Transition from business into IT security
Analystguy89
Member Posts: 8 ■□□□□□□□□□
I have an MIS degree and have been a business analyst for 2 years now. I want to make a jump into IT Security specifically Risk Management or some kind of IT security project management. What steps do I need to take to get into security. I know I will need some certifications but what certs will I need to get to that side.
Comments
-
--chris-- Member Posts: 1,518 ■■■■■□□□□□This is just my opinion, I am certain others will have theirs too.
I transitioned from business (warehouse manager of B2B goods) to IT. It took about 9 months of trying to find the first job. In that time I worked on the A+, ITIL Foundations and a B.S. I studied, studied, studied! I recently got into a support position.
Thats a good way to start. Get the minimum certifications you need to get a helpdesk/support position. Get in there, do your job well and learn where ever possible.
You say you want into security. I've been told (and I think it sounds right) you cant secure something until you deploy it, repair it and watch it grow. There really are not many "entry level" security positions. Its a bit of a misnomer: "entry level security".
So a recap; certify/fight for your first IT job. Watch things break, watch users break things, repair them, talk to coworkers that know more and keep learning. Once you get into IT the path to security should get clearer. There are many ways to get there, but its not a direct path. -
ande0255 Banned Posts: 1,178I said this somewhere else recently, but a very good way to get into security is to fight for said entry level support role, and cozy up to the security folks whenever you get a chance to interact with them. If you project a continued desire to learn, eventually someone will take a chance on hiring you.
Good luck! -
wes allen Member Posts: 540 ■■■■■□□□□□If you are not psyched on technical security, then I would skip all the low level tech certs and start looking at stuff like crisc, cism cobit, ittl, etc. Though you might not meet the experience requirement right from the start, it will give you a good place to start. There are many people that transition into those types of IT Security roles without being very technical.
-
Analystguy89 Member Posts: 8 ■□□□□□□□□□I am looking to be in more of a managerial role as a 10 year outlook. I am looking at getting Net+ and A+ for foundation. I am not sure where to go after that though. The reason I want those lower level certs is to get a better understanding. I am looking to eventually get my CISSP but do I need to actually be in a security role to qualify for the 5 years experience. I technically have a couple years in Environmental security just from what I do now.
-
Analystguy89 Member Posts: 8 ■□□□□□□□□□I would like to get into a managerial role in IT Security eventually so I would like a couple of the low level certs just learn. I would like to get the CISSP once I get the required years. I don't do anything on a daily basis but I am in an environmental domain which is one of the 10 you can be in to be able to take the exam. I will have to look into some of those other certs you listed though.
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■I agree with wes, aim for those policy like certs. With risk assessment, having the technical knowledge of how the flaw works and the likelihood of it happening is about all you would need. Much of that is about having a policy in place and following it.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
Zomboidicus Member Posts: 105 ■■□□□□□□□□Analystguy89 wrote: »I would like to get into a managerial role in IT Security eventually so I would like a couple of the low level certs just learn. I would like to get the CISSP once I get the required years. I don't do anything on a daily basis but I am in an environmental domain which is one of the 10 you can be in to be able to take the exam. I will have to look into some of those other certs you listed though.
You can get 1 year of the 5 year requirement waived if you take SSCP. I think it'll be better than tackling Sec+, which is more technical. It'll be a good foundation for CISSP and security as well.2016 Certification Goals: Who knows -
nestech Member Posts: 74 ■■■□□□□□□□Analystguy89 wrote: »I am looking to be in more of a managerial role as a 10 year outlook. I am looking at getting Net+ and A+ for foundation. I am not sure where to go after that though. The reason I want those lower level certs is to get a better understanding. I am looking to eventually get my CISSP but do I need to actually be in a security role to qualify for the 5 years experience. I technically have a couple years in Environmental security just from what I do now.
I say get your Net+, Sec+, CEH and CISSP... -
Analystguy89 Member Posts: 8 ■□□□□□□□□□I appreciate all of the advice and I think I am going to take a little bit from each post. I am definitely going to get my CISSP (CCSP) and CRISC when I have the experience. I also think I will grab ITIL foundation. Looks like it is time to study.