the NSA or anything else that most other programs have. Any ideas?

veritas_libertas

Call me a cynic, but I've never considered the NSA credential that impressive. I would be more concerned about how good the reputation of the school is. For instance, if you lived where I do than you might be considering Georgia Tech, etc. etc.

the_Grinch

Honestly, the advice you received from people saying stay general is the right advice. I graduated with a BS in Computing and Security Technology (concentration in Computing Security). My course load had all the standard IT courses to build a foundation on and then a ton of security related courses. In eight months of job searching a vast majority of employers told me they didn't think I'd be a good fit. I heard "you won't be happy you won't be doing security" or "you have a degree in security, this is a helpdesk job". At the same time, on security interviews they told me I didn't have enough experience.

The best course of action for your is the do the following:

1. Go to community college and knock out the pre-reqs on the cheap (no one cares where your AS is from when you go for the BS)
1a. Get a job working the with computers while going to school (experience is king)
2. Move to a four year school that has the NSA Accreditation majoring in Computer Science - The NSA Accreditation is the gold standard, I won't lie no one has ever asked about it, but I went to a school that is accredited. Majoring in Computer Science you'll get coding, systems administration, and networking in a nice package.
2a. Minor in Network Security/Information Assurance - This gives you the security education without having to play the "you won't be doing security here" game
3. Remained employed while going to school

You follow that plan and one of two things will happen when you get out of college. You might get a job in security, I've known some who got it right out the gate. You'll at least get a job in IT and will be able to get more full time experience. Either way, you win. I never trust what you want to do when you get out of high school because honestly you haven't lived yet. I commend you on asking questions and you are definitely on the right track. But it's normal to think you want to do one thing and then take a few classes only to find you can't stand it. I didn't switch to security until I took the required two courses for the general track.

Just as an example, this June I'll be in my four year of full time employment as a support specialist. This year was the first tangible interview and job offer I had related to information assurance. That's why experience is king

colemic

WGU is, in fact, accredited by NSA. Online University News | WGU Earns NSA Certification Granted, it is not CAE, and I don't know if they ever will attain that. )others may know more on that.)

That said, I personally have yet to find a single example where someone hs truly benefitted from their school of choce having that designation. It's nice, I guess, but honestly... I don't think it matters a whole lot to HR folks, or even most hiring managers. Maybe if you are shooting for CyberCom or some other government job, it might be relevant.

bobloblaw

dmoore44 wrote: »

I would definitely gravitate towards the more general degree programs of Computer Science or Systems Engineering for an undergrad degree. The reason is that you'll want a broad degree of experience when you leave college and look to enter the workforce. As a general rule of thumb, there's no such thing as "entry level INFOSEC", which is to say that there are virtually no INFOSEC jobs for someone just entering the IT workforce. To succeed in INFOSEC, you need to gain as much experience as possible before going down that path. If you go after a degree in a niche field, you've effectively minimized your chances at getting a job a job in a foundation skill (i.e. systems administration, network administration, DB administration, etc...), which in turn hurt your ability to build up your resume and start the transition to INFOSEC.

What he said along with most others in here. You won't start in pen testing. Just doesn't happen.

The fact that you're talking about this while in high school... kinda think you'll be fine no matter what path you pick. Get your degree, though. Not having one will end up hurting you in the long run. I say this from experience.

Kantarvo

Thanks for the input guys.

As for my plans, your right... it could all change I could end up hating programming and wanna end it all. In that case Ill just go back to an IT-Admin/Networking Degree.

its a hard choice.... Montco....ESU, WGU... ??? lol

geek4god

Funny I am reading this about 20m after getting my Masters degree in IA in the mail. It is from a NSA Center of Academic Excellence.

My advice..

Don't go in debt! If that means working two fast food jobs while going to a JR College then so be it! Do not go in debt to get a tech degree until you know this is what you want to do and no matter what you think you can't know until you have worked in IT.

Do not go into IT unless you can 100% commit to being a lifelong learner. Hate studying? Then pick another field!

If you want to be a programmer then go to college, but remember rule number one, no debt. If you want to do something else college is fine if it won't cost you. If there is a cost to you skip it for now and invest in some certs.. A+, Network+, Security+ and as soon as you get A+ start applying for every help desk job you can find and don't stop till you get one! Keep working on certs and start looking for the next Job! Your goal is to find someone who is going to pay for your degree.

But wait I want to do security!?!? Yea and I want to be a ninja! So? The goal is to build some IT experience, grab some certs and get a Computer Science Degree (or something similar) paid for by an employer! If you get a security job before then, great! If you don't keep applying for jobs until you do! Keep getting certs, keep learning new things! Security is part of everything, take on a security mindset no matter what your job!

Your other option is to enlist in the Military in a specialty that is computer/network related and has at least a Secret Security clearance requirement. While there work on security/IT related certs and get out and get a job that requires a clearance.

Why is debt such a big deal? There is a 50/50 chance you will HATE the IT industry! Trust me no matter how much you think you will love IT it is a tough job! So if you rack up a bunch of debt, doing something you might like better, gets harder and harder! Let someone, the military, your employer, someone/anyone pay for the majority of your degree!!

pinkydapimp

I think another thing that people get hung up around the Comp sci degree is that people think its just to be a programmer. This definitely isnt the case. When i did my undergrad in Comp sci i had zero intention of working professionally as a programmer. Now there will be a number of programming classes, but the degree as a whole teaches you about how computers work, hardware and software and to understand that you need to understand programming(learning the logic behind will also help you to think logically). The more you know in this area, the better you will be in troubleshooting things at a helpdesk, as well as mitigating security risks.

forestgiant

When I completed my MSc ISA at WGU, the mailman delivered a package that included an official MSc diploma, and another certification that said:

"STUDENT ABC completed course of study recognized by the Committee of National Security Systems (CNSS) as meeting the national training standard for Information Systems Security (INFOSEC) Professionals, NSTISSI No. 4011 and 4012. "

CNSS is Committee on National Security Systems which you can read more about on its website.

WGU - MScISA CNSS.jpg

the_Grinch

I'd like to add that if you are in high school and not working in the field do an on-campus program. You're going to want as much hands on experience you can get and if you aren't working in the field actively I think online classes will hurt you. I know the university I work at will not consider you for an online program without 20 credits from a brick and mortar college. A lot is expected of you in an online program and I don't think young people tend to handle that very well.

Kantarvo

geek4god wrote: »

Funny I am reading this about 20m after getting my Masters degree in IA in the mail. It is from a NSA Center of Academic Excellence.

My advice..

Don't go in debt! If that means working two fast food jobs while going to a JR College then so be it! Do not go in debt to get a tech degree until you know this is what you want to do and no matter what you think you can't know until you have worked in IT.

Do not go into IT unless you can 100% commit to being a lifelong learner. Hate studying? Then pick another field!

If you want to be a programmer then go to college, but remember rule number one, no debt. If you want to do something else college is fine if it won't cost you. If there is a cost to you skip it for now and invest in some certs.. A+, Network+, Security+ and as soon as you get A+ start applying for every help desk job you can find and don't stop till you get one! Keep working on certs and start looking for the next Job! Your goal is to find someone who is going to pay for your degree.

But wait I want to do security!?!? Yea and I want to be a ninja! So? The goal is to build some IT experience, grab some certs and get a Computer Science Degree (or something similar) paid for by an employer! If you get a security job before then, great! If you don't keep applying for jobs until you do! Keep getting certs, keep learning new things! Security is part of everything, take on a security mindset no matter what your job!

Your other option is to enlist in the Military in a specialty that is computer/network related and has at least a Secret Security clearance requirement. While there work on security/IT related certs and get out and get a job that requires a clearance.

Why is debt such a big deal? There is a 50/50 chance you will HATE the IT industry! Trust me no matter how much you think you will love IT it is a tough job! So if you rack up a bunch of debt, doing something you might like better, gets harder and harder! Let someone, the military, your employer, someone/anyone pay for the majority of your degree!!

Id love to get someone else to pay for my college, like the military or an employer... but the Military isn't an option at the moment (bad shoulders) and to be honest having an employer shell out 80K+ for one guy's education is a hard one... But im certain without a degree no employer could take me seriously? If so describe how you stayed out of debt cause personally I dont want to shell out $600 a month in loan payments..

the_Grinch wrote: »

I'd like to add that if you are in high school and not working in the field do an on-campus program. You're going to want as much hands on experience you can get and if you aren't working in the field actively I think online classes will hurt you. I know the university I work at will not consider you for an online program without 20 credits from a brick and mortar college. A lot is expected of you in an online program and I don't think young people tend to handle that very well.

Im leaning torwards a physical college cause I believe i'll preform better on hand, however the cost is a real issue for me lol! (I know grants, scholarships, ect)

On a side note, im going for my Bachelor's first... not my graduate degree unless convinced otherwise by you guys and others irl.

geek4god

Kantarvo wrote: »

Id love to get someone else to pay for my college, like the military or an employer... but the Military isn't an option at the moment (bad shoulders) and to be honest having an employer shell out 80K+ for one guy's education is a hard one... But im certain without a degree no employer could take me seriously? If so describe how you stayed out of debt cause personally I dont want to shell out $600 a month in loan payments..

I did not avoid debt and that is why I am sharing my Wisdom with you! Spend the summer getting A+ (if you can't study on your own to pass a cert you are not cut out for IT). Apply for a help desk jobs the day you pass, stay at home (yea it sucks), take classes at a JR college part time if you have to. Find a job with tuition reimbursement. Take more classes! Get more certs. Apply for a new job every few years until you land an infosec job.

There is a common thread in the advice you are getting.. Experience is better than a degree, work your way through college so you have both etc etc..

Kantarvo

I already have my net+ and three years of a Vo-Tech program for IT-networking under my belt... im fairly sure I like the IT field!

As far as working threw college making it secondary has anyone accomplished this? If so how? how long did it take to get an undergrad degree?

And secondly... the other option of going for a IT-Networking Degree... what difference decisions would I need to make to get to my dream of InfoSec!

101010

Kantarvo wrote: »

Id love to get someone else to pay for my college, like the military or an employer... but the Military isn't an option at the moment (bad shoulders) and to be honest having an employer shell out 80K+ for one guy's education is a hard one... But im certain without a degree no employer could take me seriously? If so describe how you stayed out of debt cause personally I dont want to shell out $600 a month in loan payments.

geek4god wrote: »

There is a common thread in the advice you are getting.. Experience is better than a degree, work your way through college so you have both etc etc..

I am going to also agree with geek4god concerning debt and experience being better than a degree. Four years ago I was working as a machine operator in a plastics factory. I currently work in Network Administration and Information Assurance at a large defense contractor, making a decent wage (~60K). I have done this all without a single college credit, let alone a degree and the associated debt.

I did this by taking any and all experience available. I worked as a computer repair technician at a retail store making minimum wage for two years, gathering not only technical experience and my A+, but the soft skills that have served me well throughout my IT career. I then interviewed for a Desktop Support Technician and landed the position in large part because of the soft skills that my fellow aspirants lacked. I continued to gather experience and several certifications (Net+, Sec+, CCENT) over the next two years, as well as developing professional relationships with my coworkers. So, when my current position opened up and I threw my hat in the ring, I was quickly offered the position. I am now pursuing more InfoSec focused certifications and hope to find myself in a Penetration Testing/Security Analyst position in a year or two.

Now I could have taken the traditional route and gone to school full time for the last four years, delivered pizza for some spending money, and graduated 20-80K in debt. Then hope to find myself in a poor paying entry level IT position requiring several more years to reach where I am at now.

My path may not be best for you, and there is much to be said for getting your degree (looking into getting one myself), but I hope I have illustrated that a degree is not required for you to succeed.

Kantarvo

I get it nobody wants to be in debt , but what about the ideas suggested in this thread?

http://www.techexams.net/forums/jobs-degrees/89755-get-i-t-degree-certifications.html

I know exp is king but I dont know a single person who lands a IT Help Desk job w/o experience or prior knowledge (even though I do) and where along the line will I learn the proficiency of programming? I dont trust my self taught abilities to know to ins and outs of programming to the level I need to be.

101010

Kantarvo wrote: »

I know exp is king but I dont know a single person who lands a IT Help Desk job w/o experience or prior knowledge (even though I do) and where along the line will I learn the proficiency of programming? I dont trust my self taught abilities to know to ins and outs of programming to the level I need to be.

I would recommend you get your A+ and search for a small PC repair shop or retail computer store and get your hands dirty in a technician role. Many of these places offer part time work so you can attend school at the same time. This will give you both technical and customer service experience, both sought after skills for any Help Desk/Desktop Support role. During this time you will also want to continue to get certified. After grabing the A+ go for the Sec+, then on to Cisco's offerings.

With this you will have a resume that can contain both Experience, Certifications and show progression towards a Degree. More than enough to land you that first IT job. After you have that first IT position you can look to focus on your particular field, through both your Degree and further Certifications. Such as a BS in Computer Science with a focus on Security, and grabbing CEH/SSCP/OSCP. Then you can look to grab one of those sought after InfoSec positions.

Also, concerning your programming proficiency question. It is very unlikely a Help Desk/Desktop Support role will require any programming, other than occasional script hacking/troubleshooting, for which basic GoogleFu should be sufficient. You should have plenty of time to learn programming, either in school or on your own.

Kantarvo

I could get my A+ in no time if I really wanted to but who wants to memorize hardware lol.

Question Though, why does everyone prefer a BS in CS over Info Tech/IT-Networking? Usually both courses have programming courses within them, CS comtaining more. Im not scared of actual programming hell I want to embrace it but all over this fourm and no where else is where I see it.

Courses like this for example - MCCC :: Computer Networking AAS

paul78

Kantarvo wrote: »

why does everyone prefer a BS in CS over Info Tech/IT-Networking? Usually both courses have programming courses within them, CS comtaining more.

It's not the quantity of the classes. It's the type of classes. In my very sparse review of various IT degrees, most the of the programming classes were very rudimentary programming which I characterize as simple scripting and web development.

In contrast, a CS degree should prepare someone that could actually write software like an operating system or a programming language. Although, in reality, most CS graduates don't go into that area of IT.

Kantarvo

paul78 wrote: »

It's not the quantity of the classes. It's the type of classes. In my very sparse review of various IT degrees, most the of the programming classes were very rudimentary programming which I characterize as simple scripting and web development.

In contrast, a CS degree should prepare someone that could actually write software like an operating system or a programming language. Although, in reality, most CS graduates don't go into that area of IT.

I have a net admin background in window's domains, to what extent does a CS degree prepare one to be a net/sysadmin ?