Compare cert salaries and plan your next career move
cyberguypr wrote: » I also work at one of those mythical places were policies and processes work as designed and are followed. Using POAMs as band aids and getting away with it it's an issue of governance. If I try that crap at my $dayjob there would be a LOT of explaining to do. In regards to experience I think you guys are seeing it too much as black or white. The answer is somwehre in the middle. As a security leader, do I prefer people like me who have been through desktop>network>servers>cloud, etc? You bet I do! To kaiju's point, do I take people fresh off college and train them in the simpler tasks that don't require such an extensive IT/IS background? Of course I do. This doesn't mean my newbie will be doing pentesting, forensics, etc. Not every single security task requires experienced engineers . Maybe is the fact that my area has a wide range of responsibilties ranging from basic (metrics, reporting, access reviews) to very advanced (dev, sec analytics, threat hunting), but there's a place for all levels in my team regardless of experience. You have to keep that pipeline healthy.
kaiju wrote: » Many organizations recruit the entry level personnel so that they can mold them into a professional that fits their agenda.
McxRisley wrote: » ...You guys are so stuck on the elitist mentality that you cant even think logically on this issue.
McxRisley wrote: » .... This thread is making me question how many here actually work in security or are just regurgitating what they have heard others say. . .....
TechGromit wrote: » I'll stick with someone know knows enough that if they get in they are not going to screw up my production environment. Security isn't "an inclusive club", but I see nothing wrong with asking for some experience in other areas of IT before jumping right into security.
McxRisley wrote: » You guys are so stuck on the elitist mentality that you cant even think logically on this issue.
McxRisley wrote: This thread is making me question how many here actually work in security or are just regurgitating what they have heard others say.
paul78 wrote: » My preference has always been to hire internally for security. But for new hires, I generally favor: software engineers, someone that's worked in similar industry (usually financial services), someone that's works at a consulting company or MSP, and lastly someone that's worked with regulated data. I rarely have ever hired anyone in security without experience unless I have a budgetary constraint or enough grunt work that justifies an FTE. And in that situation, I look for passion for their chosen craft more than anything else.
... most incumbent security folks that have been around for awhile seem to resent new blood coming right into their domain fresh out of college when they themselves spent many years getting to where they are.
volfkhat wrote: » full disclosure: i don't work in Infosec. With that being said, i respect your perspective; i just disagree with it. But i admit, your journey definitely gives you specific insight into what it takes to become successful in Infosec; starting from complete ZERO. Personally, i think your story is the exception to the rule. I think you need at least 2-3 years of legit EXP in some other domain. You think otherwise; given your first-hand account of your own success. I respect that; and acknowledge that perhaps you are right, and i am wrong :] As for your observation: I think your perspective is slightly boxed-in here (understandably). Those same resentful incumbent folks are also on our Network teams and Server teams. That 'elitist mentality' is not exclusive to just Security folks :]
infosecs wrote: » But Why? ... Because a person who can master cissp/ ccie/ cisa/ ccsk exams can not learn a few skills, in matter of weeks if not days?
volfkhat wrote: » Certifications are like Driver Licenses. Just because you have one... doesn't mean you know what you are doing. Compare someone who got their license last month, with someone who got their license last decade. On average, who is probably better at driving? And before say "Well some people are terrible drivers, and shouldn't be driving at all but still somehow have a license, blah blah" Okay, compare yourself with yourself. Who is the better driver? You after 1 year? or, You after 10 years? When the next security breach happens, do you want to be the person who added the "super enthusiastic highly qualified infosec wanna be" to the team? Not saying it's right.... just saying "why".
infosecs wrote: » But Why? Paul please help me understand why many people in Cyber security prefer to hire internally or someone from similar organization rather than hire a super enthusiastic highly qualified infosec wanna be? Because a person who can master cissp/ ccie/ cisa/ ccsk exams can not learn a few skills, in matter of weeks if not days?
McxRisley wrote: @paul78 I thought this discussion was about entry level people and them wanting to start out in security? In which case, to me, this would be a black and white situation since they would only be qualified for entry level jobs. I feel like most of what others have mentioned here ARE NOT entry level jobs, hence my stance on this thread. I think some may not actually work in security based off of thier responses and not being able to think in accordance with certain processess. Although, this could just simply be because they have never worked somewhere that things are done correctly or differently.
volkhat wrote: That 'elitist mentality' is not exclusive to just Security folks :]
McxRisley wrote: » In my experience, most incumbent security folks that have been around for awhile seem to resent new blood coming right into thier domain fresh out of college when they themselves spent many years getting to where they are. Thats just the way of the world, some people have an easier path to thier goal than others........
McxRisley wrote: » I know my career progression is not the norm and would make most people scoff given my position and not having 10+ years of experience. Hell, I am the lead here and am fully invovled in the hiring/firing process and I have less than 5 years total of real security experience. We don't even hire mid-level people with less than 5 years experience here........
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
