First of all - love this forum and a lot of the things that are discussed here. I think it's an outstanding resource in a wide array of areas for folks like myself looking for information. With that said - I would like to get some advice/thoughts/suggestions/etc regarding the world of InfoSec.
A brief background of myself: I've been doing IT/Helpdesk support for the better part of 13 years.
- I started out as the typical inbound-call help desk tech with Canon troubleshooting printers, scanners, cameras, etc. ('01-'06) for consumers. A little bit of tier 2 type tech support but not too much; pretty basic stuff.
- Moved on to a similar type role with a telecommunications company (Cox Cable; '07-'0
doing phone, internet and cable support for consumers.
- Got a more "IT" based role with a small company as a support technician ('08-'11) that gave me greater responsibilities (assisting with network installations, basic AD administration) but due to the size of the organization and being a subsidiary company to a greater "parent" company with their own help desk I was more of the "eyes on the ground" type of support.
- Moved into a bit of a level 2 type support role with a government contractor ('12-'13) doing similar types of support and having a little more responsibility from an administration standpoint, however primarily I was more involved in software and hardware troubleshooting and installations.
- Enter present day. I've been at my current role as an IT Support Specialist since May of '13 doing a wide range of support issues from the basic password reset to configuring and deploying an OS X Server in our heterogeneous environment.
So where I am at right now: Since 2012 I have gotten my CompTIA A+, Net+ and Sec+ certifications. On 09/20/14 I took (for the 3rd time..) and passed the CISSP exam and am currently awaiting official certification. While my background isn't what I would consider REALLY strong from a security perspective I feel I have done enough within the domains to achieve certification at any time now - albeit just barely enough.
So my issues right now are the following:
- I essentially have a Security+ certification and (soon) my CISSP; yet I really have not much experience in this field. I certainly understand the basic concepts of things (ISO, NIST, etc etc.. you get the point.) but have hardly applied any of it. I feel a bit lost at times because now I have a manager (long story for another post) who now feels I am Captain Security and he just throws things at me to do. I do love the ability to learn hands-on so it's great to a degree but some of the stuff is WAY over my head and stuff I've never dabbled in.
- I am essentially at a point where I just don't know exactly what type of security role I should be looking for. Entry-level I'm guessing but as more of an analyst?
Ultimately I'm going to get more experience and find a great opportunity but I'm just curious if anyone else has been in this similar type of situation? I basically have a couple of certs with not much experience and I'm the first one to admit that a cert is a cert and that a LOT of people can get a cert but that doesn't make them rock stars in that area. Truth be told I had no idea what CISSP even stood for two years ago until I was offered the opportunity to study and take the exam for free. I am however now fully committed and want to make this career change but right there is the tough part - it is a career change and it feels like a complete 180 from what I've been doing.
Anyways - thoughts? Advice? Questions? I certainly would welcome anything that anyone has to offer and share and if you want to call me out on something then that's fine too - I don't take it personally. I appreciate positive and negative feedback.
Thanks in advance!
