September 25, 2011 at 11:26 pm #6840DuooParticipant
*Sorry for the wall of text*
I am getting ready to graduate this spring and am looking for some career advice. I will be graduating with two bachelors, Computer Science and Information assurance. I currently work two jobs, one as an intern in the Information Assurance group at a larger company, and the other as a security guard for a smaller IT company. I have obtained my Security+ certification and am looking to add a few more certifications before graduation.
I would like to find a job that would let me interact with multiple areas of the IT security profession and not limit myself to one particular technology, i.e. firewall engineer. I enjoy completing forensic and penetration challenges that I find online, but from my research there are not many entry level positions out there for either of those fields. From my job hunt so far, the job title of “Security Engineer” seems to be as close as I can get to my desired profession. Does anyone have any opinions on similar jobs I should search for or know of opportunities to lead me into a career in either forensics or penetration testing? As a side note, there is the possibility of a job offer from the company I currently have an internship with, but the team is geared more toward security product support. It might be a decent opportunity for me to acquire some experience in the field, but I feel like I would be limiting my career growth if all I did was focus on product support. I want a job where I am challenged and have the chance to learn more about the security field, not spend my days figuring out why product xyz isn’t working.
The next question is the dreaded certification question! I understand that certifications don’t replace experience, but it would seem that it makes getting your foot in the door that much easier (especially a bonus with my limited experience). One of my teachers conducts a CISSP training course every spring and lets students sit in for free. He claims that every student with an IA degree that has taken his course has passed, but I don’t know how much backbone the certification has without the required experience? The other issue I have run into with certifications are finding ones that will give me the most return on investment. Is getting a C|EH or GPEN certification worth it if the likelihood of me finding a penetration testing job right of college is low? I understand the benefits of displaying work ethic and ability to conduct self-study, but is investing $1000+ worth it at the beginning of your career?
Any input would be appreciated on my questions or just suggestions for a young security professional starting out in their career.
September 26, 2011 at 5:30 pm #42218TribanParticipant
Don’t be afraid to take that entry level spot being a sys admin or helpdesk person. You need to prove your worth. Sadly many colleges like to promise their prospective graduates the world when they leave, but reality is, no one is going to give someone the keys to the kingdom just because they have a degree, I see many MBAs under this false impression when they are looking for managerial spots.
Yes certs are good, experience is great, both is excellent. But it is rare to see guys fresh out of college have either. If the school has a good career training program (internships, co-operative education programs) then you at least get some experience in the field. Never be afraid to go for positions that you may not be qualified for. Explain that in the cover letter to the prospective employer and they may decide you might not be right for that position but they may want to get you as a jr. level to groom you for a higher spot in the future. If you don’t get to do all the stuff you want to in a single job, then just do the other stuff as a hobby and see if any of it can be applied to the current job. Some places don’t realize they need something until after it an event occurs, so think about that when you are doing some sort of sys admin gig.
CISSP is really a manager level cert and due to the current atmosphere in the industry, almost EVERYONE with an inkling of security knowledge has this cert and it is watering down the value of it at least to those that actually have the experience to back it. If you want to concentrate on certs this early in your career, look for technical certs. For one you will learn something useful even if you don’t pass the exam. So you will gain critical knowledge and if you are lucky a nice piece of paper telling HR you have this.
Also go out and network! Best thing you can do for your career is get to know people int he industry. Hop on the twitter feeds and look for the top 10 list of people to following in Info Sec. From there you will meet others. Its surprising how open a community the Information Security group is, so long as you keep an open mind and are able to accept critizism.
October 25, 2011 at 4:56 am #42219idr0pParticipant
Here are some titles to search for,
Jr. Penetration Tester
Information Security Associate/Analyst
October 27, 2011 at 9:56 pm #42220p0etParticipant
I’m finding it quite difficult to find any jr level security job openings. They all seem to be senior level. I see a lot more Network Security or Network Analyst jobs than general Security Analyst positions. I may apply on a Network Analyst job first and then use that as a jumping off point to security from there.
October 28, 2011 at 5:15 am #42221idr0pParticipant
p0et, Look into some MSSPs such as ISS, Google, Secureworks, Verizon, Trustwave. They all have entry level security positions where if you do your time they have consulting and research jobs you can move up into.
October 28, 2011 at 4:35 pm #42222p0etParticipant
Oops… should have clarified that I’m having trouble finding those types of jobs in my area of Vancouver & Victoria BC. Thanks though. 🙂
- You must be logged in to reply to this topic.