Seeking Entry into InfoSec

Mokusei1975 · February 2016

Hello Everyone.

I've read a lot of the "seeking entry" posts on this board and it seems many of the folks already have a background in the general field (helpdesk/desktop support, etc.).

My situation is that I have no experience at all and am wanting to "break in" to the field. I'm currently reading up on the "how-to's" and "getting started" types of posts but would like to get some opinions from some of you folks on the best course of action.

I also am in a position where schooling isn't financially feasible so it would have to be "on the cheap" or something I could do on my own. I'm in the middle of studying for the A+ having already taken and passed the 801 and doing some proper studying for the 802 (mild oversight on my part on the choice of materials for the 802 and just barely missed passing it).

I'm simply seeking entry and will go from there once I get a feel for the various "flavors" of InfoSec (currently reading Lesley Carhart's blog posts).

Any input would be greatly appreciated.

Thanks in advance.

YFZblu · February 2016

It's tough to answer these thoroughly, because there is so much to talk about. Generally speaking, you're doing the right thing by reading blogs and paying attention to people in the field who are well-regarded. There really isn't anything we can say here that Lesley hasn't tried to acknowledge in her blog posts that you mentioned.

I have an IR job in the valley - if you have any specific questions, feel free to PM me.

TheFORCE · February 2016

You need to consider something small first, gain experience with some support work first. Seriously people are having a hard time because everyone is looking for an easy way to get in. There is no easy way, you need to have some experience 1 or 2 certifications and some schooling. Most companies expect you to already know something and not try and learn it as you go. You really should look into getting in a support entry level first and then move up. Infosec has so many branches, some more boring than others with just a glimpse of excitement and then 99% back to boring. You also need to have a passion to do the job and succeed.

Danielm7 · February 2016

Agree with the others, with no education, certifications or experience you're not going to have an easy time (and that is being optimistic).

There are a lot of different areas of security, many/most of which are going to expect a background in IT.

Let's look at it from the other direction, what makes you want to get into security specifically?

636-555-3226 · February 2016

I generically point people to this thread:

http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html

Gess · February 2016

Join the military, it's how I got in.

tedjames · February 2016

If money is a problem, you can find plenty of free resources online. Check out www.cybrary.it and www.professormesser.com Those are two of the better sources. Also, www.udemy.com sometimes has sales on their courses, sometimes as low as $10 per course. You can also find an incredible amount of instructional videos on YouTube.

TheFORCE · February 2016

Also wanted to add something else to my previous comment. Reading blogs and how to guides to get entry into infosec does not mean you now have infosec knowledge. You need to take the next step and try to follow the guides, put the theory into practice. There are tons of material out there free of charge, articles, white papers, standards, guidlines, webex sessions, conferences, MeetUp gatherings, youtube videos etc etc. As everything in life, knowledge and experience require time, effort, practice, patience and some money doesnt hurt. No one breaks into infosec overnight, you need to make some basic steps first that require you to dedicate time and effort in order to give you the ability to break into any role, this is not specific to infosec but all professions.

TK1799_st · February 2016

A+ is a HUGE achievement - it's not an easy exam. Take pride on that accomplishment once you finish. You then have to to decide on either Networking (or at least get familiarity with it) and then go for your Security+ certification. Try Google and search for Free Technical courses taught at different colleges/universities. There is a list - PM me and I will get those together for you and send them to you. You'll have to dedicate alot of time to this - keep things in order - and devise a plan on where you want to be and what position you want and go for it. Don't get distracted and stay on point. You'll be rewarded with your effort and desire to get your foot into the IT Security world. As others have mentioned, UDEMY does cost, but usually you can pick a course for $9 after you go through the first couple of videos in the "free" viewing portion. Cybrary is another excellent resource for video training, what tools are being used in the industry, and what you do with them. Design charts and organize your notes on what goes where - study - perform Virtual labs from your computer -and then do some more research. Professor Messer is another great resource for CompTIA video training for A+ and Security+. This is a great time to get in this field. Hang in there - it tough at the beginning....but you can do this!

Mokusei1975 · February 2016

These are all great replies! Thank you all so much. Much to mill over but I really do appreciate. Thank you again!

bryanthetechie · February 2016

Since you are in Phoenix (as per your TE profile), you have access to one of the best red/blue/forensics/ops/etc training facilities in the country. If you want in to this industry, they'll train you from nobody to pretty awesomeness: Arizona Cyber Warfare Range – Revolutionary advancement in cyber security happens here.

ChaseBenfield · February 2016

It's not easy, but anything good rarely is. The hardest part isn't going to be gaining the knowledge or getting the certs, but actually landing the job. I got offered a Penetration Testing Consultant internship the other week. After the initial 3 months depending on performance it moves to a fairly nice salary as an associate pen test consultant. I spent 10 hours a day trying to find something like that for months after I got my CEH. It's out there. I have no traditional enterprise experience. I was an intelligence analyst in the military, but the skills weren't considered IT experience in the eyes of any recruiter I talked to because I primarily worked with proprietary DoD systems using radio frequencies and SAT COMMS.

Advice from someone who was in the same situation:
*Start working on a certification HR people will notice e.g. Security+ CEH
*Learn by doing and go hard. You don't need much money to set up large networks thanks to viirtualization and cloud solutions. You have to know how to secure a network. Set up the most robust network you can and include various firewalls, vpn solutions, etc.
*Resume sooner than later. Include from the start you are working towards certs. When a recruiter asks about your experience realize they don't know what they are talking about because they don't know IT. Insist that you have the skills and be firm, refer back to your network. If you know your stuff the acronyms alone will make their head spin and they'll send you forward.
***If you can afford it get Penetration Testing with Kali and OSCP certs. The hiring manager will respect those where CEH or similar certs just get you past HR.
*LinkedIN
*Go to any events in your area and network. Talk to experts. Let them know you want this and you are going to make it happen no matter how many doors are slammed in your face (and without IT experience there will be a lot).
**Just do it. Knowledge is free and the internet is open. Tons of free resources exist to help you get your hands dirty. Check out InfoSec and OWASP resources.
*cybrary.it is good.
**Search for government assistance in your area. Thanks to the growing need for skilled IT workers most cities have programs that will train you and cover certs for free.

Seeking Entry into InfoSec

Comments