HELP! Need insight on getting into Security industry.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I currently have my BS in Computer Information Systems and would like
to get into the field of computer security. My searches for entry-level
security jobs have come up empty, considering they all want experience,
which I do not have (my experience deals more with software/hardware
and basic networking). A colleague mentioned the CISSP cert. However,
it appears that in order to obtain it, one must have the relevant work
experience, which puts me back at square one.

I do not know how I should go about pursuing a security career and
would like some insight into how I should go about it from those who
are currently doing it.

Long story short:

1) Is it realistic for me to think I can get into the security field
with my current degree?
2) If not (or in addition to my degree), what can I do to get into the
field? (books, classes, courses, etc).
3) What is the average $$$$ a security professional can make? Although
the desire is there, I would like to know if it is worth any investment
(financial or time-wise) I may have to make.

Any and all feedback is HIGHLY appreciated. Thank you in advance.

Re: HELP! Need insight on getting into Security industry. says...
Quoted text here. Click to load it

A degree means nothing in most cases - they don't teach security in
schools. Security comes from working in the network departments, seeing
the problems, learning how to deal with them, and working with security
peers/professionals to get the right mind set.

Quoted text here. Click to load it

You can take classes for any certification, you can study on your own,
but you need to be working in a shop where you can team up with the
security guru and learn/experience from that person.

Quoted text here. Click to load it

In most cases, once the security measures in place, the real brain work
(read that as hourly rate) is done - all that's left is to monitor it
and look for new threats. That doesn't mean you can't be setting up a
test network or other, but once we get a secure network designed and in
place, it's only a couple hours a month to make sure it stays that way.

Security reaches every area of a company's / users network and systems,
there are many areas that need secured and having a certification
doesn't really make you a security professional or that you know what to
do to secure an entire company / network.

Get into the IT field, where you are exposed to network configuration,
work with a team, and have the ability to setup test networks and learn
about security - after about 10 years you might be ready for designing
secure solutions.

remove 999 in order to email me

Re: HELP! Need insight on getting into Security industry.

Leythos wrote:
Quoted text here. Click to load it

Of course, we teach security in school...assuming, of course, that you
mean universities.  And while learning on the job is invaluable, it
complements, rather than supersedes what is learned in school.  Although
it is possible to get into the business without it, a broad and deep
foundation will serve you for a lifetime and schools are the most
efficient and effective way of achieving it.


Re: HELP! Need insight on getting into Security industry.

Quoted text here. Click to load it

The kids I interview out of most of the big colleges for IT work don't
have much of a background in security, not a good foundation, and I've
always found that most technical classes and schools are about 4 years
behind the current market (at least).

Even the kids out of the technical schools have a limited understanding
of network/systems security, and it's usually less than a intern with 6
months experience gets.

remove 999 in order to email me

Re: HELP! Need insight on getting into Security industry.

Jon / Ley,

Thank you both for your responses. You both make valid points: in no
way do I regret obtaining my degree. It has come in handy. At the same
time, aside from basic networking and hearing about basic security
(i.e. firewalls), I cannot say that my BS has helped me in this
particular pursuit.

What self-study / certs would either of you suggest I focus on to help
me get started. I do not have a problem "crawling before I start


Re: HELP! Need insight on getting into Security industry. wrote:
Quoted text here. Click to load it


There is no simple answer to your question.  Much of how you should
prepare will depend on the company to which you would like to apply.
In other words, different companies have different requirements.  Some
companies are looking for very technical folks with deep backgrounds in
infosec.  Others are looking for entry level people who just have a
good work ethic and technical aptitude.  Some things you can do to get
started include pursuing some of the low level security certs
(including Security+ and SANS GSEC).  Also, stay involved in lists like  Read and learn.  Set up a lab at home and practice
building firewalls, experimenting with security tools, and exploting

Also, keep in mind that there are different types of Infosec jobs.
Some companies are looking for very hands-on pen testers, IDS monitors,
and the like.  Others are looking for high level designers, and others
are looking for risk assessment and auditing types.  I just suggest you
find the type of infosec work that suits you best and learn as much as
you can.  Then keep applying for those infosec jobs.  If you get into a
large enough company, even in a non-infosec role, sometimes you can
then move into an infosec role later.

Hope all this blabber helps.
Quoted text here. Click to load it

Site Timeline