Entry Level Information Security hope

Secure2015 · January 2015

Hello Tech Exams Forum and Happy New Year (2015).

I was wondering if anyone had advice for someone like I who is trying to break into Information Security. I have been applying for Security positions for three months (October 2014 to now--January 2015), but no replies as of yet. I have learned that if a person does not meet the "minimum" experience, you are by passed; which is understandable. I have my own security lab for hands on training, so I am studying as much as possible.
I currently hold three (3) college degrees (Communications, Programming, and Information Systems).

Advice please on how to get started and companies in Orange County or some parts of California that may be hiring? Thanks and I applaud all of you.

Danielm7 · January 2015

Do you have any actual working IT experience? Getting into security without any professional hands on background isn't easy at all. I just transitioned into a full time security position a few months ago but I was coming from a rather long sysadmin work history. Even with that, a degree, and a few security certs they told me that they saw a lot of talent but still it was a gamble without a 100% security position in my background.

Are you finding positions that call themselves entry level or no experience required? Because in the months that I searched I didn't find anything even close to that.

philz1982 · January 2015

Look don't listen to this you need security in your background crap (referring to HR screeners not the previous poster). Sure it will be harder if you haven't done the job before. BUT with reading, studying, and home labbing you can work your way into a role. Every role i've ever gotten was one i had "no experience" for.

Secure2015 · January 2015

Hey Danielm7, Thank you for your reply. Yes, I have been working in Information Technology for ten (10) years. I am tired of the Help Desk, Desktop roles. I have worked really hard, but realized that I am in a dead end field when it comes to Helpdesk (Service Desk) or Desktop. I am pretty much tired of it (Helpdesk and Desktop).
Congratulations on your transitioning.
I have not come across any Entry Level or no experience positions. I have just been applying for them all (Analyst, Cyber, etc), but I back away from those that require a minimum of four (4) plus years. I know I am not at that level yet. Also, I have searched so many IT search engines like Dice, computerworld, indeed, simplyhired, JustTechjobs, etc, but still nothing for Entry or no experience.

Secure2015 · January 2015

Hey philz1982. Thank you for your reply. It seems as though majority of requirements are asking for the CISSP, which is fine, but for someone like I, I would think that in order to get the CISSP, you need a certain minimum years of I.T. Security already under your belt. I could be wrong. I am currently working for my Linux+ and will then look into CISSP "blindly" in hopes of passing.

philz1982 · January 2015

I passed the CISSP and used my network and physical security background to qualify me for 5 years. You can pass the CISSP and have the associates of isc2 cert. Also I would recommend the CCNA cert so you understand the network stack. Then go for CISSP.

You can do pro bono risk assessments or PT's for non profits and use that as experience.

Secure2015 · January 2015

philz1982, Thank you for information. Really appreciate. I believe I will just go ahead and start studying for the CISSP.

Danielm7 · January 2015

Secure2015 I'm not trying to stomp on your dreams or anything, I'm giving you my personal, and very recent experience in the same situation. If you don't have any previous IT experience I'd try to get some sort of background because every security position I've seen required it. I didn't say you needed 5 years in security, but you should understand networks, servers, users, etc, without anything but a lab that is hard to get and even harder to convince others that you can do it.

Also, the CISSP exam without the experience doesn't get you a CISSP,
https://www.isc2.org/how-to-become-an-associate.aspx
it gets you the Associate of (ISC)² which isn't going to mean much with most HR departments until you get the full CISSP requirements fulfilled.

ramrunner800 · January 2015

Danielm7 wrote: »

Also, the CISSP exam without the experience doesn't get you a CISSP,
https://www.isc2.org/how-to-become-an-associate.aspx
it gets you the Associate of (ISC)² which isn't going to mean much with most HR departments until you get the full CISSP requirements fulfilled.

I believe it gets you DOD compliant, which in certain sectors is what HR is looking for. That said, I'm not sure CISSP is the best application of effort, because positions seeking it will most likely be somewhat senior.

As to the OP's question, I recently started an entry level security position in CA with a background similar to yours, but I looked for a long time. Once I got CEH, I had several offers. Having a lab is great, and was a major factor in the technical interviews. Certs are important if you have no experience, but only because they will get you past HR. Once you get an interview the certs could even be a liability if you don't have skillz to back them up. All of my interviews asked questions about how popular attacks work, how some of the latest vulns (Heartbleed, Shellshock) in the news work, what was running in my lab and what I did with it, and where I read my security news, among other more position specific questions. Are you excited enough about security that you stay current on the news, try those things in your lab, and can answer those types questions? If so, with a bit of luck you probably have a shot.

It's also important to note that minimum requirements are no such thing. They are usually a wishlist, and as long as you check a significant portion of the boxes sending in a resume is worthwhile. With no experience you're hoping to get lucky and find someone willing to take a chance and teach you, so you need to increase the odds by sending your resume to anything you might reasonably be qualified for.

Secure2015 · January 2015

Danielm7, No problem. Appreciate your honesty. As stated in my previous reply, I have 10 years of I.T. experience. I have worked at HelpDesk, Desktop, Network and a little of server. In this case, I should be good to go, just need a chance.

Secure2015 · January 2015

Ramrunner800, thanks for the reply and congratulations on your new position. I am familiar with I.T. security, I just need the chance to prove it to an interviewer. When you said, "It's also important to note that minimum requirements are no such thing. They are usually a wishlist", I never thought about that. Great analogy. I will continue to push my resume out there and believe that an employer sooner or later will give me the chance to prove myself. Thanks again for your reply.

Danielm7 · January 2015

That's great, so yes, you have a good foundation. Some companies will be sticklers for their requirements, but they are also the ones you see looking to fill the same position for 8 months because they want the EXACT match. One tip I do have from interviewing, know the current threats that are out there, the big ones. On my final interview with the company I'm at now shellshock had just been made public about 2 weeks ago. They were interviewing security for people above my level and they hadn't even heard of it yet, meanwhile it was already on CNN and all the major news networks. They were happy that I could tell them what it was, how it worked, how to test for it, etc, meanwhile someone was interviewing for a position above me (for Sr security engineer) and he was currently working in security and hadn't heard of it yet, they told him the interview was over 15 minutes into a 3 hr planned interview.

pinkydapimp · January 2015

Yea what you need to do is start leveraging your current experience towards the security realm. So you may not have officially had a security role. But im sure you have experience that is security related. Whether its ensuring the proper access controls are in place on a server or workstation(ntfs permissions) configuring a firewall or it has to do with ensuring the workstations and servers were protected using a layered security approach...etc. Think about what you have done and what is security related and tweak your resume to speak to it. I would agree that studying for the CISSP would be helpful. It gives you broad knowledge of the security realm which at the very least would be helpful in interviews. And you may indeed already have the experience to get the credential.

Getting in the door to security can be tough. But you will need to play up that security experience you have, lab it up at home, and keep learning. Doing this should allow you to find a way to get your foot in the door.

Good luck!

lsud00d · January 2015

philz1982 wrote: »

You can do pro bono risk assessments or PT's for non profits and use that as experience.

This is a good suggestion but for someone with no experience there's a lot to understand beyond the technical side of things, i.e. legal realm. I would tread this area lightly and perform due diligence.

Danielm7 · January 2015

pinkydapimp wrote: »

Yea what you need to do is start leveraging your current experience towards the security realm. So you may not have officially had a security role. But im sure you have experience that is security related.

This is dead on. I didn't have a 100% security role, but I had configured and managed firewalls, did basic server hardening, setup AV and patching systems, been through all kinds of logs, etc. All of that is very important and make sure your resume points all that out vs just generic history and saying you want a job in security.

22306 · January 2015

this has to be one of the best threads i read for a while here.

Secure2015 · January 2015

"Thank You all" for your reply of knowledge. I truly appreciate it.

Entry Level Information Security hope

Comments