Information Security experience vs Certs

Hello all,
First time poster here. I need some advice from experienced individuals. Im 25 years old, graduated in 2015 with a bachelors studying Information Technology. I worked for a year and a half as Help Desk, didn't like it too much, so after research, realized i want to get into information security. I am working part time at Geek Squad at the moment and working to get my security+, and dont have any certs yet. But I have a family friend who can help me get into cybersecurity. SO my question is, what is more important if i want to make a career in this? Experience or Certs? Thank you all very much in advance.

Find more posts tagged with

Comments

mikey88

Me too! After working as helpdesk for a bit, I realized I wanted to be a CEO but no one would hire me. It will be difficult to land a security role straight from helpdesk. A more realistic way would be to get CCNA and get experience with network security.

Experience is always more important.

IntrusionNewb

I would say a mixture of both. I just put in my two weeks notice at my help desk job because I got my first security job. I don't have any actual security job experience but I do have a couple security certs that got me in the door. With no job experience and with no certs, there's no way I would've gotten an interview. So at the minimum, since you don't have any experience, I'd say shoot for some certs while doing some labbing and things like that to get some experience.

phillyyy15

mikey88 wrote: »

Me too! After working as helpdesk for a bit, I realized I wanted to be a CEO but no one would hire me. It will be difficult to land a security role straight from helpdesk. A more realistic way would be to get CCNA and get experience with network security.

Experience is always more important.

i failed my security plus a few weeks ago

you got any advice?

mikey88

phillyyy15 wrote: »

i failed my security plus a few weeks ago you got any advice?

I was able to pass using Derril Gibson's book, his online resources and quizlet flashcards.

TechGuru80

Well...

Early in a career, certifications will help and many companies will require you to have some. Later in a career, experience will end up making more of a difference because your overall responsibility grows and your duties might shift away from technology making some certifications less valuable.

When you say your friend can help you get into cybersecurity, what does that mean exactly? Honestly, it doesn't change how you should approach things because you still more than likely lack fundamental knowledge of Windows/Linux and Networking. Try to get at least a CCNA or MCSA (if not both), because the knowledge will help later. If you can have CCNA + MCSA + Security+ in about 2 years, you will be in really good shape as far as knowledge for what you will protect. A lot of the "cool" jobs like pentester and SOC analyst, are unlikely to hire you until you are a few years in unless you have a strong background in computer science so you should take this time to build up your foundation. Once you get around two years then you can start shifting to areas of interest and really focus on a more specific approach. It's just like a pyramid...in the beginning focus broadly on subjects and build the foundation, then as you progress in your career the pyramid will start to narrow.

One last note, if your friend really can land you a job in cybersecurity (or even IT), you need to get out of Geek Squad because a long term repair technician is a lot less desirable than a qualified IT professional.

TechGromit

phillyyy15 wrote: »

I need some advice from experienced individuals. Im 25 years old, graduated in 2015 with a bachelors studying Information Technology. I worked for a year and a half as Help Desk, didn't like it too much, so after research, realized i want to get into information security. I am working part time at Geek Squad at the moment and working to get my security+, and dont have any certs yet. But I have a family friend who can help me get into cybersecurity. SO my question is, what is more important if i want to make a career in this? Experience or Certs?

My advise in your position? Location. Most of our recent graduates that work in Cyber security at my company started out in Help desk and advanced into Cyber Security when openings became available. They had neither certifications or experience, just showed an interest in IT and were at the right place at the right time. Geek Squad is not the right place, all of the time. You need to work for a large employer where once you show them a good work ethic, will give you a chance to move up when openings come up. The larger the company the better. Certifications will certainly help, but the greatest advantage is working for the right employer in the first place. Even if you have to take a step back in pay or position, get a job with a large employer, look for some place that doesn't contract out. Locate all the large employers in your area and keep checking there career openings website, don't rely on Monster or career builder, go to the source, the employers career portal.

phillyyy15 wrote: »

i failed my security plus a few weeks ago you got any advise?

Well you could either give up and accept you'll never make anything better of yourself, or you can start over again and study to re-take your Security+. Failure is no crime, but giving up is.

LordQarlyn

In my own view as a hiring manager, experience trumps certs alone, but experience + certs is ideal. But given a choice between two candidates, one with lots of experience but no certs versus one with no experience but lots of certs, 9 times out of 10 I'll probably go with the experienced candidate.

Of course this is a straw man scenario, as in my company IT candidates that don't have certs on their resume wouldn't get by the ATS and past the HR lackeys, and increasingly we are being strongly discouraged bypassing it ourselves and going straight to applicants we know can do the job well.

TechGromit wrote: »

Well you could either give up and accept you'll never make anything better of yourself, or you can start over again and study to re-take your Security+. Failure is no crime, but giving up is.

Yep! I go as far as to say you only fail if you give up!