.

Security Career WITHOUT Becoming a Network Administrator?

<<

jimjohnson23

Newbie
Newbie

Posts: 13

Joined: Thu Jun 23, 2011 7:51 am

Post Thu Jun 23, 2011 8:07 am

Security Career WITHOUT Becoming a Network Administrator?

Hey guys,

I've read a couple dozen articles and forum pages online about computer security career paths. Pretty much 90% of all the pages stated that it's best to start out as a network administrator, which would usually require a person to sit as a help desk technician for some prolonged period of time.

Is there any other "ordinary" route? Or is there usually a "structured" career path to becoming a information security professional?
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Thu Jun 23, 2011 8:25 am

Re: Security Career WITHOUT Becoming a Network Administrator?

Sure, there's always the application developer, system administrator, or similar routes. Or you could just focus on the "fun" security topics and provide little value add for your employers but WOW them with your "l33t" skills. Personally, I think that's the road to suckage and as Kevin Johnson likes to say "Less suckage is good"

Bottom line, suck it up, do your time in the trenches. It's not just busywork, you will learn valuable skills there that will benefit you for a long time to come. I'm speaking from experience here because I'm having to go back and focus on/learn some baseline skills I never picked up (Like DB and programming and a handful of server technologies I never used before but are very prevalent in the workplace), even though I spent 12+ years as help desk, desktop support, sysadmin, IT Director, etc before embarking upon my security career. I mean, how are you supposed to secure technology if you don't understand how it works or know what the interaction points are?

Good luck! It's a really fun journey, and if you aren't just in it for the money you will have a blast!
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Jun 23, 2011 8:26 am

Re: Security Career WITHOUT Becoming a Network Administrator?

@jimjohnson23

In asking this, what would you define as an "ordinary" route?  Do you not feel that knowledge gained as a network admin (or even helpdesk) would not be of added value in security?

While you might get lucky enough to find somewhere that'll hire you or start you directly in security, you'll usually find that the folks, who are even remotely 'active' and well-versed in security, are those who have seen and worked in standard IT roles.  You get a feel for users, networking, problem remediation, etc, that just going straight from a security course or book, very likely, will NOT teach you.

I think the vast majority of us on here (maybe not all of us, but the majority,) who are regular posters and stay involved, will tell you we've all been down the admin road, previously.  It's experience that, while sometimes, during the process, you feel is wasting time, eventually, you'll come to  realize is invaluable to getting a TRUE understanding of the underlying concepts and things you'll come across, as you grow into security roles.

That's my opinion, for what it's worth.   ;)

Edit - fully in agreement with tturner, too, who was posting as I was typing.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Thu Jun 23, 2011 9:36 am

Re: Security Career WITHOUT Becoming a Network Administrator?

My title is Network Engineer, was the same at my last position. I've never worked a hell desk. I've been the second level support for one of them, but never the front line person.

Really, to be good at security (at least we keep telling ourselves this) you need to know OS, Network, Business practices / logic, and Human nature. Programming helps. And that's just for the "Basics of Security".

Really, what good is being the guy that tells everyone no, if you can't explain it on a level they can understand?
OSWP, Sec+
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Thu Jun 23, 2011 9:54 am

Re: Security Career WITHOUT Becoming a Network Administrator?

I'm a Network Application Engineer right now, but over the past five years or so I've moved from help desk (~1yr) to server admin, business/systems analyst, application developer, and network engineer, though not all of those had associated titles.  I've done security related tasks in all of them and having security principles in mind helps the decision making at any stage.

I guess it really depends on what you want to do with security, which is a huge question.  I still don't know where my diverse background will take me, but I'm thankful for every bit of it.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

adl

User avatar

Newbie
Newbie

Posts: 2

Joined: Thu Jun 23, 2011 1:04 pm

Post Thu Jun 23, 2011 2:39 pm

Re: Security Career WITHOUT Becoming a Network Administrator?

u might need some knowledge of a little bit of every OS though. (especially NOS:-X

perhaps this cert path? As a Web Developer career
1)  HTML, Python, PHP, JavaScript & Perl skills
2)  Security+
3)  eLearnSecurity: Student, eCPPT
4)  CIW Security
5)  GWAPT
6)  PMP/CISSP
Last edited by adl on Thu Jun 23, 2011 2:51 pm, edited 1 time in total.
Working on: CCNA
goals: CCNA, Security+, CEH 7
<<

jimjohnson23

Newbie
Newbie

Posts: 13

Joined: Thu Jun 23, 2011 7:51 am

Post Thu Jun 23, 2011 7:38 pm

Re: Security Career WITHOUT Becoming a Network Administrator?

Thanks for taking my question seriously, guys. I was afraid that I'd get criticism for asking such a basic question.

tturner wrote:Bottom line, suck it up, do your time in the trenches.


I'm all about paying my dues (despite the fact that I'd be 26 by the time I graduate ... 2 yrs in military and 2yrs in non-tech job). If I have two years left until I graduate, do you think that I'd be able to do my time in the trenches at a Help Desk Level I before graduating? I really want to start at Level II at the least after graduating...


hayabusa wrote:@jimjohnson23



While you might get lucky enough to find somewhere that'll hire you or start you directly in security, you'll usually find that the folks, who are even remotely 'active' and well-versed in security, are those who have seen and worked in standard IT roles.  You get a feel for users, networking, problem remediation, etc, that just going straight from a security course or book, very likely, will NOT teach you.



I don't believe I'll be that one "lucky" guy to get hired straight into a security job. Just not gonna happen - skills would be insufficient, and, I also believe these jobs ought to be viewed as a privilege.

But speaking of things that courses and books cannot teach you, is it a waste of time for me to take two pre-requisite math courses just to take some network security courses? I mean, I already have Calculus sequence down, but the "security" courses that I want to register for require a sequence of analytical and mathematical courses. Would I be better-off just doing self-study for security/hacking skills? I ask, because I'm sorta questioning the practical importance of mathematics in a security career.

But if you say that I should "understand" how computers work, would the following courses be relevant?

1.) Compilers
2.) Verification/QA Testing
3.) Database Application Development (A sequel to a comprehensive database course).

Or am I better-off using this time on self-studying directly relevant material (personal projects, security concepts, hacking, etc.)?

-----

If I REALLY put my heart into it, how long would it take for me to climb my way up to a network administrator position? I understand the answer to this question is always "it depends", but I'm just seeking a rough approximation - as in "Help Desk I/II - X years" ---> "Help Desk III - X years" ---> ???? ---> Network Admin ---> Profit.
<<

jimjohnson23

Newbie
Newbie

Posts: 13

Joined: Thu Jun 23, 2011 7:51 am

Post Thu Jun 23, 2011 7:42 pm

Re: Security Career WITHOUT Becoming a Network Administrator?

adl wrote:u might need some knowledge of a little bit of every OS though. (especially NOS:-X

perhaps this cert path? As a Web Developer career
1)  HTML, Python, PHP, JavaScript & Perl skills
2)  Security+
3)  eLearnSecurity: Student, eCPPT
4)  CIW Security
5)  GWAPT
6)  PMP/CISSP



Hrmm.. I think, instead of a web dev. route, perhaps a Database Developer route would be quicker... maybe, maybe not. But here's what I'm thinking. You start out as an entry level Database Developer, and work closely with the DBA. After about two years of Database Development and working closely with DBAs and sys/net admins, you climb up to a jr. DBA.

I think, as a DBA, you can take on a lot of responsibilities that a network admin would do, and then gain a lot of knowledge on securing the database. This seems a little less "harsh" of a road than going through a Help Desk for a few years. The downside of this route might be that a lot of the stuff you learn as a DBA/DB Developer might be less relevant to Security than the stuff a Help Desk/Network Admin would learn. Any thoughts???
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Jun 24, 2011 2:12 am

Re: Security Career WITHOUT Becoming a Network Administrator?

Hm, i never did anything of that. I went straight from university to being a security consultant. I studied my butt off the first two years and taking it a little slower now, focussing more on getting work experience. Cant wait to pick up another learning experience, but as you can see, it is doable. remember that you will need a solid base to start with, i got networking, databases and more in school (even a little security!).
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

jimjohnson23

Newbie
Newbie

Posts: 13

Joined: Thu Jun 23, 2011 7:51 am

Post Fri Jun 24, 2011 3:37 am

Re: Security Career WITHOUT Becoming a Network Administrator?

j0rDy wrote:Hm, i never did anything of that. I went straight from university to being a security consultant. I studied my butt off the first two years and taking it a little slower now, focussing more on getting work experience. Cant wait to pick up another learning experience, but as you can see, it is doable. remember that you will need a solid base to start with, i got networking, databases and more in school (even a little security!).


Wow, that's  unbelievable. I'm curious as to what it takes to get a security gig as a newly minted graduate.

I was thinking about deferring "network security" coursework until I get experience, because there's "no chance" at getting a security job anyway. But could you please, please give me some pointers as to what you did in order to secure that position?

Did you network with other people? Go to a good school?
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Fri Jun 24, 2011 4:15 am

Re: Security Career WITHOUT Becoming a Network Administrator?

I know a few people out of college who did security work right away, but they were all-stars and were already focusing on hacking/pentesting while still attending university. Some were doing CCDC or Defcon CTF, others were doing projects on heuristic IDS or other security tool development.

If your major is directly related then it is more possible, if it is not then... sysadmin, dev, etc, all while trying to gobble up sec related projects will get you to a sec career quickly.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Jun 24, 2011 7:07 am

Re: Security Career WITHOUT Becoming a Network Administrator?

Like Jhaddix posted, just make sure you have knowledge before you apply to a security job. Get involved in the community and contribute at local conferences/meetings etc. Also show them your enthusiast towards IT-security. If you cant find your dreamjob go for the closest one and work yourself up which can, if you are an all-star, happen pretty quickly. At my first job i was doing pentest stuff within a year. However, this can only be done when you have a company that stands behind your decision, and is willing to invest in it...
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Jun 24, 2011 8:29 am

Re: Security Career WITHOUT Becoming a Network Administrator?

jimjohnson23 wrote:-----

If I REALLY put my heart into it, how long would it take for me to climb my way up to a network administrator position? I understand the answer to this question is always "it depends", but I'm just seeking a rough approximation - as in "Help Desk I/II - X years" ---> "Help Desk III - X years" ---> ???? ---> Network Admin ---> Profit.


Well, "it depends." The good thing about that answer, is that the variable it depends on is you. You are in control, just as other people have responded and as you appear to understand.

Everyone's path is going to be different. Some people enjoy building web applications and do that work for a while before they decide to focus on security. Others enjoy networking. And then, there are some that just want to jump right into security. This isn't a problem but it takes a lot of passion and effort on your side to properly prepare yourself if you want to bypass other positions.

I first started in IT as a temporary employee for 2 months. My role was to unpack desktops, plug them in, and make a configuration or two. They also tasked me with troubleshooting and fixing all of their broken desktops. Keep in mind, I went into that position with no experience and just a high school diploma. All I could say at the interview was "I enjoy working with computers. I fix them for family and friends all the time. I build websites and run a web server at my house. And I want to go further." Part of what I was interested in off the bat was security, and taught myself CEH-type stuff (basic skills, how hacking worked, how to use trojans, etc.).

After my 2 months was complete, I called back to ask if I could use them as a reference. They instead offered me a full-time position as a helpdesk technician. I learned a lot in that role. I showed my boss I was interested in security and earned my CEH about 6 months later. That's when I started getting security-related projects. After about 1.5 years, I was promoted to network administrator (my role didn't change much but I was the one responsible for security at that point).

So that's the path I started off on. Like I said though, everyone takes a different way to get there, and you are the one that controls it.

BillV
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 220

Joined: Sat Feb 03, 2007 4:01 pm

Post Fri Jun 24, 2011 12:35 pm

Re: Security Career WITHOUT Becoming a Network Administrator?

hayabusa wrote:@jimjohnson23

In asking this, what would you define as an "ordinary" route?  Do you not feel that knowledge gained as a network admin (or even helpdesk) would not be of added value in security?

While you might get lucky enough to find somewhere that'll hire you or start you directly in security, you'll usually find that the folks, who are even remotely 'active' and well-versed in security, are those who have seen and worked in standard IT roles.  You get a feel for users, networking, problem remediation, etc, that just going straight from a security course or book, very likely, will NOT teach you.

I think the vast majority of us on here (maybe not all of us, but the majority,) who are regular posters and stay involved, will tell you we've all been down the admin road, previously.  It's experience that, while sometimes, during the process, you feel is wasting time, eventually, you'll come to  realize is invaluable to getting a TRUE understanding of the underlying concepts and things you'll come across, as you grow into security roles.

That's my opinion, for what it's worth.   ;)

Edit - fully in agreement with tturner, too, who was posting as I was typing.


I agree everyone has to pay there dues, plus these entry level jobs I promise will be the most beneficial thing ever because you will find someone there with alot of knowledge that you can prob over and over again to learn more and more.  I have never felt that anything I did was a waste of time, the way I see it is I have learnt something at every job I have ever done no matter how mundane it might be.
CCENT, A+, Network+, Security+
<<

jimjohnson23

Newbie
Newbie

Posts: 13

Joined: Thu Jun 23, 2011 7:51 am

Post Sat Jun 25, 2011 3:05 am

Re: Security Career WITHOUT Becoming a Network Administrator?

El33tsamurai wrote:I agree everyone has to pay there dues, plus these entry level jobs I promise will be the most beneficial thing ever because you will find someone there with alot of knowledge that you can prob over and over again to learn more and more.  I have never felt that anything I did was a waste of time, the way I see it is I have learnt something at every job I have ever done no matter how mundane it might be.


Thanks for the info guys. I"ll pay my dues. But I'm having second thoughts once again about the hell desk... I'm seriously thinking about paying my dues through the databases or web development route + self study with home test lab + networking at conferences. It'll probably take longer, but it'll give better financial security for both myself and the family I'll be starting with my fiance. I'd better start teaming up with profs to do some security research..

Return to Career Central

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software