I've been out of grad school just less than a year and have been a professional web programmer (mostly .NET) for about 1+ years now. After some exposure to my company's IDS, network security, and my own experiences in developing more secured web apps got me into penetration testing/IT security field. Over the past few months, I built my own home security lab to experiment with and pretty much self-taught a large amount of security topics through the internet and various textbooks. I ended up getting my CCNA and Security+.

Not even a year out of school I'm already looking to change my career. My company is somewhat small and has really no need for a devoted secure professional and all that stuff is handled by our admins. I'm looking for a way to get started but do I really have to start from scratch as an IT helpdesk?

What types of positions, if any, are open someone like me? Professional experience as a web developer, certs, but no actual experience in the industry?

Hey invidia welcome to the board,

Were you thinking about obtaining any certs related closely to the Penetration Testing field? (Like OSCP, CEH - maybe aiming for a Sans Cert?)

If you have obtained your CCNA & Sec+ certs I think you'd over qualify for the typical help desk position - but I could be mistaken?

I've seen others recommend (in past posts) and suggest putting in and doing internships for doing minor Vulnerability Assessments for places like local churches, etc.

In the end, I think it's a plus your looking into the field - certifications help out but have you considered possibly going back to school for it?

Wishing you the best of luck!

kris

Your welcome, I think your definitely on the right track & landing an entry-level job in security would be easier to obtain with a degree. We have a active thread going on - on this board right here and I noticed some of the guys have suggested getting a degree to advance further into the field; picking up on some certifications while your at it makes your resume look good too!

I think it's a plus where your at having web programming experience, you may pick up on web application penetration testing more quickly than others since you've actually written code. I think since you have a good background with programming, it'll help out in areas like when your learning scripting techniques, exploitation, sql injection, etc. You having the programming degree could work as a plus trying to make a transition over into the field   don't count yourself out man.