career in Security

dark_knight_babydark_knight_baby Registered Users Posts: 2 ■□□□□□□□□□
Hi guys,

after reading some threads here im very much enjoyed my time especially on what certifications am i going to take next.

anywayz im currently in a different field wanting to go into security in Canada(Vancouver) and it seems hard to transfer into that field.

heres my background in I.T
more than 10yrs in I.T with broad experience in customer service, Technical Operations and IT Services.
ive got Comptia A+, Security+ and recently acquired Mile2 C)PTE Certified Penetration Testing Engineer certification. im currently thinking of getting 1 GIAC cert under my belt so that my resume or "skillsets" will be noticed by employers. almost all companies i saw if they are looking for a Security Analyst/IT Security Engineer often times their requirements is mostly on different compliances (SOX,PCI,ISO,COBIT etc) and expertise in different vendor tools to defend their enterprise.

so im seeking advice/guidance on what am i to do to land in any IT security job do i need to be vendor specific too?
often times they look for "EXPERIENCE" but how can i get experience if i dont land to any IT security job.
i also practice my pentest skills at home(virtual lab) and as much as possible be current...im trying to do web app pentesting as well since there are a lot of job ads about it but the kicker is always "must have experience" or X amount of yrs need for the job.

Comments

  • impelseimpelse Member Posts: 1,233 ■■■■□□□□□□
    Yep, there is a lot to do to get experience, takes time.

    I have a question: How did you feel the C)PTE exam? I got their book last year, they are good.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,663 Admin
    A recommended way to beat the "chicken and the egg" problem is to find a work in a large company in a non-security-related group, and then transfer to a proper security group after you have sufficiently demonstrated your security knowledge, skills, and interests and a job position opens up. You might not be able to find an opportunity to start out in InfoSec, but keep polishing your knowledge and skills so you can slide laterally into an InfoSec opportunity when one present itself.

    Oh--I'm interested in your C)PTE experience too.
  • RedBoxRedBox Registered Users Posts: 2 ■□□□□□□□□□
    I would try to get an Analyst job, then move from there into what direction you'd like to go in. You have a good start, IMO, you just need to "prove your worth" as they say. Get familiar with tools such as Splunk, WireShark, PuTTy, and a scripting language like Python. These seem minor, but can help a lot in a SOC -- certainly more than someone with just a security cert like CEH trying to get into the industry.

    How was the C)PTE?
  • CoolAsAFanCoolAsAFan Member Posts: 239
    Have you though about CISSP as well? +1 for your C)PTE experience.
    IvyTech - AS CINS (Completed: May, 2013)
    WGU Indiana - BS IT Security
    (Started: August 1st, 2013)
    Transferred: AGC1 CDP1 BVC1 CLC1 CVV1 DHV1 DJV1 GAC1 CIC1 CDC1 UBT1 IWC1 IWT1 TCP1 TJP1 TJC1 EBV1 WFV1 EUP1 EUC1 CJC1 UBC1 TBP1
    Completed: CUV1 BOV1 DRV1 DSV1 CTV1 CJV1 COV1 CQV1 CNV1 TPV1 MGC1 TXC1 TXP1 BNC1 TYP1 TYC1
    Required: SBT1 RGT1 RIT1
  • Edwin24Edwin24 Member Posts: 6 ■□□□□□□□□□
    I think for starting a career in security you must join some private security companies that need fresh graduates that contribute their efforts to provide the customer better services.And after getting some experience from that companies you get a good job in other security firms easily.
    Crowd Security & Control
  • W StewartW Stewart Member Posts: 794 ■■■■□□□□□□
    ^ I don't think so.

    Like JDMurray said. Lateral move. Look at the requirements for a few jobs in your area on dice like Security analyst and see what the requirements are. You're going to need some high level experience in systems or network administration.
    Being a sys admin sucks but I love it
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,663 Admin
    W Stewart wrote: »
    You're going to need some high level experience in systems or network administration.
    ...or software engineering.
  • diggitlediggitle Member Posts: 118 ■■■□□□□□□□
    Hi guys,

    after reading some threads here im very much enjoyed my time especially on what certifications am i going to take next.

    anywayz im currently in a different field wanting to go into security in Canada(Vancouver) and it seems hard to transfer into that field.

    heres my background in I.T
    more than 10yrs in I.T with broad experience in customer service, Technical Operations and IT Services.
    ive got Comptia A+, Security+ and recently acquired Mile2 C)PTE Certified Penetration Testing Engineer certification. im currently thinking of getting 1 GIAC cert under my belt so that my resume or "skillsets" will be noticed by employers. almost all companies i saw if they are looking for a Security Analyst/IT Security Engineer often times their requirements is mostly on different compliances (SOX,PCI,ISO,COBIT etc) and expertise in different vendor tools to defend their enterprise.

    so im seeking advice/guidance on what am i to do to land in any IT security job do i need to be vendor specific too?
    often times they look for "EXPERIENCE" but how can i get experience if i dont land to any IT security job.
    i also practice my pentest skills at home(virtual lab) and as much as possible be current...im trying to do web app pentesting as well since there are a lot of job ads about it but the kicker is always "must have experience" or X amount of yrs need for the job.


    What worked for me is applying to small companies that wanted inexperienced "trainable" security engineers. There are a lot of these companies out there. My experience with Large companies is that it's hard to move laterally because if you move out of that position they will make the excuse of having to fill your position. You may be the brains and foundation of that team. They much rather hire somebody off the streets with the credentials. I worked at Lowes headquarters in Mooresville, NC as a migration technician (contractor) and this seemed to be the case. They loved me as a contractor, and a migration technician and each time a Lowes position came up would say we'll put in a good word for you but a couple days later there was a new face from the streets. My point is a major issue with trying to move lateral is having to deal with the politics in the environment. Your supervisor might not want you leaving his/her team and may deny you the ability to move. It's a lot to do with who you know.

    I would suggest applying to small companies. You might even want to use a placement company like; Robert Half Technologies, Modis, Teksystems, etc. They can place you on contracts within security. Right now here in Charlotte, NC Bank of America is hiring contractors in information security to perform vulnerability assessments. This is being done through Teksystems. I know your in Canada but im sure there are opportunities like this where you live.

    Teksystems BOA contract: http://teksystems.com/it-careers/job-details?id=219030
    I know the link is not very descriptive but from what i was told by the account executive about this contract is BOA wants "trainable" engineers. This is an 18 month contract to hire position. Pay starts at 50/hr.
    c colon i net pub dubdubdub root
Sign In or Register to comment.