Options

Transition from business into IT security

Analystguy89Analystguy89 Member Posts: 8 ■□□□□□□□□□
in IT Jobs / Degrees
I have an MIS degree and have been a business analyst for 2 years now. I want to make a jump into IT Security specifically Risk Management or some kind of IT security project management. What steps do I need to take to get into security. I know I will need some certifications but what certs will I need to get to that side.
· Share on FacebookShare on Twitter

Comments

  • Options
    --chris----chris-- Member Posts: 1,518 ■■■■■□□□□□
    This is just my opinion, I am certain others will have theirs too.

    I transitioned from business (warehouse manager of B2B goods) to IT. It took about 9 months of trying to find the first job. In that time I worked on the A+, ITIL Foundations and a B.S. I studied, studied, studied! I recently got into a support position.

    Thats a good way to start. Get the minimum certifications you need to get a helpdesk/support position. Get in there, do your job well and learn where ever possible.

    You say you want into security. I've been told (and I think it sounds right) you cant secure something until you deploy it, repair it and watch it grow. There really are not many "entry level" security positions. Its a bit of a misnomer: "entry level security".

    So a recap; certify/fight for your first IT job. Watch things break, watch users break things, repair them, talk to coworkers that know more and keep learning. Once you get into IT the path to security should get clearer. There are many ways to get there, but its not a direct path.
    · Share on FacebookShare on Twitter
  • Options
    ande0255ande0255 Banned Posts: 1,178
    I said this somewhere else recently, but a very good way to get into security is to fight for said entry level support role, and cozy up to the security folks whenever you get a chance to interact with them. If you project a continued desire to learn, eventually someone will take a chance on hiring you.

    Good luck!
    · Share on FacebookShare on Twitter
  • Options
    wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    If you are not psyched on technical security, then I would skip all the low level tech certs and start looking at stuff like crisc, cism cobit, ittl, etc. Though you might not meet the experience requirement right from the start, it will give you a good place to start. There are many people that transition into those types of IT Security roles without being very technical.
    · Share on FacebookShare on Twitter
  • Options
    Analystguy89Analystguy89 Member Posts: 8 ■□□□□□□□□□
    I am looking to be in more of a managerial role as a 10 year outlook. I am looking at getting Net+ and A+ for foundation. I am not sure where to go after that though. The reason I want those lower level certs is to get a better understanding. I am looking to eventually get my CISSP but do I need to actually be in a security role to qualify for the 5 years experience. I technically have a couple years in Environmental security just from what I do now.
    · Share on FacebookShare on Twitter
  • Options
    Analystguy89Analystguy89 Member Posts: 8 ■□□□□□□□□□
    I would like to get into a managerial role in IT Security eventually so I would like a couple of the low level certs just learn. I would like to get the CISSP once I get the required years. I don't do anything on a daily basis but I am in an environmental domain which is one of the 10 you can be in to be able to take the exam. I will have to look into some of those other certs you listed though.
    · Share on FacebookShare on Twitter
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I agree with wes, aim for those policy like certs. With risk assessment, having the technical knowledge of how the flaw works and the likelihood of it happening is about all you would need. Much of that is about having a policy in place and following it.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
    · Share on FacebookShare on Twitter
  • Options
    ZomboidicusZomboidicus Member Posts: 105 ■■□□□□□□□□
    Analystguy89 wrote: »
    I would like to get into a managerial role in IT Security eventually so I would like a couple of the low level certs just learn. I would like to get the CISSP once I get the required years. I don't do anything on a daily basis but I am in an environmental domain which is one of the 10 you can be in to be able to take the exam. I will have to look into some of those other certs you listed though.

    You can get 1 year of the 5 year requirement waived if you take SSCP. I think it'll be better than tackling Sec+, which is more technical. It'll be a good foundation for CISSP and security as well.
    2016 Certification Goals: Who knows :D
    · Share on FacebookShare on Twitter
  • Options
    maharalielmaharaliel Member Posts: 119
    I support Zomboidicus idea.
    · Share on FacebookShare on Twitter
  • Options
    nestechnestech Member Posts: 74 ■■■□□□□□□□
    Analystguy89 wrote: »
    I am looking to be in more of a managerial role as a 10 year outlook. I am looking at getting Net+ and A+ for foundation. I am not sure where to go after that though. The reason I want those lower level certs is to get a better understanding. I am looking to eventually get my CISSP but do I need to actually be in a security role to qualify for the 5 years experience. I technically have a couple years in Environmental security just from what I do now.


    I say get your Net+, Sec+, CEH and CISSP...
    · Share on FacebookShare on Twitter
  • Options
    Analystguy89Analystguy89 Member Posts: 8 ■□□□□□□□□□
    I appreciate all of the advice and I think I am going to take a little bit from each post. I am definitely going to get my CISSP (CCSP) and CRISC when I have the experience. I also think I will grab ITIL foundation. Looks like it is time to study.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.