.

In need of some advice [Continued...]

<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed May 06, 2009 4:57 pm

In need of some advice [Continued...]

Sup E-H.net,

I've decided to add onto this thread cause I'm still in a sort of confusing position and I'd like some of your guys' opinion / advice on the subject. Alright about last year sometime around now (about 11 months ago) I opened a thread, wanting some advice on possibly what I should try to major in, in college. The thread can be found here:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2563.msg11437/#msg11437.

Here's where I currently am. I decided I'd go to a community college (not the one in town here, but one out of town) and I've been taking some programming classes and I took an Introduction to Information Systems Security class there. I'm currently in my second semester and will be finishing up really soon. I had recently decided to check back with ITT Tech to see if they re-opened up their software development course so I could go into that. Bad news though, they never got it back opened, and unfortunately, the other ITT Tech in my area, doesn't have it either. I was wondering, is software development a declining field? There's not alot of people who signed up for the course over there so I'm wondering, does that work out in the long run, since there's not alot of people wanting to become Software Developers would it eventually be easier for me to find a job in this field? What they're offering at the college I go to right now is a programming certificate but I'm actually wanting to go for a degree. It's not neccessarily that I favor that school, I get it's pretty expensive, but I'm just wanting to go to a school where it's like really hands-on, 70 or 80% of the program of your choice is geared towards those classes, while the other 20% is geared towards your general ed. I'm not trying to take a crap load of general ed for a degree because my academics aren't exactly as high as I want them to be.

Throughout this past year though, my interest in the InfoSec field has grown a little bit more too. I tried to take the Off Sec course last year, but since I was still in high school they didn't think I was old enough to do the course and wanted me to send over a copy of my photo ID, and that's how that conversation ended between the off-sec guys and I. I'd eventually like to go into Penetration Testing but I know it's just not one of those things where you go, "Alright, I have a degree in Information Systems Security, maybe a certification or two, here's my resume...bam you got the job" type of thing. My question I have here is that, I can't exactly expect to go directly into Pen Testing just by holding a degree right? Wouldn't they want you to have some Network Administration experience or something along the lines of that before applying for a job doing that? Even trying to get a job doing it fresh out of college, wouldn't it be next to impossible considering companies are wanting people with 10+ years of experience under their belt? Not that I blame them, it just seems pretty difficult to get the job. I've also noticed, that alot of people are going into this field...you may all notice we get people weekly who come here asking for advice for what they should do to eventually get into doing security for companies, etc. My question is, should I even opt to go into this field or should I stick with programming? I've been coding since I was around 15 and a half, and have always wanted to be a programmer, but I've always wanted to have the job as an Ethical Hacker/Penetration Tester as well. I'm just a little confused on which should I go for at this point. I was thinking I should look into the Information Systems Security course offered by ITT Tech and then if I didn't care for it, drop and then go into programming else where (considering they don't offer it there), but I'm all open to your opinions/advice. My bad if it sounds like I'm ranting in this one...Thanks in advanced.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Thu May 07, 2009 10:02 am

Re: In need of some advice [Continued...]

Hang in there. First off, you don't need the degree to get into the field. It helps, but is not the end all be all just as certifications are not. With that said, anything you do will help you out. Pen Testing is not something you just jump right into. Look at a few books out there like "Hacking: the Art of Exploitation" or others. We have all read this or a similar book at some point. Start looking for ways to gain exprience in the general IT world. There are a few good threads on here about the skills that we should have. I wish I had the link handy for you. You need to know a bit about a whole lot of stuff like networking, linux, windows, and some programming (scripting). Just to pick a few. I would suggest trying to find a tech support job with Best Buy or soemthing where you can get soem hands on with various different systems. I did soem part time consulting prior to getting the job I hold now. That let me get into some sys admin and networking experience. take your time and look at what is out there. As far a certs go, look at the net + and security + form CompTia. These are good entry level certs that will open your eyes. Look at using a Linux disto if you have not used linux before. There are live cds that you can use that will not affect your host system. And a last piece of advice, find a mentor that can help guide you. This could be one of your instructors or some one that has been in the IT field for a while. Good luck.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Thu May 07, 2009 11:03 am

Re: In need of some advice [Continued...]

In my experience experience is king.  Some things you can do to get IT field experience (and document some security experience along the way) involve volunteering.  Most churches and non-profits are woefully inept at IT like tasks and especially so when it comes to security.  Most have SOHO networks and many have websites (most of these are contracted out).  You can offer to help out with IT support and while you're at it do security assessments that can be documented on your resume.  Note I'm not talking about using a non-profit's SOHO network as a pen testing lab, but locating places where they are vulnerable and offering suggestions on how to fix it without breaking their "infrastructure".  I know a network admin who stepped her way into a paying contract job as a direct result of her volunteer work with an unrelated non-profit.

Good luck.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Thu May 07, 2009 11:54 am

Re: In need of some advice [Continued...]

Thanks you two. former33t, that sounds like a good idea. sgt_mjc, I'm not a complete noob man...not that I'm the best either, but I got into linux a couple years ago. I was just wondering though, do you guys know how the programming field is currently? People doing Penetration Testing currently, do you see it being a field where alot more people will be doing it a couple more years down the road and jobs will be available? A degree sounds like a stable thing to me, I didn't exactly want to get a bunch of certifications together because then I'd have to pay to renew them eventually and your degree stays there on your resume. I eventually wouldn't mind going for a few of them. Going around to spots like Monster.com, Y! Jobs, etc, I see programmers are in need, but not as many jobs are open for Pen Testers. Do you guys think it'd be better to get a computer science degree emphasizing and then move into the InfoSec field. I was thinking maybe I try out a few classes and see how it holds then make my decision, but I'd like to get some more opinions...
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Thu May 07, 2009 12:40 pm

Re: In need of some advice [Continued...]

I wasn't trying to suggest that you were a noob. I jusst did not know your background and I would give the same advice to pretty much any one out there. After all, we live in a MS domincated world. Back on topic though, we do pen testing where I work, but it is usually associated with doing certification and accreditation testing. We get contracted to do the vulnerability assesment and then often come back and then do a pen test on the system. What you are seeing is that there are few if any that do nothing but pen tests. My background includes a BS in Software Engineering and a Masters in InfoSec. BEing able to read and write code helps, but I wish that I had more sysadmin experience. So as former33t said, do some non-profit work. Programming will never go away. We are too wired these days. Good luck.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

crk

Newbie
Newbie

Posts: 49

Joined: Mon Mar 23, 2009 9:32 pm

Post Sat May 09, 2009 11:16 am

Re: In need of some advice [Continued...]

Also, if you're considering attending ITT Tech, make sure you ask to see a copy of your textbooks and materials as well. I looked at going there for awhile until I attended an orientation and learned that most of my textbooks were very poorly translated from Korean or something. They were written in broken English and sometimes didn't even make sense. In my experience ITT tries to pass themselves off as totally worth your money...and the one in your area may very well be of better quality than mine...but in my honest opinion, if you can find the courses you need somewhere else, take them somewhere else.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Sat May 09, 2009 1:47 pm

Re: In need of some advice [Continued...]

Thanks you two. Much better info in that one sgt_mjc. Was hoping to also get some responses from Chris Gates, Ryan Linn & Don on the subject too? If you guys aren't too busy?
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Mon May 11, 2009 12:03 pm

Re: In need of some advice [Continued...]

Sorry for the delay on posting, I'm still recovering from ChicagoCon.  I think you are at the right point in your thought process.  As far as software development goes, it is still alive and well.  There are some interesting transitions going on with software in general, and so I think that there is less focus on the desktop and many folks are really pushing to service oriented stuff.  Microsoft even seems to be pushing for tying applications to users instead of machines.  If software development isn't what you want to do though, even if you do it for your major at school, there are plenty of jobs where you program for completing tasks instead of programming all the time.  I write code a lot, but I'm definitely not a programmer.

As far as the school goes, I would say that what you should do depends on what you want out of it.  I think having a degree in something is important as it will help get your foot in the door.  I believe you said you were doing information systems, or something along those lines, and that should be fine for a degree.  Certifications are just another step to getting in the door.  They may help HR make a decision or may put you above someone else if the competition is close, but in most cases I don't think just having certs will necessarily get you the job.

You are at a great spot.  Co-Ops and internships are really important I think as they are experience that you can get as a student that are hard to get any other time.  Start working on your experience while you're in school, maybe even if you can do something at the school with the IT department that is a great start.  Volunteer at places that will give you letters of recommendation such as non-profits, churches, etc.  Stuff like Johnny Long's hackers for charity is also great because you're helping folks that need it while getting experience and potentially letters of recommendation.

As far as how to get into stuff, I got in from sys-admin.  I was a *nix sys-admin first, then started doing security stuff.  I know lots of folks who take the network or sys-admin way in.  Security is one of the fields though, where I think that who you know is really what lets you exercise what you know.  Start going to security conferences, you are already taking a good first step by being on the boards here, where you've already demonstrated you know some good stuff.  Get your school to get you in touch with some people at local companies and start talking to their security folks. 

While you are in school, I'd try to maybe take one business class so you at least know the terms that folks use in business.  When you go for an interview in your first job after school, it will be a good thing to point out.  Security can be good and technical and fun, but it all comes back to the business.  Be able to talk about risk, policy, and the fact that information security is not completely a technical problem and I think that will do you well. 

Once you have experience from internships or co-ops, or even volunteering, you will have an easier time getting into a job you want.  If you start networking with folks now, it will help even more.  Overall, have fun, get a degree in something, and have a passion for learning more about what ever you pick for a degree and you will have a great start for being where you want.

I don't know if this helped at all, I know much of it is a repeat of what others have said.  What worked for me involved people networking and experience, some of which I got while I was going to school for programming.  Everybody has a slightly different way they got here, but the fact you are talking to folks here is a great first step. 
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon May 11, 2009 1:17 pm

Re: In need of some advice [Continued...]

I'd also have to agree with a lot of what has been said already. And like Ryan mentioned, programming isn't going away. A quick glance at the job boards will tell you that. I've seen more programming positions than network/system admin/support positions.

The biggest thing to do is figure out what you enjoy doing, and do that. That's pretty much exactly what I did back when I was where you are a few years ago. I tried school for criminal justice and realized I loved working on computers - since that's what I spent all my free time doing.

If you really enjoy programming and can sit there for hours and hours coding away, then follow through with it.

If you enjoy doing network or system administration stuff, stick with that instead.

Either path can eventually lead you into a security position.

And like someone else mentioned, a degree is definitely not required. I don't have a degree - and I know some others here don't either. When I see job postings asking for one, I ignore it and submit my resume anyway. I still receive calls back and they typically won't even mention a degree. So don't be afraid to try and do your own thing and run with it. You can certainly still be successful :)

BillV
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon May 11, 2009 4:05 pm

Re: In need of some advice [Continued...]

Thanks you two! Both helped out a little bit more towards me making a decision. Appreciate it.  :)
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed May 13, 2009 4:00 pm

Re: In need of some advice [Continued...]

Not to pass the buck, but based on the responses in this thread, other threads and articles on this site, I think you have a lot to think about. So instead of rehashing the good advice already given, how about I leave the door open to answer any specific questions that come out of your own planning. Have you written down your wants, desires, goals, etc. for the next 5 yeras, 2.5, 1, 6 months? I do it in reverse purposely. You should, too.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu May 14, 2009 1:26 am

Re: In need of some advice [Continued...]

Have you written down your wants, desires, goals, etc. for the next 5 yeras, 2.5, 1, 6 months? I do it in reverse purposely. You should, too.


I can affirm this. I think it is really important to know yourself, your goals and desires, your skills etc. - Often people think about this but to actually write it down and think even more about it is very important for ones softskills. Often things will come different than you expect and may change everything, but it is very important to know yourself. This definitely helps.

What do you like more - programming or security?

When you go for something it doesn't mean that you won't be able to do the other. Often one involves the other or is somehow related to each.
Doing a degree is surely helpful and will help you in learning many new things, but as already said by others, it is not necessary. You can apply for a job even without a degree and get it when you know your stuff. Often companys prefer someone with experience rather than only a degree but no or little practical experience.
I won't study only because you think that you need a degree for something. Neither I would to it because of money. The aim to study at a university should be something different.

Whatever you do, you have to decide it by yourself.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu May 14, 2009 3:18 am

Re: In need of some advice [Continued...]

I'll agree with previous statements,

I found planning (and writing down) where you want to be AND the intermediate steps you need to get there are a major improvement to the generic 'I want to be in security'. From my experience it helped provided some focus as to what was needed now, and provides a good way of measuring progress and if you are achieving your goals.

I found Don's DIY career talk great in this regard. Also check out Mubix's Couch to Career in 80 hours or less. If you can follow the advice and be honest with yourself then you should be in great shape to start down the road to your chosen career.

Good luck out there

Return to Career Central

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software