So my wife wants to get into IT Security...

My wife has been a Probation and Parole Officer for a number of years now, and is sick and tired of it. She has been closely following my progress in the field of IT, and now it's starting to intrigue her. She has a Master's degree in Justice Administration, and feels that a security auditing role would suit her the most. Here is my question: Someone with absolutely no IT experience at all, where would you recommend as the best place to start for her? I'm not sure to recommend A+ or jump right into CISA or CISSP studies. Any advice is greatly appreciated.
WGU - Bachelors of Science - Information Security
Start Date: Jan. 1st, 2012
Courses:
Done!!!

Comments

  • vanquish23vanquish23 Posts: 224Member
    I would start from the bottom. Security+, SSCP, maybe a few of the lower end GIAC certs. Then get an entry level job in a Security Operations Center doing Security Analysis type work to get experience.
    He who SYNs is of the devil, for the devil has SYN'ed and ACK'ed from the beginning. For this purpose, that the ACK might destroy the works of the devil.
  • W StewartW Stewart Posts: 794Member ■■■■□□□□□□
    Her prior security experience would count towards CISSP so that's in her favor but one of the most important things required to secure a system is understanding it so she should definitely start with the basics. A+, Network+, Security+. Maybe learn some linux and definitely windows. It wouldn't hurt to know the basics with cisco as well just to be well rounded. You don't want to be that person who has all of the advanced certs but gets stomped on basic knowledge. It's real easy to take a lot of that knowledge for granted as well once you've been in IT for awhile so you may not realize how important it is to know some of that basic stuff.
    Being a sys admin sucks but I love it
  • Master Of PuppetsMaster Of Puppets Posts: 1,210Member
    You don't get into security with no experience in IT. You can't secure something if you don't know what it is. You can start working in security without having previous experience in it but with other IT knowledge. W Stewart is right on the money. I agree that the best way would be to start with the basics and build up to security from there. In a situation like this, it is very hard but not impossible. Good luck!
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • PlantwizPlantwiz Posts: 5,057Mod Mod
    Inviter her to sign up here and read the forums and post. She can learn if these topics are of interest to her or not. Since she has some higher level education, perhaps she can contact her alma mater and see what options they offer to incorporate some IT courses?

    It would be a real long shot to enter into some type of auditing without any sort of experience, though I suppose it could happen. There will be a bit of environment shock too, working with people (probably some of the part she may be interested in doing less of) to being more autonomous, reporting to a team, but no so much different people each day...and dealing with scanning data, code, or such to determine a breach or something out of the norm.

    Job shadowing may indeed be a good option.

    Invite her to come here for herself so she can talk to the members directly and the members will know better what she is looking for.
    Plantwiz
    _____
    "Grammar and spelling aren't everything, but this is a forum, not a chat room. You have plenty of time to spell out the word "you", and look just a little bit smarter." by Phaideaux

    ***I'll add you can Capitalize the word 'I' to show a little respect for yourself too.

    'i' before 'e' except after 'c'.... weird?
  • tpatt100tpatt100 Posts: 2,989Member ■■■■■■■■□□
    You don't get into security with no experience in IT. You can't secure something if you don't know what it is. You can start working in security without having previous experience in it but with other IT knowledge. W Stewart is right on the money. I agree that the best way would be to start with the basics and build up to security from there. In a situation like this, it is very hard but not impossible. Good luck!

    Yeah I think the for profit schools are drumming up business selling the "IT Security is biggest career growth now a days" to fill seats. Drives me nuts, I want to learn robotics as a hobby and I know I need to learn some basic electronics, I can't remember the last time I used a soldering gun.
  • Master Of PuppetsMaster Of Puppets Posts: 1,210Member
    REMOVED UNNECESSARY QUOTE

    Absolutely. Also, if people think about and realize what you just clarified, it's going to get a lot easier :D

    Going for security with no knowledge in IT is like if you didn't know what a computer is(bear with me here, it's just an example :D ) and wanted to work in robotics. Nothing wrong with but you just have to take a step back and start somewhere.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAPosts: 5,735Member ■■■■■■■■■■
    Something else to keep in mind is that Security Auditing doesn't have to just be IT related. Physical Security, etc. is also something she could consider: https://www.asisonline.org/Pages/default.aspx
    Currently working on: Linux and Python
  • tpatt100tpatt100 Posts: 2,989Member ■■■■■■■■□□
    I do Security Auditing full time but it was due to a slow transition with two job changes over the past few years. Even then I find myself digging into ISO requirements and then jumping into a Solarwinds PDF file trying to figure out then explain what we need to do with both to become compliant. Solarwinds has already configured reports but you still need to understand what the reports say and be able to explain to the admins or security what changes need to be made and why but also explain it to management.
  • cyberguyprcyberguypr Senior Member Posts: 6,845Mod Mod
    Concur with the others, she need to start with the basics. I am also a proponent of "you can;t secure what you don't know/understand."

    Like veritas, the first thing that came to my mind given her background was physical security. Definitely seems like a good fit and certainly a change of pace.
  • tpatt100tpatt100 Posts: 2,989Member ■■■■■■■■□□
    At my last government contracts we did have physical security guards that handled physical security and monitoring the related software but that's really just a security guard. We also had a physical security department that handled the higher end stuff like the vaults and documentation.
  • pertpert Posts: 250Member
    It seems to me like 99% of the reason people want to get into IT / Network Security is because it "sounds cool". I really don't think that's a valid reason, nor is it sufficient motivation to go through the snore-fest process of being qualified and doing that job. Most of the time I ask these people what it is they think someone in that role does and they can't even give a basis overview, let alone specific job duties. It's only interesting and cool because it's mysterious, there is nothing glamorous or sexy about it at all.
  • tpatt100tpatt100 Posts: 2,989Member ■■■■■■■■□□
    I have to write something up this afternoon explaining why our security department is missing all sorts of stuff. The attention to detail is seriously lacking......
    cyberguypr wrote: »

    Men's Health? Should change the title to "Keep your network secure and your wife happy in bed" to match their magazine covers lol.
  • kanecainkanecain Posts: 186Member
    Thanks for the response guys. I will have my wife take a look at all of these responses.
    WGU - Bachelors of Science - Information Security
    Start Date: Jan. 1st, 2012
    Courses:
    Done!!!
  • redzredz CISSP-ISSAP, ISSEP, ISSMP, CAP (& others) Posts: 265Member ■■■□□□□□□□
    The vast majority of us had to do our time in Tier I/II/III purgatory before moving into security - as well it should be.

    I personally only know one person who jumped from a Bachelors straight to working in Information Security, with no prior IT related experience. The most memorable experience I had with this person was overhearing the statement "I don't know what a registry is".

    We didn't talk much.
  • Master Of PuppetsMaster Of Puppets Posts: 1,210Member
    pert wrote: »
    It seems to me like 99% of the reason people want to get into IT / Network Security is because it "sounds cool". I really don't think that's a valid reason, nor is it sufficient motivation to go through the snore-fest process of being qualified and doing that job. Most of the time I ask these people what it is they think someone in that role does and they can't even give a basis overview, let alone specific job duties. It's only interesting and cool because it's mysterious, there is nothing glamorous or sexy about it at all.

    Exactly. This has been bugging me for a long time because people constantly ask me retarded questions. I have to explain "how to get into security" type questions every single day to people who don't know what a patch cable is. Just because you watched Firewall with Harrison Ford doesn't mean you should become a pen tester. I'm all for helping with what I can and giving advice on the stuff I'm familiar with but the whole security thing is starting to get irritating.

    So, OP, before anything you should probably make sure your wife understands what she is getting herself into. You don't want her losing her time and valuable resources. Getting into security will likely require getting a lower level IT job which probably includes taking a pay cut, a few years of experience etc. in order to get in a position to enter security. Is that something you are willing to do? It's just not for everyone. Many experts in the field advice to not even try if you don't have passion/love for the job. Otherwise, chances are, you aren't going to make it. I'm sorry if I sound a bit negative but I'm trying to convey the idea that security is not like people outside the industry see it. There is a lot more to it.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • wes allenwes allen Posts: 540Member ■■■■■□□□□□
    I am going to go against the grain a little bit here and say that if an Auditing role is what she is looking for, then I would skip A+, N+ for sure. Maybe Sec+ would be worthwhile, but since she is not looking for a tech role, there isn't much reason to learn to much tech. You don't need OSCP to check to see if the required controls are in place, you don't even need to know how to log into a router - they might just send you screen shots. But, she should look into all the cobit, ISO, ITTL, etc stuff. And, maybe look into accounting type classes as well. While there are probably not too many people here that have followed this path - many IT Sec auditors come from an accounting / biz background with little to no actual IT experience.

    And as another resource - Top 25 Female Infosec Leaders to Follow on Twitter | Information Security Buzz
  • antielvisantielvis Posts: 285Member ■■■□□□□□□□
    OP

    Your wife should have a reasonable understanding of computing & networking before moving into security. It doesn't need to be overly advanced (this industry is too complex to master everything) but understand Windows, Linux & networking. The majority of security folks I know were techs/admins before security. That said it's looking like a good time to get into that field.
  • kanecainkanecain Posts: 186Member
    Thanks again everyone!
    WGU - Bachelors of Science - Information Security
    Start Date: Jan. 1st, 2012
    Courses:
    Done!!!
Sign In or Register to comment.