Getting into security on the side.. bad idea?

Alright so this might be a bad idea but...
I would like to break into security some how. I don't have the years of experience (coming up on the one year at work) in IT doing firewalls, servers, networking or anything like that. Would it be wise to do auditing or vulnerability assessments for small companies?
I've earned my 4 year in Network Security two years ago, completed some of my masters at WGU (MSISA) and I'm transferring to back to DU to finish the masters that I had started. I'm working on the SSCP and eJPT certification right now.
I would like to break into security some how. I don't have the years of experience (coming up on the one year at work) in IT doing firewalls, servers, networking or anything like that. Would it be wise to do auditing or vulnerability assessments for small companies?
I've earned my 4 year in Network Security two years ago, completed some of my masters at WGU (MSISA) and I'm transferring to back to DU to finish the masters that I had started. I'm working on the SSCP and eJPT certification right now.
Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
Comments
You have a BS in network security and are partially done a MS in security as well. Have you been applying to a lot of places? Have you gotten feedback about what you're missing? There are a lot of things in the security field that you can learn with open source tools and a home lab.
In addition, if your clients challenge your findings, how are you going to defend your findings without understanding the nuances that exist between the interoperabilities between all the layers?
Heck ya,
I just did a full IT Risk Audit for an ISD near my house. Great way to go and earn extra money and skills. I've also done a DIARMF Cycle with a Software Company for DoD compliance. Cool thing with Software Audits is you can do them in off hours. PM me if you want details.
-Phil
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito
WGU B.S. IT - Security (2/1/2015-6/16/2015)
Working on: MSISA/Radware/Fortinet/Juniper/PAN
I had no idea what I would be getting myself into. Maybe it'll be best if I could get into more security related things at my job before I start thinking about doing something like this.
I've been looking jr. sec analyst roles to see what they require.
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
1. Download a vul assessment tool ex:RETINA, ACAS, BACKTRACK, KALI...
2. Figure out what you can offer ex:netscans, compliance, patching...
3. Volunteer your services to local business for free to dev a network
4. Hone in your skills and either apply for jobs or start your own business
If I was you I would start with something that has a good GUI and lots of support. It will make your transition a lot easier.
My recommendation would be N-able from solar winds. It has an amazing GUI and tonz of support. Their scanning engine is RETINA, but they support an easy to use GUI that literally anyone can get used to. It costs about $2 an IP though, but if you are learning and want to start with something easy it is the way to go. It also spits out analytics that are in an easy to read format for business owners.
Any specific questions let me know.