Ambitious Student in need of Career Advice

You always hear about the highest paying tech jobs residing out west (namely California) so I wonder what kind of opportunities will be available on the east coast (South Carolina to be exact).

As for my future career preferences, I would like to find a job at a company that won't require travel. From what I understand, there are a few traveling cyber security jobs such as anything involving consultation, which I would prefer to avoid. So, going into the same building every day would be nice.

To pursue my career in cyber security, I plan on getting a degree in computer science (or computer information systems) and afterwards complete a graduate certificate in cyber security/information assurance (my school's program is NSA/CAE certified). Hopefully that education could get my foot in the door, right?

After doing a little research, it seems many of these jobs will eventually require certain certifications such as CRISC, CISM, CISSP, CEH, GSEC, Network+, Security+, etc. While I understand many of these are advanced certs for people with years in the field (CISM, CISSP, etc), there seems to be a few entry-level certs also. Once degrees are possessed, do people usually start acquiring their certifications? Or, do people study for certs during their time at school and take them meanwhile? Also, what entry-level certs do you think are necessary?

Finally, career planning and career path advancement is what I am very unsure on. Sure, I can Google all day the highest paying and most prestigious jobs in the Cyber Security world such as a Chief Information Security Officer(CISO), CSO, ISO, etc. But, that would be something to look forward to in the future. As a nineteen year old student about to start his Junior year in college, I would like to have a plan.

Path to becoming a CISO
While CISO's have years of experience in the InfoSec industry, everyone has to start somewhere. Any ideas about the job progression to becoming a CISO?

What are some entry-level options available?

Furthermore, after researching jobs a little more, it seems you could eventually become something like this:
Security Specialist
Security Analyst
Security Engineer
Security Auditor

Afterwards, perhaps a Security Administrator

Also, a few senior-level positions which could give you leadership experience along the way perhaps include:
Security Manager
Security Architect
Security Director

I know I am being ambitious, but I believe it is very necessary to have a plan of action in hopes that my future dreams will come to fruition. I very much value the opinion of you fellow IT professionals and your input is much appreciated.

Find more posts tagged with

Comments

636-555-3226

1 - graduate from school
2 - don't do drugs. drugs are bad, mmmkay?
3 - plenty of orgs hiring infosec people with no travel needs. plenty of consulting gigs hiring, too, but they require travel. plenty of orgs, though, so no worries.
4 - don't worry about cissp, cism, crisc, cisa for awhile. they require years of experience and by the time you're legitimately qualified there will be some latest and greatest cert that's taken their place. aim for them, sure, but keep your options open
5 - go for certs that will train you in your career path. network+, security+, gsec are all great well-rounded foundational certs you can get first, but they won't actually teach you to do anything. that's where ccie, gcih, oscp, ecppt, etc all come into play. they'll teach you stuff. some of them also don't require years of background before you qualify for getting the cert (ignore ccie for now....).
6 - you can study for certs & take tests any time. some orgs won't actually "certify" you until after you meet the prereqs, but it doesn't hurt to learn the material and pass the test in the meantime.
7 - for cert paths, i typically self-promote myself at http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html
8 - don't get hung up on job titles. every company names different jobs the same thing and the same job different things. an analyst in one place is an engineer, architect, or administrator at another. one place's director is another place's manager is another place's sysadmin (yes, sysadmin).
9 - download the free stuff and get really good at them on your own time. nessus, splunk, snort, kali. many have taught themselves in the past by just playing with tools, you can too.

NetworkNewb

Along with getting some certifications, I recommend trying hard to find an internship while your in school. Most colleges will help you with this. Doesn't have be Info Sec internship if you can't get one, any internship in IT would very beneficial to be able to put down you have some experience under your belt when you graduate.

Psydrox

Thank you guys I appreciate all the replies, I have another question for you:

I'm going to do the graduate certificate in cyber security regardless, but I have a choice between doing my bachelor's in computer science or computer information systems. Apparently, the computer information systems degree has a minor in business management included, while the computer science degree has no minor.

The big difference in the classes is that CS has a lot more math (which I may struggle with the super high level calculus involved) while the CIS has less math but more business classes. The computer classes involved are almost identical.

Is there really a big difference to an employer depending on which one I take? Which do you recommend?

NotHackingYou

Great questions! Try checking out some job postings to get a feel. IMO, usually they say 'bachelor's degree in CS or related'.

AverageJoe

Very little difference in the degrees, especially to non computer people. Very unlikely that one would have any real edge over the other for most jobs.

However, I did CIS and often wish I did CS simply because I think our industry has more respect for CS.

NetworkNewb

AverageJoe wrote: »

However, I did CIS and often wish I did CS simply because I think our industry has more respect for CS.

+1 on this... I got my BS in CIS and could've got in CS if I only did a couple more classes. I was thinking about going back and doing them but by the time I decided that (a few years time) they changed a bunch classes and would've had to taken like 5 or 6 more classes. Still annoys me to this day I didn't do those 2 extra classes.

renacido

Understand that becoming a CISO comes after a long progression from technician to manager to executive. So I'd focus for now on the technical roles within security that you're interested in because that's the foundation of any infosec career.

CS vs CIS degree: Do you want to be involved in secure software development, app/web security, pentesting, reverse engineering, or digital forensics? If so, go with CS. Are you more interested in understanding how security impacts/enables business, how to build and manage IT (which is a very useful knowledge base to have as a security pro), how various IT platforms work (another valuable insight to have), if you're interested in information assurance, policy and compliance management, etc, then choose CIS.

Either will be helpful.

I'd get some experience in IT work. Most infosec careers start in IT Operations or software engineering. It's important to know the technology and how it is applied and managed in the real world. This is extremely valuable in security.

Entry level certs may be part of your academic program, but either way they help get you past HR recruiters to get interviews. For some jobs, you won't get an interview without the certification or relevant experience, so until you have a couple years of full-time experience certs are very important.

In the hiring process, education is seen as a positive of course, but it alone doesn't provide proof of ability to do a job, doesn't prove you'll be reliable, professional, work well with the rest of the team, fit in with the culture, etc. I know some academic programs are incorporating more team projects to better simulate a modern work environment which is a good thing.

For your first certs, think about the first job you want. Look at job ads for that role and what certs are desired for it.

Work toward technical roles that interest you. Systems, networking, app/web dev, etc. Then specialize in security from there.

Good luck, hope some of this helps.

soccarplayer29

I actually started as a CS major and switched to IS because the CS major had more coding and advanced math/physics which wasn't for me and switched to the IS and business minor and really enjoyed the business classes more.

The IS vs CS hasn't seemed to affect my career or job opportunities at all in the Information security/assurance path which is in line with your goal of CISO.

Sounds like you're still early on in your studies...I'd try to align your curriculum for both as much as possible and then as you get further along make the decision on which road to take based on what interests you then.