I am getting ready to graduate this spring and am looking for some career advice. I will be graduating with two bachelors, Computer Science and Information assurance. I currently work two jobs, one as an intern in the Information Assurance group at a larger company, and the other as a security guard for a smaller IT company. I have obtained my Security+ certification and am looking to add a few more certifications before graduation.
I would like to find a job that would let me interact with multiple areas of the IT security profession and not limit myself to one particular technology, i.e. firewall engineer. I enjoy completing forensic and penetration challenges that I find online, but from my research there are not many entry level positions out there for either of those fields. From my job hunt so far, the job title of “Security Engineer” seems to be as close as I can get to my desired profession. Does anyone have any opinions on similar jobs I should search for or know of opportunities to lead me into a career in either forensics or penetration testing? As a side note, there is the possibility of a job offer from the company I currently have an internship with, but the team is geared more toward security product support. It might be a decent opportunity for me to acquire some experience in the field, but I feel like I would be limiting my career growth if all I did was focus on product support. I want a job where I am challenged and have the chance to learn more about the security field, not spend my days figuring out why product xyz isn’t working.
The next question is the dreaded certification question! I understand that certifications don’t replace experience, but it would seem that it makes getting your foot in the door that much easier (especially a bonus with my limited experience). One of my teachers conducts a CISSP training course every spring and lets students sit in for free. He claims that every student with an IA degree that has taken his course has passed, but I don’t know how much backbone the certification has without the required experience? The other issue I have run into with certifications are finding ones that will give me the most return on investment. Is getting a C|EH or GPEN certification worth it if the likelihood of me finding a penetration testing job right of college is low? I understand the benefits of displaying work ethic and ability to conduct self-study, but is investing $1000+ worth it at the beginning of your career?
Any input would be appreciated on my questions or just suggestions for a young security professional starting out in their career.