Book now with code EOY2025
So, is it possible to get a career started in information security without IT-related experience or a degree, and only with a variety of different certifications in your arsenal (e.g. security+, net+, A+ etc.)?
EngRob wrote: » Infosec is one of those fields that you go into after having knowledge of the environments you are securing. You can't secure what you don't know.
LionelTeo wrote: » I started my infosec experience in my country (Singapore) without any IT Experience, Degree and Certifications. I started at a Security Operation Analyst in a Managed Security Service Security Operation Center (MSS-SOC). The analysts in the SOC are all being outsource to a external contractor, so the main company gets to maximise its profit; the outsource external contractor gets fresh diploma graduates from the market to maximise its profit, while they try to use technology and Security Engineers (who helps to improve the technology) to try to 'close the gap' lacking in the new fresh graduates to analyse the traffic. To help with your answer, is it possible? It's a matter of luck, try look up indeed.com and see what you find in Security Analyst work. Hopefully you can find something really similar to my situation. Does it matter? After 4 years of infosec experience, I realise it doesn't really matter. All you really need to get into something like a network, or sysadmin, and while within this jobs, grab security certs and study like your on steriods and you can easily get back on the right track of Security work on your susequent job hop, if you love the company, ask for an internal transfer to its Security Department. I also would let you know it doesn't hurt in such while preparing for CISSP exam as well, since being in network or sysadmin would somehow cover some of the domain, and havings 4 years of experience with 2 being cover by IT job and 2 within infosec, isn't going to hurt your salary and career either. Of course I am in the 'special case' where the 2 years of SOC work help me, 2 years of SOC work land me in another work to start a SOC and part of a global team, and this experience has been valuable in employers eyes in terms for both SOC, Arcsight, Security and Certification; thus moving to another SOC has been relatively easy work for me. The rule of the thumb to infosec career is simple. 1) Study - Aim for 2000 - 6000 pages per year, my suggestion is to keep whacking books after another 2) Formulate a Study Plan - aiming to study 6000 pages isn't enough, you need to know when are you going to pick up your book and not a controller, for me, I study on my way to work and home, as well as on my way to meeting GF. At times I will do a practical lab at home before studying 3) Virtualise - Set up a home lab, windows XP 2 with DVWA and webgoat, Kali Linux on the other. If you are into hardening then you need to grab the respective servers you are interested to work on. 4) Game - After being burn out you deserve a break once in a while 5) Certify - To show your employer what you are made off Sounds big, but you can always take one step at a time, somehow one day you will have to pick up your 'first book' in infosec, if you can't, you cannot go far in infosec.
YFZblu wrote: » This is preached constantly, and it does hold some truth; however it is taken far too literally. Associate-level positions exist for a reason, one doesn't have to know all the things to get started in security. That being said, one should WANT to know all the things in order to have a successful career.
Use code EOY2025 to receive $250 off your 2025 certification boot camp!
