Best time to move from Infrastructure to Security?

Hi All,

I'm interested in someday working in the security field, but I'm not sure when the best time to transition would be. I don't want to be one of those people who works in security and is just a paper pusher with little knowledge in IT. Little bit of background, I'm currently a Jr. System and Network Admin, with 1 year of experience (+4 years tech support). I will soon have two security certs, Security+ and CCNA Cyber Ops. My question for those in the field, what is the best point in your IT career to make the jump into security? Would it be wise to progress my career as a system/network admin first for x number of years? I should note I enjoy what I currently do, but it's primarily sys admin work (~75%) and I know those types of jobs are drying up...

Find more posts tagged with

Comments

TheFORCE

Not two people have the same life experiences, the same is true with professional work experience. So, different paths can lead to the the same jobs.

If you feel you need to grow more as a sys admin then by all means continue to grow. Security is broad and theres different aspects of it.

Personally I never worked as a sys admin just did a 2 year stint at the HD and moved since then to more purely security roles.

UnixGuy

I stayed for 7~8 yrs in infrastructure...just few things to keep in mind

experience is not equal...working for a service provider you will get more experience in 2 years that you would in a small shop IT department...

There is no right answer, people seem to move to security much faster and it's no a bad option either, as long as you keep learning, labbing, and planning to do advanced certifications.

emek

UnixGuy wrote: »

I stayed for 7~8 yrs in infrastructure...just few things to keep in mind

experience is not equal...working for a service provider you will get more experience in 2 years that you would in a small shop IT department...

There is no right answer, people seem to move to security much faster and it's no a bad option either, as long as you keep learning, labbing, and planning to do advanced certifications.

Do you feel those 7-8 years helped prepare you for the security field? How much overlap in general knowledge would say applied to the security field?

UnixGuy

They helped a lot and prepared me a lot however I've always wondered whether it was wiser to start earlier. I see many successful people who started much earlier so your mileage might vary.

The time I spent have also prepared me to improve my communication and business skills; something that has proven to be invaluable.

If you get an opportunity to move to security, take it BUT keep learning. Don't get comfortable.

In a lot of meetings I attend, my strong background shows real easy. There is no substitute for experience, you can take it while you are in a security team or infrastructure team - just don't get too comfortable. Always tackle challenging topic and keep moving forward

when I moved to security, I did have to take a step back and learn again and do certifications and labs.

there is no right or wrong answer and there is no perfect time to move. If you get an opportunity to move to a security position that lets you learn and improve, TAKE IT

emek

UnixGuy wrote: »

They helped a lot and prepared me a lot however I've always wondered whether it was wiser to start earlier. I see many successful people who started much earlier so your mileage might vary.

The time I spent have also prepared me to improve my communication and business skills; something that has proven to be invaluable.

If you get an opportunity to move to security, take it BUT keep learning. Don't get comfortable.

In a lot of meetings I attend, my strong background shows real easy. There is no substitute for experience, you can take it while you are in a security team or infrastructure team - just don't get too comfortable. Always tackle challenging topic and keep moving forward

when I moved to security, I did have to take a step back and learn again and do certifications and labs.

there is no right or wrong answer and there is no perfect time to move. If you get an opportunity to move to a security position that lets you learn and improve, TAKE IT

Thanks for your insight, that really helps a lot. I will say one of my concerns with progressing to a Sr. System Admin/Engineer role, is that I'll have to potentially take a pay cut when I try to switch to security. That's why I'm leaning towards sooner rather than later.

UnixGuy

yes that's a valid concern

Syntax

I am trying to do this very same thing. I have about 7 years experience as a network admin, half of that as a pure network admin (my current position), the other half was more network/systems combined with smaller shops. I have dealt with firewalls, endpoint security, identity management, etc. I graduated with my Masters in Cybersecurity last year and obtained my CISSP (I had enough experience in the domains that I was able to get the full certification, not just the associate of ISC^2).

I feel like because I haven't yet had a security-focused role that employers may feel that I do not have enough experience. Yet, I have been finding that for the majority of security job postings they want you to have years of experience in infrastructure roles, plus a strong background in security roles as well. It has been frustrating to say the least. That said, I have been getting a couple interview requests, some phone screens, but haven't landed anything yet. I think I just need to be patient and wait for someone who can see my potential to pick me up. In the mean time, I have been doing some lab practice with Kali, security onion, etc.

TheFORCE

Syntax wrote: »

I am trying to do this very same thing. I have about 7 years experience as a network admin, half of that as a pure network admin (my current position), the other half was more network/systems combined with smaller shops. I have dealt with firewalls, endpoint security, identity management, etc. I graduated with my Masters in Cybersecurity last year and obtained my CISSP (I had enough experience in the domains that I was able to get the full certification, not just the associate of ISC^2).

I feel like because I haven't yet had a security-focused role that employers may feel that I do not have enough experience. Yet, I have been finding that for the majority of security job postings they want you to have years of experience in infrastructure roles, plus a strong background in security roles as well. It has been frustrating to say the least. That said, I have been getting a couple interview requests, some phone screens, but haven't landed anything yet. I think I just need to be patient and wait for someone who can see my potential to pick me up. In the mean time, I have been doing some lab practice with Kali, security onion, etc.

You need to structure your resume to show the security focused tasks even though you were implementing infrastructure. For example, maintained and configured x endpoint security tool.