I.T Security Career Path?

R91 · September 2015

Hi everyone,

I'm looking to start a career in I.T Security. I'm looking for a way to fast track the process as much as I can. I'm over 30 and highly doubt that employers would want to hire a 40+ I.T Security Professional by the time I get my certs and experience. I'm starting from scratch and would like an idea of the fastest way to go about this. Would it be possible for someone to map out the certs I require and experience I need in between certs in order to reach my goal? Ideally I would like to be part of a red team CEH/LPT/CISSP being the ultimate goal. Thanks in advance guys.

markulous · September 2015

I'm not in IT Security but you have a few misconceptions. Unless you find a place willing to train you and hire you into a junior security role you can't fast track it. You have to have really strong knowledge about whatever it is you're trying to secure.

And who told you that you're going to have a hard time getting hired at 40? That is just false.

aderon · September 2015

Honestly this is a fairly open-ended question. There's a lot of specializations in IT security and, depending on what you would want to do, it'd change the direction you should take. Here's a sample path that I think would keep you well rounded and could land you an entry level IT security job. (Such as a junior SOC position) Also, I'm assuming you're not against applying all across the United States and moving to wherever someone is willing to take a chance on you.

Get your CCNA: Routing & Switching (If you're completely new to IT, this would take 3-4 months assuming you bust your bum and have a lot of free time)
Get a NOC job ASAP (If no one is biting, take ANY job in IT and then start reapplying for NOC positions after 3 months)
Become moderately proficient with Linux (Wouldn't hurt to snag your LPIC-1)
Learn C and write a few samples programs you can showcase in interviews (Take a community college class if you need to. Should take you 6-9 months of hard studying to become proficient enough for entry-level work)
Get a CEH
Get your first security job.

This should give you a fairly well-rounded background (networking, security, linux, and programming), would give decent experience, and would probably take 1.5-2 years from beginning to end assuming you keep up motivation and have good work ethic. This should land you an entry-level security job and would you give you a solid-enough grounding to learn more and explore deeper into the subject. Just my 2 cents. I'm sure there's plenty of people who will disagree/agree with what I've suggested.

R91 · September 2015

Thanks for your reply aderon. This seems like a really good way to start out. I'll definitely stick to it. What's the difference between CCNA and Network+? Is CCNA more respected in the industry over Network+? Is CCNA the more difficult cert of the 2? Thanks again

aderon · September 2015

R91 wrote: »

Thanks for your reply aderon. This seems like a really good way to start out. I'll definitely stick to it. What's the difference between CCNA and Network+? Is CCNA more respected in the industry over Network+? Is CCNA the more difficult cert of the 2? Thanks again

CCNA is more advanced and teaches you much more about networking than the Network+ does. Also, from my experience, a Network+ doesn't mean a whole lot when applying for networking positions. Everyone wants to see at least a CCNA. So landing that first NOC position would be much more difficult/impossible with just a Net+. In addition, given that the CCNA only takes a few months longer than the Net+, I think it's a better use of your time and a more advantageous choice. It is more difficult however.

R91 · September 2015

Perfect, that's all I needed to know. Thanks for educating me aderon, I appreciate it.

Mike7 · September 2015

R91 wrote: »

Hi everyone,

I'm looking to start a career in I.T Security. I'm looking for a way to fast track the process as much as I can.

You can refer to http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html

OctalDump · September 2015

I'd refer you to my current favourite IT Sec book "Gray Hat Hacking the ethical hacker's handbook". It deals with the breadth of pen testing, offensive security, which seems to be what you are interested in. There's quite a few similar books. Also looking at textbook lists for university security courses can be a way to find some good books. For what you get out of them, books are very cheap.

Some of the stuff that is covered in that book, stuff you need competencies in, is networking and network protocols, operating systems and their security models, systems programming, OS architecture, along with C programming, some Perl, x86 assembler, reverse engineering, SQL, web programming, web servers and the usual security tools (nmap, metasploit, nessus). There's also the whole ethical part of it, which is how you do

Now that book is probably far beyond where you are as a beginner, but because it covers all the key areas it is a really good book to give you an idea of where your weaknesses are.

At the very pointy end, people do tend to specialise and work in teams, but the breadth of knowledge is still good stuff. It seems that the biggest area is still the web, so getting your head around how that stack of technologies works is maybe the best start. That means some basic networking, some web server knowledge, some Linux and Windows, some web programming (PHP, asp/x, java, javascript, html, css etc), some database knowledge. On top of all that is knowledge of the general classes of exploits (xss, format strings, SQL injection, buffer overflows etc), tools, and how to put this in practice.

The big problem is still getting good training. CCNA, MCSA/MCSE, Linux+, and other certification still lack enough useful security knowledge. They are generally predicated on "this is how it's meant to work" whereas hacking is about "What happens if we do this? Can we get it to do something it shouldn't? How does is break?". CEH is fairly basic entry level security stuff, and still lacks the hands on nitty gritty.
It's useful, but nowhere near enough.

So, the best way to get skills is to just get stuck in, read whatever you can, and start using the tools. Experiment and see how things break. This generally means setting up your own lab of various things.

When it comes to finding work, being able to demonstrate actual skills and knowledge that is the job, gets you much further than (just) certifications.

Robertf969 · September 2015

Why do you want to do Security? Because of the sexy name? If you are just starting into IT I would say get a helpdesk or NOC job and figure out what you really want to do. There is so many different jobs in IT alone once you get to Security theirs a million more, I don't do Pen-testing but I have a friend who does and it doesn't sound that fun to me. 3 days breaking a network and two weeks writing a 60 page report about it YAY

.

techfiend · September 2015

A lot of infosec job listings I've seen look very uninteresting and not very technical like monitoring and documenting.

Pro-active defense really interests me and crypto is fascinating but haven't seen many of these. Everyone I've seen and often apply for are looking for systems or network experience.

I'd take Robert's advice and aim for entry level while getting A+ then Security+ then move onto CASP or SSCP to try to break into security. A lot of higher level certs require experience. I've seen people get in with CISSP associate in progress on their resume.

OctalDump · September 2015

Robertf969 wrote: »

Why do you want to do Security? Because of the sexy name?

An old IT person, end of career type, referencing this scene below from "The Graduate", said "One word: Security"

Mr. McGuire: I just want to say one word to you. Just one word.
Benjamin: Yes, sir.
Mr. McGuire: Are you listening?
Benjamin: Yes, I am.
Mr. McGuire: Plastics.
Benjamin: Exactly how do you mean?

I.T Security Career Path?

Comments