HELP! Need insight on getting into Security industry.

HELP! Need insight on getting into Security industry.
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
HELP! Need insight on getting into Security industry. gregholmes 06-06-2005
Posted by on June 6, 2005, 11:57 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I currently have my BS in Computer Information Systems and would like
to get into the field of computer security. My searches for entry-level
security jobs have come up empty, considering they all want experience,
which I do not have (my experience deals more with software/hardware
and basic networking). A colleague mentioned the CISSP cert. However,
it appears that in order to obtain it, one must have the relevant work
experience, which puts me back at square one.

I do not know how I should go about pursuing a security career and
would like some insight into how I should go about it from those who
are currently doing it.

Long story short:

1) Is it realistic for me to think I can get into the security field
with my current degree?
2) If not (or in addition to my degree), what can I do to get into the
field? (books, classes, courses, etc).
3) What is the average $$$$ a security professional can make? Although
the desire is there, I would like to know if it is worth any investment
(financial or time-wise) I may have to make.

Any and all feedback is HIGHLY appreciated. Thank you in advance.



Posted by Leythos on June 6, 2005, 7:12 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
gregholmes@sbcglobal.net says...
> I currently have my BS in Computer Information Systems and would like
> to get into the field of computer security. My searches for entry-level
> security jobs have come up empty, considering they all want experience,
> which I do not have (my experience deals more with software/hardware
> and basic networking). A colleague mentioned the CISSP cert. However,
> it appears that in order to obtain it, one must have the relevant work
> experience, which puts me back at square one.
>
> I do not know how I should go about pursuing a security career and
> would like some insight into how I should go about it from those who
> are currently doing it.
>
> Long story short:
>
> 1) Is it realistic for me to think I can get into the security field
> with my current degree?

A degree means nothing in most cases - they don't teach security in
schools. Security comes from working in the network departments, seeing
the problems, learning how to deal with them, and working with security
peers/professionals to get the right mind set.

> 2) If not (or in addition to my degree), what can I do to get into the
> field? (books, classes, courses, etc).

You can take classes for any certification, you can study on your own,
but you need to be working in a shop where you can team up with the
security guru and learn/experience from that person.

> 3) What is the average $$$$ a security professional can make? Although
> the desire is there, I would like to know if it is worth any investment
> (financial or time-wise) I may have to make.

In most cases, once the security measures in place, the real brain work
(read that as hourly rate) is done - all that's left is to monitor it
and look for new threats. That doesn't mean you can't be setting up a
test network or other, but once we get a secure network designed and in
place, it's only a couple hours a month to make sure it stays that way.

Security reaches every area of a company's / users network and systems,
there are many areas that need secured and having a certification
doesn't really make you a security professional or that you know what to
do to secure an entire company / network.

Get into the IT field, where you are exposed to network configuration,
work with a team, and have the ability to setup test networks and learn
about security - after about 10 years you might be ready for designing
secure solutions.

--
--
spam999free@rrohio.com
remove 999 in order to email me


Posted by on June 26, 2005, 2:54 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


gregholmes@sbcglobal.net wrote:
> I currently have my BS in Computer Information Systems and would like
> to get into the field of computer security. My searches for entry-level
> security jobs have come up empty, considering they all want experience,
> which I do not have (my experience deals more with software/hardware
> and basic networking). A colleague mentioned the CISSP cert. However,
> it appears that in order to obtain it, one must have the relevant work
> experience, which puts me back at square one.
>
> I do not know how I should go about pursuing a security career and
> would like some insight into how I should go about it from those who
> are currently doing it.
>
> Long story short:
>
> 1) Is it realistic for me to think I can get into the security field
> with my current degree?
> 2) If not (or in addition to my degree), what can I do to get into the
> field? (books, classes, courses, etc).

Leythos,

There is no simple answer to your question. Much of how you should
prepare will depend on the company to which you would like to apply.
In other words, different companies have different requirements. Some
companies are looking for very technical folks with deep backgrounds in
infosec. Others are looking for entry level people who just have a
good work ethic and technical aptitude. Some things you can do to get
started include pursuing some of the low level security certs
(including Security+ and SANS GSEC). Also, stay involved in lists like
comp.security.misc. Read and learn. Set up a lab at home and practice
building firewalls, experimenting with security tools, and exploting
vulnerabilities.

Also, keep in mind that there are different types of Infosec jobs.
Some companies are looking for very hands-on pen testers, IDS monitors,
and the like. Others are looking for high level designers, and others
are looking for risk assessment and auditing types. I just suggest you
find the type of infosec work that suits you best and learn as much as
you can. Then keep applying for those infosec jobs. If you get into a
large enough company, even in a non-infosec role, sometimes you can
then move into an infosec role later.

Hope all this blabber helps.
> 3) What is the average $$$$ a security professional can make? Although
> the desire is there, I would like to know if it is worth any investment
> (financial or time-wise) I may have to make.
>
> Any and all feedback is HIGHLY appreciated. Thank you in advance.



Similar ThreadsPosted
New security software industry scam July 17, 2007, 6:05 pm
ACM CCS Industry and Government Track -- Call for Proposals June 24, 2005, 8:04 am
Single Signon cookie encryption - industry standard/best practice? August 24, 2004, 9:34 pm
HPSBMA01076 SSRT4787 Revised - HP Systems Insight Manager (SIM) for HP-UX Remote Denial of Service (DoS) December 1, 2005, 7:41 am
HPSBMA02378 SSRT080035 rev.2 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access to Data October 16, 2008, 8:41 am
HPSBMA02246 SSRT061260 rev.1 - HP OpenView Performance Insight (OVPI) Running Shared Trace Service, Remote Arbitrary Code Execution August 13, 2007, 4:43 pm
Security Breaches Pandemic - Deloitte Touche 2006 Global Security Survey June 29, 2006, 12:42 am
New site dedicated to security conferences : www.security-briefings.com May 6, 2006, 11:16 am
New It Security News and Information site for security professionals August 6, 2008, 2:46 am
Excellent website for IT Security (Security+) February 8, 2008, 12:32 am

The site map in XML format XML site map

Contact Us | Privacy Policy