.

Soon to be college graduate looking for the next logical step

<<

mjones

Newbie
Newbie

Posts: 3

Joined: Thu Mar 24, 2011 3:38 pm

Post Fri Mar 25, 2011 12:53 pm

Soon to be college graduate looking for the next logical step

I will be graduating this Spring with my Bachelors in Computer Information Systems and a minor in Computer Forensics. I would love to get into the Security field of IT, with forensics being a "back up" plan of sorts.

I have the basic A+/Net+ certifications under my belt and I plan on taking the Security+ exam around graduation. I have held a few IT internships over the years so I do have some real world experience, albeit nothing on the side of forensics or security.

In my searches for possible jobs I have never found a job involving Security that doesnt require years of experience, which makes sense. Would the best career path for me to take involve any entry-level IT job and then just try to wiggle my way into security/foreniscs?

I would love to hear some other members career paths and how they arrived at the level they are at today. Any advice I could get would be fantastic.
<<

millwalll

Post Fri Mar 25, 2011 1:24 pm

Re: Soon to be college graduate looking for the next logical step

Hi mjones,

I am pretty much in the same boat. I have tried to apply for jobs but with no experience finding it hard. I am thinking of getting any It job and using money to get security certificates.

I was planing to do the security + too but the material is pretty old(2008). They are updating it in May so might be worth waiting until then.

I think you maybe better off getting IT job and trying to work your way in.

Hope this helps
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri Mar 25, 2011 2:03 pm

Re: Soon to be college graduate looking for the next logical step

The way I did it... I started off as a janitor. Don't laugh.

Cliff notes version:

Applied and got a job shipping and receiving for one of the original internet backbone companies. Not enough work, so they had us be janitors too. Built Point of Presence (think data closet, but also routed internet traffic through it). Wired building for VOIP and Data. Found out what they did, lots of time spent doing personal study, and transferred to their Network Ops Center.
Things learned there: Locks, Unix, Networking. Interest in defense after company was hacked.

Changed to a Teleco. Worked they're SONET and IP NOCS.
Things learned there: Fiber Optics, Laser Communications, more networking, Wireless networking. Unix administration. Interest in War driving and war walking.

Laid off, back to school. CIS degree and Anthropology degree. Managed a bar.
Some interest in security, some interest in physical security. Encryption and tunneling.

CO-OP as a data base reports writer. Used tunneling to get around the school's blocks on some sites. Tunneled connections home to do homework and things when there were not reports to write programs for.

Changed to Automotive Data Center. Watch over Electricians installing equipment and cables (cat5, cat5e, Fiber optics). Go between network engineering vendor and auto company. Did wireless audits (look for rogue APs in sites), and ran the network sniffers.
Learned Sniffing and how to look at packets. Network data graphs.

Changed to publishing company. Started as the Unix / Linux admin. Used tunneling to play around  and test things from home. Then showed how to test remotely from my desk. Firewall admin got mad that I could tunnel around the rules. Punishment was taking over the firewall. Set up VPN connections, hunt out people breaking the AUP, locked down the firewall more, etc.

Currently, work for an IT company. Maintaining Load Balacers and server farms, making changes to firewalls, and setting up VPN for B2B and remote user access.

---
Every chance I got, I offered to work the security side / Defense. Some times I got to, some times I was ignored. When I could, I got in good with the security groups. Not in their department, but at least came off as someone that had skills, and understood the security side too. I've spent a lot of time over the last 14 years studying up on things on my own time.
OSWP, Sec+
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Mar 25, 2011 2:04 pm

Re: Soon to be college graduate looking for the next logical step

That's exactly what I did. I went from helpdesk > field tech support > sysadmin > IT management > hybrid security role w/disaster response/incident handling focus > pure security role. Ask any of us and we probably took a slightly different path to get there. You absolutely have to have the basics first though or the value you will provide will be minimal.

For instance, how do you pentest a database when you don't even know how a database works? Sure you can fire up sqlmap and see what happens or try some generic SQLi but what do you do when the injection is occurring at the wrong point or standard techniques don't work? You fall back to the basics and use critical thinking skills to solve the problem.

Get a normal boring IT job but keep a security focused perspective. Your employer will pick up on your interests and you will learn the core skills that will serve you well throughout your career.If that fails to deliver, once you have a solid grasp of the fundamentals, start shopping elsewhere for a security role.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Fri Mar 25, 2011 2:18 pm

Re: Soon to be college graduate looking for the next logical step

Mike Murray posted a great article over at The Hacker Academy's blog: http://www.thehackeracademy.com/the-key ... n-testers/

He references an article posted over at InfoSecInstitute: http://resources.infosecinstitute.com/i ... n-testing/

Both are great articles I thought and may help you out a bit.
GSEC, eCPPT, Sec+
<<

securitygal

Newbie
Newbie

Posts: 1

Joined: Mon Apr 11, 2011 9:27 am

Post Mon Apr 11, 2011 10:58 am

Re: Soon to be college graduate looking for the next logical step

Send me your resume as I work with a National Consulting Firm.  They occassionaly have entry level jobs, and will see if your background is a fit for their college recruit class.

pluther@preciseresource.com

Return to Career Central

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software