So my wife wants to get into IT Security...

My wife has been a Probation and Parole Officer for a number of years now, and is sick and tired of it. She has been closely following my progress in the field of IT, and now it's starting to intrigue her. She has a Master's degree in Justice Administration, and feels that a security auditing role would suit her the most. Here is my question: Someone with absolutely no IT experience at all, where would you recommend as the best place to start for her? I'm not sure to recommend A+ or jump right into CISA or CISSP studies. Any advice is greatly appreciated.

Find more posts tagged with

Comments

vanquish23

I would start from the bottom. Security+, SSCP, maybe a few of the lower end GIAC certs. Then get an entry level job in a Security Operations Center doing Security Analysis type work to get experience.

W Stewart

Her prior security experience would count towards CISSP so that's in her favor but one of the most important things required to secure a system is understanding it so she should definitely start with the basics. A+, Network+, Security+. Maybe learn some linux and definitely windows. It wouldn't hurt to know the basics with cisco as well just to be well rounded. You don't want to be that person who has all of the advanced certs but gets stomped on basic knowledge. It's real easy to take a lot of that knowledge for granted as well once you've been in IT for awhile so you may not realize how important it is to know some of that basic stuff.

Master Of Puppets

You don't get into security with no experience in IT. You can't secure something if you don't know what it is. You can start working in security without having previous experience in it but with other IT knowledge. W Stewart is right on the money. I agree that the best way would be to start with the basics and build up to security from there. In a situation like this, it is very hard but not impossible. Good luck!

Plantwiz

Inviter her to sign up here and read the forums and post. She can learn if these topics are of interest to her or not. Since she has some higher level education, perhaps she can contact her alma mater and see what options they offer to incorporate some IT courses?

It would be a real long shot to enter into some type of auditing without any sort of experience, though I suppose it could happen. There will be a bit of environment shock too, working with people (probably some of the part she may be interested in doing less of) to being more autonomous, reporting to a team, but no so much different people each day...and dealing with scanning data, code, or such to determine a breach or something out of the norm.

Job shadowing may indeed be a good option.

Invite her to come here for herself so she can talk to the members directly and the members will know better what she is looking for.

tpatt100

Master Of Puppets wrote: »

You don't get into security with no experience in IT. You can't secure something if you don't know what it is. You can start working in security without having previous experience in it but with other IT knowledge. W Stewart is right on the money. I agree that the best way would be to start with the basics and build up to security from there. In a situation like this, it is very hard but not impossible. Good luck!

Yeah I think the for profit schools are drumming up business selling the "IT Security is biggest career growth now a days" to fill seats. Drives me nuts, I want to learn robotics as a hobby and I know I need to learn some basic electronics, I can't remember the last time I used a soldering gun.

Master Of Puppets

REMOVED UNNECESSARY QUOTE

Absolutely. Also, if people think about and realize what you just clarified, it's going to get a lot easier

Going for security with no knowledge in IT is like if you didn't know what a computer is(bear with me here, it's just an example

) and wanted to work in robotics. Nothing wrong with but you just have to take a step back and start somewhere.

veritas_libertas

Something else to keep in mind is that Security Auditing doesn't have to just be IT related. Physical Security, etc. is also something she could consider: https://www.asisonline.org/Pages/default.aspx

tpatt100

I do Security Auditing full time but it was due to a slow transition with two job changes over the past few years. Even then I find myself digging into ISO requirements and then jumping into a Solarwinds PDF file trying to figure out then explain what we need to do with both to become compliant. Solarwinds has already configured reports but you still need to understand what the reports say and be able to explain to the admins or security what changes need to be made and why but also explain it to management.

cyberguypr

Concur with the others, she need to start with the basics. I am also a proponent of "you can;t secure what you don't know/understand."

Like veritas, the first thing that came to my mind given her background was physical security. Definitely seems like a good fit and certainly a change of pace.

tpatt100

At my last government contracts we did have physical security guards that handled physical security and monitoring the related software but that's really just a security guard. We also had a physical security department that handled the higher end stuff like the vaults and documentation.

pert

It seems to me like 99% of the reason people want to get into IT / Network Security is because it "sounds cool". I really don't think that's a valid reason, nor is it sufficient motivation to go through the snore-fest process of being qualified and doing that job. Most of the time I ask these people what it is they think someone in that role does and they can't even give a basis overview, let alone specific job duties. It's only interesting and cool because it's mysterious, there is nothing glamorous or sexy about it at all.

cyberguypr

Not saying this is the OP's wife case, but here's why a lot of non-IT freaks like us see InfoSec as a utopia:

IT job demand brings six-figure salaries | www.daytondailynews.com
What Kind of High-Tech Jobs Pay Six Figures? | Chron.com
Six jobs with six-figure salaries in tech and digital worlds - The Globe and Mail
Six IT Jobs That Pay Six Figures - Certification Magazine
Seal a six-figure salary :: Men's Health

tpatt100

I have to write something up this afternoon explaining why our security department is missing all sorts of stuff. The attention to detail is seriously lacking......

cyberguypr wrote: »

Not saying this is the OP's wife case, but here's why a lot of non-IT freaks like us see InfoSec as a utopia:

IT job demand brings six-figure salaries | www.daytondailynews.com
What Kind of High-Tech Jobs Pay Six Figures? | Chron.com
Six jobs with six-figure salaries in tech and digital worlds - The Globe and Mail
Six IT Jobs That Pay Six Figures - Certification Magazine
Seal a six-figure salary :: Men's Health

Men's Health? Should change the title to "Keep your network secure and your wife happy in bed" to match their magazine covers lol.

kanecain

Thanks for the response guys. I will have my wife take a look at all of these responses.

redz

The vast majority of us had to do our time in Tier I/II/III purgatory before moving into security - as well it should be.

I personally only know one person who jumped from a Bachelors straight to working in Information Security, with no prior IT related experience. The most memorable experience I had with this person was overhearing the statement "I don't know what a registry is".

We didn't talk much.

Master Of Puppets

pert wrote: »

It seems to me like 99% of the reason people want to get into IT / Network Security is because it "sounds cool". I really don't think that's a valid reason, nor is it sufficient motivation to go through the snore-fest process of being qualified and doing that job. Most of the time I ask these people what it is they think someone in that role does and they can't even give a basis overview, let alone specific job duties. It's only interesting and cool because it's mysterious, there is nothing glamorous or sexy about it at all.

Exactly. This has been bugging me for a long time because people constantly ask me retarded questions. I have to explain "how to get into security" type questions every single day to people who don't know what a patch cable is. Just because you watched Firewall with Harrison Ford doesn't mean you should become a pen tester. I'm all for helping with what I can and giving advice on the stuff I'm familiar with but the whole security thing is starting to get irritating.

So, OP, before anything you should probably make sure your wife understands what she is getting herself into. You don't want her losing her time and valuable resources. Getting into security will likely require getting a lower level IT job which probably includes taking a pay cut, a few years of experience etc. in order to get in a position to enter security. Is that something you are willing to do? It's just not for everyone. Many experts in the field advice to not even try if you don't have passion/love for the job. Otherwise, chances are, you aren't going to make it. I'm sorry if I sound a bit negative but I'm trying to convey the idea that security is not like people outside the industry see it. There is a lot more to it.

wes allen

I am going to go against the grain a little bit here and say that if an Auditing role is what she is looking for, then I would skip A+, N+ for sure. Maybe Sec+ would be worthwhile, but since she is not looking for a tech role, there isn't much reason to learn to much tech. You don't need OSCP to check to see if the required controls are in place, you don't even need to know how to log into a router - they might just send you screen shots. But, she should look into all the cobit, ISO, ITTL, etc stuff. And, maybe look into accounting type classes as well. While there are probably not too many people here that have followed this path - many IT Sec auditors come from an accounting / biz background with little to no actual IT experience.

And as another resource - Top 25 Female Infosec Leaders to Follow on Twitter | Information Security Buzz

antielvis

OP

Your wife should have a reasonable understanding of computing & networking before moving into security. It doesn't need to be overly advanced (this industry is too complex to master everything) but understand Windows, Linux & networking. The majority of security folks I know were techs/admins before security. That said it's looking like a good time to get into that field.

kanecain

Thanks again everyone!