IT security jobs

[ryanbauman23]

Wondering if we have any IT security professionals in here. If so, have some questions for you. I am thinking of a career change.

Thanks

 

[fngTony]

Same here. It’s been on hold for several reasons though. Curious as to what you find intriguing about it and are you currently working a related field?

 

[jimh406]

You might try reaching out to your connections on LinkedIn, and if you don’t have any, grow your connections.

Most people would say now is a great time to change jobs/careers. The window is closing however.

 

[magikman]

Joined the forums this morning, howdy.

Been in the security field for ~17 years. Happy to answer any questions you might have.

 

[eddielasvegas]

Joined the forums this morning, howdy.

As the self-appointed chairman of the welcoming committee, it is my privilege to extend a laurel, and hearty handshake (virtual, of course) to our new member.


Eddie

 

[thegrouse]

There are a few on here I have seen post. I started studying a few months ago, considering a 2nd career.

 

[wesfromky]

Feel free to hit me up - security architect. People that have some drive and curiosity can do well in security, esp if they have some kind of IT background.

One thing to consider is the "security" is a really big space, everything from super high end technical offensive stuff to compliance /audit to awareness training to all kinds of defensive stuff.

 

[cuerro viejo]

If you are looking for direction on which segment of IT security, I suggest Cloud, with either or both AWS and Azure focus. Network, endpoint, cyber, intrusion etc all are moving to off prem.

Intrusion and endpoint are more product specific and you can get siloed pretty easy, thus why I mentioned a cloud focus will help elevate some of that stagnation.

Network side of security is probably where I personally would specialize but your end up needing a CCIE or like certification to be at the top echelon in pay….

 

[magikman]

If you are looking for direction on which segment of IT security, I suggest Cloud, with either or both AWS and Azure focus. Network, endpoint, cyber, intrusion etc all are moving to off prem.

Intrusion and endpoint are more product specific and you can get siloed pretty easy, thus why I mentioned a cloud focus will help elevate some of that stagnation.

Network side of security is probably where I personally would specialize but your end up needing a CCIE or like certification to be at the top echelon in pay….

Cloud-based services is where everything is going. However, I would suggest that not all "cloud" services are moving off-prem. It sounds like your definition of a cloud-based service is specifically a third-party cloud, but there's nuance. Kubernetes and other like-systems are also cloud-based and are specifically created to implement on-prem clouds. You can think of a "cloud" service as IaaS or PasS. Basically a platform or infrastructure that's controlled via an API rather than some dude pushing buttons.

Providing a direction of cloud skips over a mountain of nuance. Cloud-based services, specifically third-party cloud, is comprised of an enormous amount of technical disciplines. There's networking, identity and access management, databases, message queues, functions as a service, and a shit-load of other diverse types of services. The devil is in the details. If I wanted to provide general guidance on getting into "cloud" I would suggest learning about infrastructure as code.

You do not need a CCIE to be effective in the tech world in network security. I work for a very large, very well known tech company and I can count on one hand the number of folks on the network side with CCIEs. What you *do* need is passion and drive and the ability to rock an interview.

 

[fngTony]

You do not need a CCIE to be effective in the tech world in network security. I work for a very large, very well known tech company and I can count on one hand the number of folks on the network side with CCIEs. What you *do* need is passion and drive and the ability to rock an interview.

How would you recommend getting noticed enough to get an interview? Perhaps there are job boards other than indeed or LinkedIn?

 

[magikman]

How would you recommend getting noticed enough to get an interview? Perhaps there are job boards other than indeed or LinkedIn?

I started small and worked my way up. Pick a smaller company that isn't going to be as picky about who they hire and ******* grind. Learn anything and everything you can. If it is something you can put on your resume, do it. Work at the smaller company until you can climb the ladder a bit. Rinse, repeat.

 

[fngTony]

I started small and worked my way up. Pick a smaller company that isn't going to be as picky about who they hire and ******* grind. Learn anything and everything you can. If it is something you can put on your resume, do it. Work at the smaller company until you can climb the ladder a bit. Rinse, repeat.

What kind of transferable skills would you say help (having no prior experience or education)

 

[magikman]

What kind of transferable skills would you say help (having no prior experience or education)

Learning about any technical discipline is transferable.

Networking: routing protocols (BGP, OSPF, ISIS), ACLs, subnetting, DHCP, spanning tree, etc.

Programming: pick a language and learn it, use it.

Cloud: learn IaC, use IaC to create infrastructure/systems in GCP, AWS or Azure. Maybe learn Kubernetes

The list goes on, you get the idea.

 

[wesfromky]

I will add that there are a number of security roles that are not super technical. Things like CTI (Cyber Threat Intel) and GRC (Governance, Risk, and Compliance). There are also IR (incident response) roles that are more about managing policy and process then deep technical stuff.

Also, while knowing networking in general is good, you absolutely do not need to be anywhere near CCIE, or even CCNP levels. A lot of the action these days in more on the endpoints, so knowing windows/linux/macos is key. Google-Fu might be the most important skill, along with having a solid Twitter feed.

WGU has a degree program that you gain certs as part of the process. Totally remote, and self paced, so you can knock out a degree fairly quickly if you are motivated enough.

The sorta gold standard for security training/certs is SANS, but they are pricey. CompTia Security+ is a good starting point to see what you know / need to learn. ISC(2) is also popular.

There are a number of infosec conferences (cons) out there, some offer resume review, and all have great networking opportunities.

 

[SpringM1A]

Tag

 

[cuerro viejo]

I’m director of consulting services /implementation. I essentially build out speciality teams across multiple clients in multiple countries.

IT is like a tree. Start with a base and follow your niche. It will take several turns/braches, as technology advances.

My advice is always take a dual facet approach. The reason I mention CCIE is it’s a top echelons certification that won’t leave you in the weeds like some of the smaller product certifications. You will be an expert in Route/switch first, network security second. Now it’s a top echelon cert and has a large build up, it’s a long hard road to get it, its not easy but financially it provides lots of job security.

I have 21 #’d CCIE’s working for me across a few clients, the only ones I have making more are a few of my IAM/IDM guys/gals, but they are very very product specific, and tend to go in do implement/build out then move to next client, they also spend more time on the bench then my CCIE’s . Regardless both niches are well over 200k a year.

You are more then welcome to PM me. I just built out a 30 person L1/L2 SOC, that focuses on SEIM/cyber. Many of those folks came from CyberNow labs. They are school focused on cyber security. I’ve received good entry level talent from them, but have no association, nor know the costs.