.

Web developer to IT security

<<

invidia

Newbie
Newbie

Posts: 3

Joined: Sun Mar 21, 2010 6:38 pm

Post Tue Mar 23, 2010 3:14 pm

Web developer to IT security

I've been out of grad school just less than a year and have been a professional web programmer (mostly .NET) for about 1+ years now. After some exposure to my company's IDS, network security, and my own experiences in developing more secured web apps got me into penetration testing/IT security field. Over the past few months, I built my own home security lab to experiment with and pretty much self-taught a large amount of security topics through the internet and various textbooks. I ended up getting my CCNA and Security+.

Not even a year out of school I'm already looking to change my career. My company is somewhat small and has really no need for a devoted secure professional and all that stuff is handled by our admins. I'm looking for a way to get started but do I really have to start from scratch as an IT helpdesk?

What types of positions, if any, are open someone like me? Professional experience as a web developer, certs, but no actual experience in the industry?
<<

snortymcsnort

Newbie
Newbie

Posts: 17

Joined: Fri May 30, 2008 12:00 pm

Post Tue Mar 23, 2010 3:32 pm

Re: Web developer to IT security

It is pretty tough to get your foot in the door unless you have a good background in different operating systems (linux really helps) and networking.  If you are doing doing a lot of self study, there are many open source and free security tools on which you can get hands on experience. Some of the tools I use on a daily basis include nmap, tcpdump and sysinternals.  Also free applications I use include Snort. Splunk, Nessus, Ossec, Metasploit, Netwitness Investigator and CAIN.  Having experience with these shows initiative and I think that counts for a lot when we are interviewing.

Good luck!
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Mar 23, 2010 6:23 pm

Re: Web developer to IT security

Hey invidia welcome to the board,

Were you thinking about obtaining any certs related closely to the Penetration Testing field? (Like OSCP, CEH - maybe aiming for a Sans Cert?)

If you have obtained your CCNA & Sec+ certs I think you'd over qualify for the typical help desk position - but I could be mistaken?

I've seen others recommend (in past posts) and suggest putting in and doing internships for doing minor Vulnerability Assessments for places like local churches, etc.

In the end, I think it's a plus your looking into the field - certifications help out but have you considered possibly going back to school for it?

Wishing you the best of luck!

kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

invidia

Newbie
Newbie

Posts: 3

Joined: Sun Mar 21, 2010 6:38 pm

Post Tue Mar 23, 2010 10:25 pm

Re: Web developer to IT security

Thanks for the reply.

I thought about going back for a graduate certificate in information assurance or maybe another Masters but in Information Assurance (I have a MS in Comp Engineering but specialized mostly in Comp Sci/Programming). I thought about doing this part-time until I can get an internship/job that would help fund my tuition.

Would my chances for an entry-level position, such as an information security analyst, be better as a graduate student if I went the school route? I am also assuming my background as a web programmer isn't going to help much in the future.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Mar 24, 2010 1:56 am

Re: Web developer to IT security

Your welcome, I think your definitely on the right track & landing an entry-level job in security would be easier to obtain with a degree. We have a active thread going on - on this board right here and I noticed some of the guys have suggested getting a degree to advance further into the field; picking up on some certifications while your at it makes your resume look good too!

I think it's a plus where your at having web programming experience, you may pick up on web application penetration testing more quickly than others since you've actually written code. I think since you have a good background with programming, it'll help out in areas like when your learning scripting techniques, exploitation, sql injection, etc. You having the programming degree could work as a plus trying to make a transition over into the field  ;) don't count yourself out man.
Last edited by KrisTeason on Wed Mar 24, 2010 2:02 am, edited 1 time in total.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP

Return to Career Central

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software