.

Going into security industry

<<

pharmerjoe

Newbie
Newbie

Posts: 14

Joined: Sun Jan 29, 2012 1:45 pm

Post Thu Feb 09, 2012 1:52 pm

Going into security industry

I'll give you the full low-down, I'm mid 20s, from the UK. I have already done a science degree (to Masters level) and I've been unsuccessful in getting a job due to the current market for that job role and that part of the country.
So i want to go back to a passion I've had for years, which is in IT security. However, I have minimal qualifications (from school) for IT, but I have natural and self taught talent which exceeds even that of some people in university. I have a cousin who has an Honours in Computer Networking, and he said I would have walked his degree. However, I have nothing on paper to back anything up. My only hope is to start doing loads of certificates, likes CEH, ECSA, SANS,etc. I am willing to do whatever ones it takes. However, realistically, will I be able to get a job in the security industry with that? And what kind of salary could I hope for when starting out, and how much could it escalate to?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Feb 09, 2012 2:35 pm

Re: Going into security industry

If you were asking if you could land an IT security job without a degree - absolutely!  Both don and I have done so.  Sometimes it may be more difficult, and will require you to be able to speak well (communicate,) earn some certs (and continue to grow and expand upon them,) and gain as much experience where and when you can.  Additionally, network with folks, get active in IT security communities, and start getting to know people in the industry.

It's not always easy, and there are days I wish I'd had a degree to help me out with the headhunters, but at the end of the day, I'm doing very well for myself, considering the lack of any degree.

Keep driving for what you want.  I can't speak for what you'll be able to earn (or not) in the UK, but I can tell you I'm doing just fine as the sole 'bread winner' in my home, with a wife and 4 kids, so it's definitely achievable.

Good luck, and let us know how you do, going forward!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Feb 09, 2012 3:11 pm

Re: Going into security industry

You may want to also consider going for a systems or networking position and not trying to go straight into security. You'll have an easier time getting an IT job with little experience than you will an infosec position. Also, make sure your certifications compliment your experience. It may be advantageous to start with something more general, like the CCNA, instead of loading up on professional-level infosec certs.
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Feb 09, 2012 3:19 pm

Re: Going into security industry

dynamik wrote:It may be advantageous to start with something more general, like the CCNA, instead of loading up on professional-level infosec certs.


++1 - and / or general Linux certs, etc (ie - ones that can be used outside of infosec, but will help you when you start moving more in that direction, such as LPI's certs, or even Linux+)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Thu Feb 09, 2012 4:13 pm

Re: Going into security industry

ie - ones that can be used outside of infosec, but will help you when you start moving more in that direction, such as LPI's certs, or even Linux+



Don't forget Redhat certs such as RHCSA or RHCE. While the RHCE is not an entry-level cert, the RHCSA is and I'd say the Redhat certs are the most widely accepted Linux certifications.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Feb 09, 2012 4:38 pm

Re: Going into security industry

I'd agree, but the reason I spoke of LPI is they're 'technically' vendor neutral, so you'll get at least a little spattering of other flavors, not just RH...

Again, it's not all about being vendor-specific, at this point, but about building skills and gaining useful knowledge.  So ANY of the Linux certs (vendor-specific or not) will get you going.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Fri Feb 10, 2012 9:31 am

Re: Going into security industry

Well you mentioned you had a science degree.  So you do have A degree.  Which always looks better than no degree at all.  A friend of mine had a Pych degree and was a high level engineer at the consulting firm we were at.  Now he runs his own firm. 

Best thing you can do is work towards some experience in IT in general and possible go for something like Security+ or CEH to back you knowledge up. 

Also, like Hayabusa mentioned, get involved with the community.  The more you network the better.

Good luck!
Certs: GCWN
(@)Dewser
<<

millwalll

Post Fri Feb 10, 2012 1:13 pm

Re: Going into security industry

I would say if you have money try go for the CREST/Tiger Team member exam if you can get that most companies will take you on as junior you be expecting to get  20-25k depending on the company.

If you need any more advice feel free to drop me a PM anytime I am in the UK and fell your pain as I have been where you are.
<<

pharmerjoe

Newbie
Newbie

Posts: 14

Joined: Sun Jan 29, 2012 1:45 pm

Post Fri Feb 10, 2012 1:27 pm

Re: Going into security industry

Jamie.R wrote:I would say if you have money try go for the CREST/Tiger Team member exam if you can get that most companies will take you on as junior you be expecting to get  20-25k depending on the company.

If you need any more advice feel free to drop me a PM anytime I am in the UK and fell your pain as I have been where you are.


Thats seems interesting, do you have a link for a course/exams for that?
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Feb 10, 2012 1:46 pm

Re: Going into security industry

pharmerjoe wrote:Thats seems interesting, do you have a link for a course/exams for that?


Seems like a good opportunity to work on those information gathering skills ;)
The day you stop learning is the day you start becoming obsolete.
<<

pharmerjoe

Newbie
Newbie

Posts: 14

Joined: Sun Jan 29, 2012 1:45 pm

Post Fri Feb 10, 2012 2:04 pm

Re: Going into security industry

I did search, but I'm getting loads of links from different providers, just want to know which particular one Jamie.R recommends.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Feb 10, 2012 2:41 pm

Re: Going into security industry

I believe this is the main site: http://www.crest-approved.org/
The day you stop learning is the day you start becoming obsolete.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Feb 12, 2012 3:55 pm

Re: Going into security industry

pharmerjoe wrote:I'll give you the full low-down, I'm mid 20s, from the UK. I have already done a science degree (to Masters level) and I've been unsuccessful in getting a job due to the current market for that job role and that part of the country.


It's nice to hear you've already done a science degree, but it's sad to hear you've been unsuccessful, have you had any IT-jobs at all? I'm wondering if you're aiming too high, but getting a junior position within pentesting shouldn't be impossible  :)


pharmerjoe wrote:So i want to go back to a passion I've had for years, which is in IT security. However, I have minimal qualifications (from school) for IT, but I have natural and self taught talent which exceeds even that of some people in university.


What are these self-taught talents? Do you have any blogs? Websites? Created any videos, tools, whitepapers, etc.? (My point is, without experience, and perhaps no certifications within infosec at all, having these other things may contribute to getting a job.)

pharmerjoe wrote:I have a cousin who has an Honours in Computer Networking, and he said I would have walked his degree. However, I have nothing on paper to back anything up. My only hope is to start doing loads of certificates, likes CEH, ECSA, SANS,etc.


About the loads of certificates, if you want to learn something useful, avoid CEH and ECSA. Some SANS training is okay, but I haven't heard anyone say it's "hard", as in you actually find it challenging, compared to other training providers. GIAC are by the way, the certification provider that is related to SANS.

So you should focus on other certifications, from e.g., Hacking Dojo, Offensive Security or eLearnSecurity for starters, as you'll gain a lot more practical knowledge that you can use. Offensive Security certifications, even has quite a lot of value in the UK. (OSCP in particular.)


[quote author=pharmerjoe link=topic=8531.msg46884#msg46884
I am willing to do whatever ones it takes. However, realistically, will I be able to get a job in the security industry with that? And what kind of salary could I hope for when starting out, and how much could it escalate to?
[/quote]

Whatever it takes, if you want to be one of the best, say goodbye to playing computer games (if you do that a lot) and other things that takes up a lot of your time. Then say hello to reading books about hacking (there's many good ones), papers, presentations (from e.g., Defcon.org and BlackHat.com), learning programming languages if you don't know any (like C or C++), or scripting languages like Python, or perhaps PHP if you're focusing on Web Application Security.

Instead of MSN, Skype, or whatever you use, say hello to IRC if you're not already there, where you might use hours discussing various infosec topics, for fun, or just random things in life.

That is some of what it takes, if you're going to be serious  ;D In some point of my life, when I was working with IT-support, I was also using my own server outside work to find 0days in web applications, in the small breaks I had between calls when there was nothing to do. (I really enjoyed looking for 0days at that time (still do), even in small apps that hardly anyone use.)

[quote author=pharmerjoe link=topic=8531.msg46884#msg46884
However, realistically, will I be able to get a job in the security industry with that? And what kind of salary could I hope for when starting out, and how much could it escalate to?
[/quote]

If you're good, and you can prove it during an interview (the technical part), then experience and education may not matter that much, if you pass the technical part without any problems. We're of course talking about junior positions which you should be focusing on.

The salary, there's a website for that. When you step up from junior, and onward to senior, the salary can climb really high. If you're going into information security, salary shouldn't be your primary, second or third concern, it should be to get a foot inside, and get paid enough to live okay  :) (It isn't a bad pay juniors get either.)

Living in the UK gives you a nice advantage over living in many other countries, as there's quite a lot of pentesting jobs there, compared to e.g., Denmark, where the role "junior penetration tester", doesn't exist. (In fact, penetration testing hardly exists as a single job, it's often melted into consulting instead, which requires many years of experience, certifications, education, etc.)


That's just my opinion and advise of course  :)
I'm an InterN0T'er
<<

pharmerjoe

Newbie
Newbie

Posts: 14

Joined: Sun Jan 29, 2012 1:45 pm

Post Thu Feb 16, 2012 6:01 am

Re: Going into security industry

Thanks a lot for the info, very helpful. Looks like I'll be hitting the books for a while  :D

Return to Career Central

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software