Wanting a career in IT security

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,

I'm new to IT, have just left the military after five years service never wanted to make a career out of it just wanted to join and see what it was all about.

Now I'm out i'm wanting to get into IT security but would like to know which is the best way and the best qualifications to gain to make this happen. I know this is very vague but I am open to all options at the moment.

I have no previous IT qualifications but I am studying the A+ at the moment ands will take it from their. I have looked into the Network+ and Security+ but wanted to know if there was a better way from people already in the industry.

I'll more than likely go with a learning provider as I have ELCAS funding available.

Cheers

JP

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

You're not going to want to hear this but.. well you need to get some basic IT knowledge prior to working it IT Security (waiting for Rob1234 to turn up here to also offer some advice here).

Of course you can get into IT Security without any prior experience but you will be limited to what kind of security roles you can get because ideally you need to have a decent understanding of various aspects of IT gained from previous experience in the IT industry.

If I were you I would get that prior experience first and look to move into security in a couple of years.

 

I've been in security for a while, and as above get some general IT experience under your belt whilst also looking at security related stuff.

The general IT work will get you familiar with IT in general, which you very much need when working in security.

Security+ is a good introduction to some of the areas and concepts and will give you an insight into the area and may help you decide if it's what you like.

Out of interest what sort of IT security work is it you are interested in pursuing? The field itself can be rather broad.

 

Hi,

I started out pretty similar to how you did and have been working in IT security for about 8months now. It wasn't easy to get there, and I had to do alot of crappy jobs to build my experience before being able to work with firewalls etc...

You look to being going the right way about it, A+ was the first qualification I studied but this wont get you into IT security or even networking more than likely it will land you in a desktop support role or similar.

Once you have some experience in the field I would advise moving into learning IP networks. ESPECIALLY cisco, do roughly a year in networking and take your CCNA this will give you some experience in networking and something to show for it.

You will mainly be working with routers and switches for a while, and at some point you will work with the corporate firewall. Once you are comfortable look at specialising with the higher end security products such as Checkpoint and Juniper. Start studying a cert hopefully your company will use either Juniper or Checkpoint as their firewall, and once you get certified you will more than likely find you are now the firewall man...

Slowly but surely over time you will do site to site VPN setup's, policy changes, IPS tweaking etc... and with the experience you will be able to get a job as a network security engineer.

If you are looking at working solely in network security, you will probably be working for high end corporations with multiple firewalls and large networks.

This is why its good to start of with the foundations of networking and work in a network job first before moving into security.

Hope this helps.

 

Really depends what area of IT security you what to go in to network, physical, compliance etc. If you tell us that will be able to provide better guidance but have to agree with what others have said aim for some 1st level work then progress from there.
For example how can one possibly understand group policy if they've never implemented it? How could you know that group policies only apply to computers that are a member of the domain, OU, or site that group policy was applied to if you haven't done it? Not to mention you have to remember to give groups read and apply group policy permissions to the group policy object if it is to have any effect at all. If one doesn't understand these basics, then how could they possibly even start to secure a Windows based network?
Obviously there is lots of security areas and the above is just an example and some security jobs do not require that sort of knowledge also were are you based as many companies don not require full time security people unless there quite large or smaller companies expect the security guy to wear many hats which will require even more experience and knowledge.

 

Depends if the guy wants to go into network security specifically or not, he's not said.

For instance I've been in security for a number of years and have had a few different roles and I've never had a security role where I've been working with routers and switches or had access to the corporate firewall ;)

Now it's likely that this is what he means as most people seem to think IT Security = Networks, which is so not the case.

It's a broad area which people really do need to look into what specifically they are interested in (which is when people usually realise that security on the whole is not exciting and glamorous as they thought it might be ).

 

That said above... It looks very likely hes considering a career in network security, by looking into qualifications like Network + and Security +. One to understand networking concepts and the other to understand the security on the network?

Maybe you can clarify?

 

A+, Network+ and security+ are good solid certs to get for most fields in IT not specifically networking.

 

Sec+ barely touches on networking in that sense, it's more about the fundamentals and concepts of security with a few specifics thrown in, at least it was when I did it way back when

It's something I'd recommend everyone in an IT dept takes not just security guys, I know that Morrissons used to send all their IT staff on the course whether they were security based or not.

I'd imagine he's looking at A+ and N+ too as they tend to be the 'beginner' certs people look at when trying to get into IT.

Saying that I'd still think that network security is what a lot of people mean when they say they want to work in security so wouldn't be surprised if that's what the chap is after

 

hi sorry, my bad I thought I mentioned it in the post yes network security would be my starting point but my end goal is to specialise in security against BOYD for a large corporation so would this mean going down the internet security route, or like people have mentioned would it be more beneficial to go for cisco.

 

Well depending on how deep into the network security side of things you are wanting to get into, for the BYOD side of things general IT experience is going to be beneficial as you're going to need to know how everything 'fits' together.

As for that role in a large corporation, I've found that security specific people are generally involved in the architecture of such a solution, and you will also have some form of compliance checking activities going on, but day to day operational security work isn't something I've necessarily seen a specific role for with regards to BYOD.

It's usually covered by BAU support of the system, not specific to security as such with company security/compliance officers/analysts maybe being involved with the team when needed, but not usually their sole interest.

That's just been my experience in a couple of large businesses so that's not to say those roles aren't there, best thing you can do is try to find any job adverts for roles you want and check out the sort of experience and knowledge requirements they have.

So I'd say get your N+ and Sec+ for starters (I'm not really sure how relevant A+ is nowadays) then look to get into a role where you can start building up your enterprise IT skills and knowledge.

Maybe look at security analyst/operations roles as an indicator as to what sort of skills people may be looking for as I'm guessing you're wanting to be more of a techy with it.

If you've got any specific questions you want to fire over feel free to PM me, have worked in some large companies doing various security roles over the years.

 

While you are learning all this, make sure you do it with an employer who will take over your Army security clearance. You have a year from when you left, or it will be gone till you fill in the forms again and find an employer willing to wait 3 months to take you on. If you want to specialise in security this will be a bonus and make you much more employable and at an enhanced pay rate.

 

Security career is not entry level, it's a specialty you choose after you a while. You need to understand inside out how things work if you want to secure them. That means you need to be an expert working with a technology before you can start securing it. Natural way would be to get your feet wet with a help desk job, work that for a year or two, then move up the ladder slowly progressing to a point where you will be confident enough about switching to security field.

 

There are entry level jobs in Security. These involve auditing patches, logins, security permissions, password changes and, if you work in a financial company with a strong USA base, Sarbanes–Oxley.
As you progress, you could become involved in checking MS patches do not affect your network, or apps and ensuring that they are delivered in a timely manner.

 

As above, yeah you're not going to jump into a network security role from the off necessarily (does happen, but not that often really) but there's plenty of other security roles around the non technical side of things people can start off in such as compliance related stuff.