.

Career Advice

<<

jjwinter

User avatar

Jr. Member
Jr. Member

Posts: 80

Joined: Mon Mar 05, 2012 10:33 pm

Post Mon Jul 09, 2012 5:39 pm

Career Advice

I'm not currently a security professional, but I'd like to be. For the past ten years, I've run my own one-man computer networking \ repair business doing basic stuff. I really want to expand my skill set.

For the past 6 months, I've been playing around with Backtrack and Linux generally on test laptops, playing with the tools on a mini-network and my own wireless router. I learned SME server to the point where I installed one for a client. I read though all the free training stuff on the Backtrack site. I have a cousin who works for a major bank on their incident response team. Had a fascinating two hour chat with him, this is an area I'd like to explore more of.

From what I've read here, it seems the CISSP cert would be a good fit for me. I've ordered the Shon Harris book and signed up for free test questions.

How does my experience fit with the "ten years experience in two domains" requirement?

Also, do you see this as an advisable career move? I am 39, married, two kids . Would need to make good $$, live in an expensive area (MA)
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Jul 09, 2012 9:32 pm

Re: Career Advice

Is incident response where you want to be? There are lots of options.

CISSP is a managerial/HR cert. It's not going to help much at all with incident response, but it might get you an interview. Hard to say without knowing what you're really interested in.

The experience required is actually only 5 years in 2 of the domains
https://www.isc2.org/cissp-professional-experience.aspx
<<

jjwinter

User avatar

Jr. Member
Jr. Member

Posts: 80

Joined: Mon Mar 05, 2012 10:33 pm

Post Tue Jul 10, 2012 11:39 am

Re: Career Advice

I've noticed that CISSP is a requirement for many jobs in this and related fields. Seems like a "common denominator" and a good place to start.

Incident response and pen testing both interest me greatly. But I have a LOT to learn. I've read many of the OSCP exam posts, that sort of training sounds awesome, but I obviously need to get up to speed on my pre-requisite skills before attempting any of that. Plus I am self-funding, and I'd have to do PWB first, and need to know my investment will pay off quickly.

So, how did you incident response people get your start?
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Jul 10, 2012 9:01 pm

Re: Career Advice

I have about 12+ years experience in infrastructure both as a consultant and FTE.  Almost 2 years ago (wow time flies) I got my first opportunity to move into a Security admin spot in a small healthcare organization.  I basically used my knowledge I built up over the years and applied it to implementing some security controls.  I have experience building AD environments, server installs/migrations, client migrations, firewall installs/configs and implementing vmware architectures.  It was easy enough to flip the switch to security and basically concentrated on that aspect of what I already know. 

You don't necessarily need all that experience to start in IR, but it helps.  It really depends on your role.  In my current situation IR begins at the SOC where lower level analysts monitor network activity.  They watch everything from the IDS/IPS logs to the client AV reports.  They monitor for data out alerts as well.  When they see something they cut tickets.  If it is something major they mobilize the L2 IR teams and local site teams (Me) to coordinate the response.  Usually the SOC folks are not exactly "level 1" skill wise, many have had a couple years in some area or another.  It does make for a great entry level security position though.

Pen Testing, that takes a bit more work.  Add years of experience either in Web App development or Infrastructure to keen knowledge of how to break things.  You need to put yourself in the shoes of a malicious attacker.  Look at the systems and say, hmm how would I go about bypassing a security measure?  Can you simply use a technical means such as an SQLi vulnerability on an externally facing web app?  Or do I need to craft up a clever phishing email to gain access to an internal system?  The same thinking actually can be applied to the defensive side of things.  In fact I don't really do much pen testing but I do look at the systems and say "if I wanted to traverse this network, what would be the best way to do it and not get caught?" 

There are also the other items in InfoSec that really fall more under Infrastructure, but it is a good place to start focusing.  Your basic compliance checks, Anti-Virus, patching etc...  Backups will fall in this realm as well.  After all, you may need to bring a system back to life for more reasons than hardware died.  If it gets compromised, you will need to ensure you have some good backups to go back to and hopefully it will be prior to the infection.  Most of this is Security 101 I guess.  It really should be common sense that is baked into the checklists.  But you can traverse from there into more Defense/Offense Security focused areas.

Like cd1zz mentioned, CISSP is a managerial cert.  It may help you get in the door but it will not teach you some of the technical skills you will need to stay there.  OSCP is a great program but not for the faint of heart, it is certainly not a Sec 101 course.  If you have some funds take a look at GSEC cert and the SANS Security Essentials course.  That will give you a pretty good general overview of the different platforms as well as some techniques and skills needed to move on in InfoSec.  It covers a broad range of topics.  Everything from Wireless hacking to developing a DR plan.  If the cost is a bit out of your range (most have employers who will pay), then you can look at some of the much cheaper courses such as eLearn Security's offering.  In fact that will prep you more for the OSCP than other courses.  We have some reviews on the forums for OSCP, CEH, eCPPT and a number of other certs/courses. 

InfoSec is a big world, lots of places to go, build on your strengths and go from there.  On the way learn a bit about other areas, check out twitter and look for some of the popular InfoSec people.  You can follow any of us and just follow who we follow.  Oh and if you get a chance, try to attend a Bsides event, they are free conferences and more intimate than the bigger cons like Blackhat or Defcon.  Did I mention they are free?  Don also posts a number of updates for the event calendar, check them out and see if something comes your way.

Ok, that is it, sorry for the book. :D  Good luck!
Certs: GCWN
(@)Dewser
<<

jjwinter

User avatar

Jr. Member
Jr. Member

Posts: 80

Joined: Mon Mar 05, 2012 10:33 pm

Post Wed Jul 11, 2012 10:11 am

Re: Career Advice

Wow, thanks for all the info and advice. I have much to learn and lot to consider.

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software