.

Active searching.

<<

secureseve

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Apr 08, 2010 10:40 pm

Location: DMZ

Post Mon Apr 12, 2010 6:26 pm

Active searching.

Hello all,

As my time in academia shortens, day after day, I am trying to get a head start by getting certifications and really focusing my attention to security and the technologies around it. Besides this, I understand experience is important. I know how hard it is to break into security so I am going "active" in finding an internship.

I was searching on Dice, Monster, Careerbuilder, etc. and I see a lot of posts for security professionals. Now it ranges from Management, to analyst, to engineer. Any of these are ok with me, as long as I get my foot in the door. I want to know if you think it's ok that I contact the Hiring Manager about an internship. None of these job advertisements are directed towards an internship, but a lot of them read, "As a Sr. Security Engineer/Analyst/etc., You will join our security team and help secure...". "Security Team". Is it ok that I contact the Hiring Manager and say, "Hey, I read your ad and I am inquiring about a position as an intern or volunteer to your security team." list my credentials, etc.

Is this proper? Will Hiring Managers react negatively? "Oh I don't have time for this kid, what does he think he's doing, I need a Sr. Analyst now!" Mind you that somewhere in my inquiry I would be saying I'll intern for free or similar non-hassle job title.

Then my next question is, how do I go about doing it? Phone? E-Mail? Is it ok to call and ask if they are willing to take on an intern and then send my resume/cover/etc?

If any of you have hired security professionals/interns before or any of you have just gone through what I have to get into the field they love, share with me some of your insight.

Thanks a lot for reading again, and sorry for the long posts.

Regards,

seven.
http://twitter.com/mikesantillana
eLearnSecurity Team Member.
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Mon Apr 12, 2010 8:55 pm

Re: Active searching.

I won't (can't) comment as to whether or not it is proper to contact a hiring manager directly to ask about an internship.  I've contacted a hiring manager directly on several occasions about a position they were actually advertising and I know that it landed me at least one job (mom taught me that persistence in this area pays).

Some other people can chime in on this as well, but most of the people I know in security got into it through system administration/engineering or development.  I got my systems engineering job through systems administration (which I got through helpdesk work).  Then I later moved to development (through the systems engineering job).  From there the job in security engineering and penetration testing presented itself.  From personal experience I can say that most of my cohorts are in security because they took other jobs related to security.

I know my years in system administration has helped me be able to look at a system and perform live forensics.  Likewise, it helps me understand the types of mistakes system admins make (when/why best practices are not observed).  The development time helps me audit source code for exploits (or audit exploit source code for backdoors).  It also helps me reverse engineer malware.

If someone hires you directly for a security position, good for you.  If you can't find a job doing security, take what you can find and move from there.  Looking back, I think I always knew I wanted to do security.  For instance, on the helpdesk, I gravitated to the incident response type tickets generated by EPO.  I took a lot of the security configuration and auditing duties on my system administration team.  My point is that it is probably easier to find a non-security specific entry level job out of academia.  If you must go that route, don't let it get you down, there's plenty to do to build your security career.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Apr 12, 2010 9:07 pm

Re: Active searching.

I believe that it's very difficult to be a good security person without working outside of the industry for a significant amount of time.  Most great security folks I know have done exactly what former33t said, they have started in help desk, moved to sys admin, done some development, etc.  Only then did they move to security.

You can look for a company that is security conscious to get started.  As you establish yourself, you can take on more security-related responsibilities and go from there.  That's what I did.  And I would do the same if I had a chance to start over. 

As far as contacting hiring mangers, what do you have to lose?  All they can say is no.
~~~~~~~~~~~~~~
Ketchup
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Apr 12, 2010 9:12 pm

Re: Active searching.

Well put, Ketchup (and I'll second both Ketchup and former33t's posts)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

secureseve

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Apr 08, 2010 10:40 pm

Location: DMZ

Post Mon Apr 12, 2010 10:05 pm

Re: Active searching.

I take to heart what all of you have said. I do understand other fields out there before getting to security and I am still in pursuit of that too. I was just asking if it's unethical to contact a hiring manager about a position that's not been advertised. In my standpoint (I don't know too much on how the hiring process works) if someone came up to me and asked to volunteer and work for free just to get his feet wet, I would be impressed.
http://twitter.com/mikesantillana
eLearnSecurity Team Member.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Apr 13, 2010 12:34 am

Re: Active searching.

As Ketchup stated, what do you have to lose?  Just go for the companies which sounds interesting to you, even if they don't have a specific job opening up. I've seen quite a fee people doing so who got their job this way.
Last edited by UNIX on Tue Apr 13, 2010 12:40 am, edited 1 time in total.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Tue Apr 13, 2010 3:27 am

Re: Active searching.

just go for it! it only shows motivation and dedication to the work field! no is what you have, yes is what you can get. also check with teachers from your college. Most of them have connections which could come in handy with finding an internship. good luck! also post this in the looking for work part of this forum, you never know!
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Tue Apr 13, 2010 8:53 am

Re: Active searching.

One thing I will add. If you offend a manager or the manager feels that you are wasting his/her time by asking, you probably don't want to work for that person anyway.

The most effective way to get something is to ask for it...

Good luck! You sound like you don't really need much luck though.


--
Ziggy
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+

Return to Career Central

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software