Sufficiency

Tech333 · December 2015

Are security certificates enough to land a job in cyber security? Is experience necessary? What about a computer science degree? I know you need programming experience so do degrees prove that , so are cyber security or computer science degrees better?

MrAgent · December 2015

While certifications help, they aren't the only thing that is going to land you a job. Typically experience is necessary, but it is not always the case. I have seen places that will hire someone fresh out of school or with little experience and get them trained up.

As far as the degrees, they really don't prove anything other than you can make a commitment and stick to it. Some people actually do learn along the way during a degree program, where others just squeak by to get that check mark done. However, if I were to do it all over again, I would done a BS in CompSci instead of IT sec. The CompSci would have given me a better foundation in programming, where as the IT sec degree taught me how to read and write policy. Luckily for me by the time I started college, I already had years of experience in addition to serving in the military.

aftereffector · December 2015

MrAgent hit the nail on the head. Certs are great, but they aren't going to get you a job. Conversely, though, if you don't have any certs, you will probably have a tough time getting a job. The same goes for a degree (to a lesser extent) - many jobs require a bachelor's, and if you don't have one, you will be placed behind all other candidates who do. However, just having a degree isn't going to land anyone a job automatically.

If you have the choice, I definitely recommend getting a computer science degree. That is something I wish I had studied; I'm now having to learn many of the concepts that I could have learned through a structured course environment on my own. I chose to take the quicker route, and while it has not held me back, it also has not taught me much that I didn't already know from just a few years of work experience.

I'll close with a case in point. My company has been actively trying to fill a couple of cybersecurity positions for some time now, but our pay bands are limited to the point where most qualified candidates are not interested. We would absolutely hire someone with no experience and at least a baseline certification as long as they had a clearance and met some other nonwaiverable prerequisites. The opportunities are out there, but if you don't have the minimum requirements (CISSP for this job, Security+ for that job, a bachelor's for this other job, etc), you won't even make it past HR. We are not legally able to employ someone on our contract if they don't have a certification.

Tech333 · December 2015

aftereffector wrote: »

MrAgent hit the nail on the head. Certs are great, but they aren't going to get you a job. Conversely, though, if you don't have any certs, you will probably have a tough time getting a job. The same goes for a degree (to a lesser extent) - many jobs require a bachelor's, and if you don't have one, you will be placed behind all other candidates who do. However, just having a degree isn't going to land anyone a job automatically.

If you have the choice, I definitely recommend getting a computer science degree. That is something I wish I had studied; I'm now having to learn many of the concepts that I could have learned through a structured course environment on my own. I chose to take the quicker route, and while it has not held me back, it also has not taught me much that I didn't already know from just a few years of work experience.

I'll close with a case in point. My company has been actively trying to fill a couple of cybersecurity positions for some time now, but our pay bands are limited to the point where most qualified candidates are not interested. We would absolutely hire someone with no experience and at least a baseline certification as long as they had a clearance and met some other nonwaiverable prerequisites. The opportunities are out there, but if you don't have the minimum requirements (CISSP for this job, Security+ for that job, a bachelor's for this other job, etc), you won't even make it past HR. We are not legally able to employ someone on our contract if they don't have a certification.

What does your company require? And what are these prerequisites?

Tech333 · December 2015

@afterffactor also would your company expect applicants to have shown an interest by playing around experimenting with programming etc or would a qualification and clearing equate to a job offer?

Tech333 · December 2015

Also would you say meeting the requirements equate to a job offer in your company? Would you be expected to show interests by doing stuff in tour spare time?

aftereffector · December 2015

I can't send you a PM, so I will summarize generically... for what we do, the only ironclad requirements are 1) DoD Secret clearance, and 2) 8570-compliant certification (usually Security+ although there are a few others). I can't speak for other contracts, but I imagine we aren't the only ones.

As far as what we look for in candidates, yes, if we see an indication that a candidate is learning the technologies on their own by reading, labbing, getting additional certifications, and so on, it looks really good. We don't see a lot of those candidates at our price point, unfortunately

Tech333 · December 2015

aftereffector wrote: »

I can't send you a PM, so I will summarize generically... for what we do, the only ironclad requirements are 1) DoD Secret clearance, and 2) 8570-compliant certification (usually Security+ although there are a few others). I can't speak for other contracts, but I imagine we aren't the only ones.

As far as what we look for in candidates, yes, if we see an indication that a candidate is learning the technologies on their own by reading, labbing, getting additional certifications, and so on, it looks really good. We don't see a lot of those candidates at our price point, unfortunately

Ahhhh would you need experience beforehand to get a CEH or as one with nothing at all is that too high up the ladder?

Tech333 · December 2015

If I got a degree in computer science along with the required certificates, and did outside programming projects such as contributing on github would that look really good? Do most candidates have degrees?

Tech333 · December 2015

Do the applicants who don't read around the subject but just pass the qualifications get the job due to a shortage or do they get rejected due to an absence of skill?

Tech333 · December 2015

My question is could I literally do a 5 day training course and nothing else but still just get the job?

Slyth · February 2016

I do agree with MrAgent, but on the other hand it really depends on the school you go to and what classes they teach. I have my BS in Cyber Security & Forensics, some of the classes i took near the end of my degree are just above the level of CEH & the policy and management side of sec. BTW MrAgent im on the 3/12/16 start date for OSCP is that IRC channel you setup still open?

TechGuru80 · February 2016

MrAgent wrote: »

While certifications help, they aren't the only thing that is going to land you a job. Typically experience is necessary, but it is not always the case. I have seen places that will hire someone fresh out of school or with little experience and get them trained up.

As far as the degrees, they really don't prove anything other than you can make a commitment and stick to it. Some people actually do learn along the way during a degree program, where others just squeak by to get that check mark done. However, if I were to do it all over again, I would done a BS in CompSci instead of IT sec. The CompSci would have given me a better foundation in programming, where as the IT sec degree taught me how to read and write policy. Luckily for me by the time I started college, I already had years of experience in addition to serving in the military.

Agreed about experience in that it depends. With the large shortage of qualified people in the workforce, I think the amount of companies just sucking it up and being willing to train will happen more and more.

In the end, a lot of degrees will cover a wide variety of topics...some of which you will not use at all, or use immediately. Additionally interests will change and you will evolve as a professional. The commitment piece is one of many that degrees serve. Communication skills (both verbal and written), the ability to present, and many others exist but it will depend on the school....obviously you might not get some of the soft skills at an online only college.

Ultimately, the goal is to get that first job and then keep progressing. Certifications can help show you have a baseline of knowledge but if you look at a lot of higher level certifications...answers can draw on your experience because not everything can be stated in a book.

MrAgent · February 2016

Slyth wrote: »

I do agree with MrAgent, but on the other hand it really depends on the school you go to and what classes they teach. I have my BS in Cyber Security & Forensics, some of the classes i took near the end of my degree are just above the level of CEH & the policy and management side of sec. BTW MrAgent im on the 3/12/16 start date for OSCP is that IRC channel you setup still open?

Yes it is still open.
irc.osswg.com #oscp

mokaz · February 2016

Tech333 wrote: »

Are security certificates enough to land a job in cyber security? Is experience necessary? What about a computer science degree? I know you need programming experience so do degrees prove that , so are cyber security or computer science degrees better?

Honestly i think infosec is a hard field to get in, sometimes i even wonder if its a "cool" field indeed.. although, i do like it and i'm very interested into it.. So to sum up, I've been a data center infrastructures technical consultant for many years, from the Novell days to the zindows early BSODs and on and on. I've tried since two to tree years to switch to a security focused position, though clearly on the techy side --> that has proven for me to be very hard, always had the "well, we can see you're dedicated to the cause but you can't show any experience is it?".. So really i think it's always a very "age" related question, by which I mean a young dude would have its chances without experience, for an older fella things might be a little more complex..

Though, specifically i think certs like the OSCP clearly makes you stand out, it kinda show that if given something you're hungry for, you'll eat it.. I bet sometimes as well a CISSP helps but let me be clear here as well, there are a crap load of folks that'll ask you questions while interviewing you for a job that don't even barely understands what this or that certification means on a personal level (time & dedication). They simply don't understand it, it's out of reach for them, so do not expect them to respect it.. Which in turns clearly also let you know pretty rapidly where you should go and where you shouldn't...

As well, with the years going by, I tend to have the feeling that the IT field has taken aboard a ridiculous amount of IT clueless people.. They just don't want to understand it, they want it to work period..

So usually they're looking for a teenager (salary wise) with 50 years of experience (duties wise) and that is the challenge to tackle in an interview hehe

My two cents

Sufficiency

Comments