Options

Do entry level InfoSec positions exist?

ITcognitoITcognito Member Posts: 61 ■■□□□□□□□□
Hey guys,

I'm currently in an 4 year bachelors undergrad InfoSec program and am worried about finding a job after graduation. My program does have a mandatory co-op term in which I hope to gain some relevant experience, but will it be enough? I've heard that entry level infosec positions dont exist and that I will be required to start off in helpdesk or server administration and break my way in. Are my fears valid or am I just being panicking unnecessarily?

Comments

  • Options
    WafflesAndRootbeerWafflesAndRootbeer Member Posts: 555
    You are correct. Entry level INFOSEC positions DO NOT EXIST. You more or less get into INFOSEC by obtaining INFOSEC certs through self-study while working in another field and then, if you are lucky, you might get an INFOSEC job.
  • Options
    ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    Do entry level InfoSec positions exist?
    No.

    Understand that InfoSec is not a separate field, it is an advanced layer of Information Technology / Information Systems. To become proficient in network security, one must first gain knowledge of networking. Same goes for other branches of InfoSec.
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • Options
    ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • Options
    docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Let me break the trend here and say entry-level infosec positions do exist. However, the term "entry-level" in regards to infosec has a different meaning, which brings us back to the point others here make about that. In general, people start off doing lower-level grunt work and then eventually move into security positions, because security is a natural extension of existing job verticals like systems and network administration.

    If you were to start off doing pure security work with no real experience on the subject matter you're securing, then you'd be blindly pushing buttons without the relevant context. Books and training provide starting points, but on-the-job experience instills wisdom because information technology environments are essentially massive logical machines with thousands of components moving (often not) harmoniously. The fine details count, and without having done a lot of the actual cooking in the kitchen, you'll never realize how different ingredient combinations create different results with different reception from diners with different tastes.

    But panic not. These days there's a lot more highlight and awareness in regards to security, so I'm under the impression that the job market for it is expanding. Even if you're doing desktop support, there's security in there somewhere (looking at logs, authentication events, correlating events together, etc.) and that helps form the basis of interacting with the gears of the machinery. And understand that the machinery is not just the digital Legos on the wire, but also how they work within business processes, objectives, and human interactions.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Options
    ITcognitoITcognito Member Posts: 61 ■■□□□□□□□□
    It's kinda discouraging hearing stuff like that, but the truth is bitter. A know I few guys who've graduated from my program and have landed security analyst positions, so perhaps there is hope yet.

    If I'm to be a server admin with my eyes on InfoSec, what do you advise I get certified in before working on security certs? MCITP/MCSA?
  • Options
    YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    May I ask what interests you about InfoSec? What do you think your day-to-day tasks would be for a security analyst?
  • Options
    YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    ITcognito wrote: »
    It's kinda discouraging hearing stuff like that, but the truth is bitter. A know I few guys who've graduated from my program and have landed security analyst positions, so perhaps there is hope yet. If I'm to be a server admin with my eyes on InfoSec, what do you advise I get certified in before working on security certs? MCITP/MCSA?
    It totally depends on what you want to do in security. Do you know yet?
  • Options
    Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    May I ask what interests you about InfoSec? What do you think your day-to-day tasks would be for a security analyst?

    That is what I was going to ask as well. Important question, indeed.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • Options
    paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Entry-level security positions do exist, but it large depends on what area of security you are interested in. The big four, for example, do hire many interns for their risk assessor businesses. Similarly, for administrative activities related to security and risk, there are also entry-level positions. By administrative, I'm not referring to server or network administration but activities related to project and operations management such as governance, compliance, or project management.

    Obviously, some of the more technical areas of security and management activities require more concrete experience and evidence of accomplishments.

    As for certifications, in my experience, most hiring managers that I know are more interested in an individual's accomplishments, individual integrity, judgement, and ability to communicate.
  • Options
    Concerned WaterConcerned Water Member Posts: 338 ■■■■□□□□□□
    I've seen some online before, but once in a blue moon.
    :study:Reading: CCNP Route FLG, Routing TCP/IP Vol. 1
    SWITCH [x] ROUTE [ ] TSHOOT [ ] VCP6-NV [ ]
  • Options
    bigmantenorbigmantenor Member Posts: 233
    I will go against the grain and argue that they do exist, but are not common. I got my current job as a security analyst with no previous IT experience other than building computers for friends. I did have a few certs, a bachelor's degree, and they had an aptitude test which I passed with flying colors. If you can find the right situation, and/or the right hiring manager, then you may be able to find someone who will take a chance on you if you show aptitude and interest. A lot of shops will gauge your interest by asking you what security blogs/websites you read on a daily basis, what books have you read, what conferences you have attended (Defcon, etc.).

    Don't get too discouraged if you don't find something in security right out of the gate; while this job has worked out great for me, I was pretty overwhelmed the first few months (drinking from the firehose of networking). Also, if you are open to relocation then you may be able to find something more easily. I live in Texas, and there are no shortage of IT jobs in our various metro areas. Various companies either have their HQs or TACs in DFW (Checkpoint and SecureWorks are two off the top of my head that always seem to be hiring). Good luck!
  • Options
    ITcognitoITcognito Member Posts: 61 ■■□□□□□□□□
    Not sure yet what area of InfoSec I'd like to get into. Maybe penetration testing.
  • Options
    boredgameladboredgamelad Member Posts: 365 ■■■■□□□□□□
    Yeah, I also started in infosec as a newbie. I worked a SOC helpdesk, monitoring perimeter security devices (Check Point, Juniper, Cisco ASA firewalls and their associated IDS/IDP solutions) and doing incident response for a few years. I got bumped up to a second level role (ticketing and change management), then moved to another company into a consultant job. Based on my own experience, discussions with my co-workers and at networking events, I'd have to say it is possible, but not common, to get into infosec at entry level.
  • Options
    phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    ITcognito wrote: »
    Not sure yet what area of InfoSec I'd like to get into. Maybe penetration testing.

    It's not as glamorous as it sounds.
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    They're few and far between when it comes to entry-level security jobs. Honestly, saying you want to get into IT Security is like saying you want to get into IT. There are many layers to IT Security just as there are in IT. It's always wise to get into a generalist IT position just so you can work out what you'd like to do. From there you can decide do you want to go into networking, system administration, etc. After that, you'll have a good foundation to move into the security of whichever area of IT you started to specialize in. You think pentesting might be the route you want to go, but without a good foundation you'll just be someone running a script. You don't want to be that guy.

    So take this time to find entry-level IT positions if for not other reason then to see what area of security you'd like to move into.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • Options
    bobloblawbobloblaw Member Posts: 228
    ITcognito wrote: »
    Not sure yet what area of InfoSec I'd like to get into. Maybe penetration testing.

    I've yet to hear of anyone ever starting out doing pen tests. That said, getting your CEH and OSCP could help expedite you landing that job.
  • Options
    ITcognitoITcognito Member Posts: 61 ■■□□□□□□□□
    I still have two more years of college education, so I'm not sure what area of security I'd like to get into. I'm not really studying IT for the glamour, but more for the passion. I've always loved computers and technology and have desired to learn more and more. I find the TCP/IP model fascinating.

    What areas of security are there and can you provide a brief summary.Forensics, Penetration Testing, Network Analysis, Disaster Prevention/Recovery, etc.?
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Lot's of areas you could go in, it seems to me (and someone can correct me if I'm wrong) for every specialization in IT there is a security side to it. Perhaps not completely dedicated, but definitely a security leaning. Anyway, to your question:

    Forensics - Pretty sure you know this, finding data on a device for whatever is dictated by the client, lawyers, or search warrant

    PenTesting - Attempting to break into a network and systems, lots of paperwork and documentation

    Disaster Prevention/Recovery - Basically you perform a risk assessment, assign levels based on what will have the biggest impact on the company, and then mitigate it as best you can. This area will definitely be ramping up as most companies now have to show due diligence in order to get insurance and to not face fines.

    Network Security - Protecting the network. Firewalls, IDS, and all the other wonderful tools that go with that

    Auditing/Regulation - Another branch that is pretty big (this is also a side I am in the process for a job). Making sure procedures are followed, confirming policies are in place, and setting up policies to protect various customer and corporate data. HIPAA, PCI Compliance, etc.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
Sign In or Register to comment.