Fresh out of High School

Hello. I'm looking at getting into the InfoSec field and need some general advice as to where to go with it.

I'm fresh out of high school with no work force experience or security certifications behind my name. However, I do hold a fascination with technology and computers and do have some technical experience with operating large gaming servers and do have a knack for being able to remove some nasty malware.

I'm currently working on a Security + certification but feel as if it would be inadequate when I present it to an employer. Would it be best at my stage in life to go ahead and acquire this type of degree or should I go ahead and study for CISSP? And should I acquire other certifications in the process?

I plan on going to college for a bachelors in Information Security and eventually a masters degree, but I want a job in the field that I love as soon as possible and feel as if I acquired a few certifications, I could achieve my goal.

Find more posts tagged with

Comments

YFZblu

Cert wise, look at SANS training. It's expensive, so look into the SANS Work Study program and apply. But the college degree is a good idea. Ultimately, certs alone won't get you into this field. Seek internships, read blogs, and attend security/hacker conferences in your area. Get to know the community.

Tech wise:

1. Stop 'removing' malware - Unless you've reversed it and understand the extent of its capabilities. Just nuke and pave. Or don't...but I wouldn't bring that up in a small room of hiring people asking you questions.
2. Learn TCP/IP
3. Learn Linux
4. Learn to code

Good luck, you've picked a great age to start. I think we all wish we'd have started earlier.

LionelTeo

get a virtual box with Kali Linux, Centos, Ubuntu, Knoppix, Webgoat on Windows SP2 and start praticsing. And I got so tired of repeating this.http://www.techexams.net/forums/security-certifications/101100-i-dont-know-where-go.html

emerald_octane

0 to CISSP really isn't how it works. You'll get very little infosec opprotunities straight out the gate. Many folks migrate to this role in their organizations after serving time in appdev, sysadmin, netadmin duties etc. You need atleast 5 years experience yada yada.

How about this, I was in your position once. There are three things you need to do right now:
1. Find a mentor
2. Get an IT related job
3. Get in school

The mentor will help guide you in terms of what to do to get to your desired goal, the job will start the professional experience clock, and the school will obviously provide you with some background as well as make you eligible for internships that demand currently enrolled students. Internships are your ticket into exposure.

CottonHeadedNinnyMuggins

YFZblu wrote: »

Cert wise,

I've been learning these things slowly but surely. As for the malware portion... I would never bring that up to an employer lol. SANS work study program seems like you need prior experience to be accepted into it. That's my impression after briefly going through the registration page on their website. What kind of prior experience do I need for that?

LionelTeo wrote: »

get a virtual box with Kali Linux, Centos, Ubuntu, Knoppix, Webgoat on Windows SP2

I've been working with Backtrack and Kali for about a year and a half now but I'll look into those other distros. I did read that threat btw lol. I just wanted to see, given my situation, what kind of other advice users would have.

emerald_octane wrote: »

0 to CISSP really isn't how it works.

I figured as much about the CISSP. I'm trying to land any job in IT anything while going to college. I never applied for government loans so I'm paying out of pocket for it so I need a stable job.
As for the internship, I'm under the impression that an intern is unpaid work. I mean I would love to intern for someone but I still need to go to college and pay my bills.

Thank you for your responses.

the_Grinch

Without experience getting into information assurance will be tough. Thus I would suggest you do as follows:

1. Get an IT related job - Geek Squad, local school district part-time, or anything of that sort. Soft skills will be important so even if it's a lot more customer service then technical it will beneficial (on a daily basis I will be talking to State Police Captain's, CEO's of companies, the Director of my agency and my prior soft skills are very important for that to work)

2. County College - Go to a county college and knock out those pre-reqs. It will save you a ton of money and allow you to see which degree will work best for you.

3. Major in computer science - CS is the best all purpose degree for security because coding is something that will save you...plus if you don't like coding you can still work in IT or security

Everyone pays their dues in IT and it sucks, but it is what it is. Having a firm foundation is the biggest item required for success in this field. Knowing how something works and should be setup is paramount in knowing how to secure it (and in turn break into it). You've shown that you'll be successful in this field for two reasons. 1. you've asked for information 2. you've been doing things on your own Continue this trend and by the time you finish the degree you will be in great shape.

CottonHeadedNinnyMuggins

the_Grinch wrote: »

Without experience getting into information assurance will be tough. Thus I would suggest you do as follows:

1. Get an IT related job - Geek Squad, local school district part-time, or anything of that sort. Soft skills will be important so even if it's a lot more customer service then technical it will beneficial (on a daily basis I will be talking to State Police Captain's, CEO's of companies, the Director of my agency and my prior soft skills are very important for that to work)

2. County College - Go to a county college and knock out those pre-reqs. It will save you a ton of money and allow you to see which degree will work best for you.

3. Major in computer science - CS is the best all purpose degree for security because coding is something that will save you...plus if you don't like coding you can still work in IT or security

Everyone pays their dues in IT and it sucks, but it is what it is. Having a firm foundation is the biggest item required for success in this field. Knowing how something works and should be setup is paramount in knowing how to secure it (and in turn break into it). You've shown that you'll be successful in this field for two reasons. 1. you've asked for information 2. you've been doing things on your own Continue this trend and by the time you finish the degree you will be in great shape.

Thank you for the advice. I was looking into majoring in computer science until I realized what I really want to do and that is Information Security. Computer Science would be great to major in but I want to fine tune what I'm going after. A certain online college offers a bachelors degree and a masters degree in Information Security. Along with the degree, I will be certified in 13 industry recognized IT certifications which includes:
.

Cisco Certified Entry Network Technician (CCENT)
Cisco Certified Network Associate (CCNA®)
Cisco Certified Network Associate Security (CCNA® Security)
CompTIA A+
CompTIA Network+
CompTIA Security+
CompTIA Project+
CompTIA Linux+
CIW Web Foundations Associate
CIW Web Design Specialist
CIW Database Design Specialist
Microsoft Technology Associate (MTA) Windows OS Fundamentals
Microsoft Technology Associate (MTA) Software Development Fundamentals

.
This is just for the bachelors program which I plan to complete in two years.
I plan on going to a county college beforehand and knocking out prereq's and along with that acquiring some of these certifications so they will transfer into the college and I'll be able to complete the degree even faster.

My main challenge at the moment is finding an IT security job. I've applied at Geek Squad but the hiring manager told me up front that Geek Squad is like a promotion for employees already working at Best buy. And I've applied for a sales position at best buy but apparently I failed the personality test lol. I would do an internship but again I'm under the impression that it's unpaid work in most circumstances, and I have to pay for college out of pocket. Anyways, I think I'm going to go with a basic job for now and try to network a bit and get to know people in the industry. Luckily I'm based around Chicago so it won't be too hard to try to network with people.

What kind of online classes would you all recommend for certifications. Ex: CBT Nuggets, Pluralsight....

emerald_octane

CottonHeadedNinnyMuggins wrote: »

As for the internship, I'm under the impression that an intern is unpaid work. I mean I would love to intern for someone but I still need to go to college and pay my bills.

That's false. I've never had an unpaid internship; volunteering yes. Facebook pays some of its interns close to nearly $6-7k per month.

Dunkers404

I'm in a similar boat, just left school (College in UK), starting my BSc in Network Management and Security in 3 months.. I've set myself some targets for those 3 months:
Network+
Security+
Cisco Certified Entry Networking Technician

Then when I start my University course, in the first year I can just spend my time getting the CCNA R&S and another in Security. Then in the second year go for more specific ones such as the SSCP and CASP. Hopefully in the third year I can get a placement, just means I'll need to do my final year after the placement