Return to Level1Techs.com

Cyber/Information Security Job/Career

#1

Hello Community!

WolfTech back again with another question for all you awesome people. Previously I had submitted another post about changing my IT career field to one either in data science or possibly even coding/programming. From that point, I’ve now decided (thanks to the lovely wifey for coming up with the idea) that my dream job/career is going to be in Cyber/Information security, particularly programming/development. I’ve found that despite my previous thoughts, I just can’t get away from the security field, it intrigues me so much and I love every aspect about it. I’m not sure if such a job exists (the programming aspect with security as the main focus), but I definitely am feeling that draw and excitement for IT again with this focus. I’m writing this post though first to say thanks to all who helped me in that previous post (you know how you are), and second to see if we have anyone that can give any sort of advice to someone who’s interested in this field. A little about me, I’ve been working in IT for 10+ years, but never had a focus except for being helpdesk and at one point the main coordinator for a charter school. My plan is to start getting certified in the correct areas, which I know there’s Security+, CISSP, CSSLP, and but if someone has taken these exams if they recommend anything else before then or great methodologies for remembering the necessary information? The next step will be to take some classes at TCC (Tidewater Community College) as they have a security program they offer online. (I’ll be living in Virginia in June, so that’s why I’m looking at that college specifically). If we have anyone in the forum that already works in the infosec or cybersecurity fields that would be helpful as well to hear your pros/cons, etc. about your job and career.

Thanks all for taking the time to read through the post, and can’t wait to hear any feedback you can all provide! Oh also, probably worth nothing that I love all things Linux, and have been thinking about conquering Linux+ next before one of the security certifications to see if that will help me as well. Enjoy your day/nights all!

0 Likes

#2

What are the prospects like for security oriented positions in your location? Are you willing to move?

In what way? Auditing code? Architecting systems (won’t necessarily include programming)? From my experience (in two companies) programmers are programmers for the most part, and will implement security as required for a system architecture they are given. That will depend on the company I suppose. But we don’t really have a security programmer although we have programmers who have extensive knowledge of security.

What currently available jobs (even if you are not currently applying for them) interest you?

These generally require a number of years of relevant experience before getting the full certification. You can get the certification as an “associate” and will have 6 years to get 5 years of experience (for CISSP) for example. But the best method for CISSP for example is to know the stuff, and you can know the stuff by immersing yourself in it via education (formal or informal via self learning), or work etc. The exam its self isn’t hard if you have a reasonable understanding of the various areas required. There are some specifics, you can get a book, or flash card, the usual learning. Most of it is general infosec knowledge.

Security is a growing area, so while companies may be cutting back in other areas the security field is generally growing, so there is usually plenty of opportunity if you are willing and able to take it. Theres also plenty of money depending on where you want to go.

cyber security as a general field though is pretty wide, so its worth narrowing down what type of job really interests you so you can move down that path.

(along with security+), this seems more popular in the US? Personally I don’t know anyone in my work who has it (in the UK here) but we hire a lot of graduates so that may be why. The key thing is being able to back up your certificates if you choose to get any. A certificate may help get you in the door but you won’t get any further if you don’t know the actual stuff so its worth in my opinion having the knowledge down well before considering certifications. As someone who has the theory down and can explain why they think something is a far better hire than someone who can pass tests but doesn’t have the theory or ability to show their working essentially.

Even if you don’t go down the info sec route, and go down a different area, the basics are all the same, and a big one (imo) is understanding risks, threats, and vulnerability among other things (CIA, etc.) no matter what you do, these will always lay a foundation for why you are doing a specific security ‘thing’.

2 Likes

#3

It’s popular, but they seem to be a bit outdated.

I don’t see the security field ever shrinking. It’s like, no matter what technology provides, there will always be someone looking to exploit it. That means that there will always be someone looking to protect against that, and that’s where your cash cow is.

2 Likes

#4

@Eden

So, I’ll be honest, we’re moving in June to Virginia because of my family, so I’d like to stay in that general area.

That’s kind of exactly what I was looking for, but I guess if that doesn’t exist, then becoming a security analyst or architect would also be right up my alley.

Hands down, some of the jobs that interest me are:

Cryptographer (I’m sure that’s such a niche job though), Security Manager, Security Analyst, Security Code Auditor, Penetration Tester

Unfortunately I’m still just barely getting my foot in the door, so I don’t even know EXACTLY what interests me yet… :confused:

Okay in that case I’ll hold off on those, it doesn’t seem like they’ll do a whole lot of good for me right now, and since I’m just starting out it sounds like they should be a little bit lower down on the totem pole for right now.

I’m 100% going to have to figure that out, do you have any advice for this, because the money doesn’t mean a whole lot to me, I’d like to be able to make 50-60k/annually at some point in time, but starting out I only expect to make between 35-40k/annual.

I’m surprised to read that, but it definitely makes me wish I lived in the UK even more now, someday…

This is actually what I’ve been able to do and get some of my jobs because I can demonstrate my knowledge, but in the US, most employers only care about what piece of paper you have more than your knowledge most of the time.

Eden, thank you soooo much! You’ve been a great help, and I appreciate you taking all the time you did to write your responses, they’ve given me some food for thought for sure!

@sgtawesomesauce

Would you care to elaborate what you mean by that? I recently had to get my ITF+ certification for work, are you meaning certifications in general or more just the two that I mentioned?

This is the biggest reason why I love it so much, there’s just so much about the security field that is ever-changing and with new technologies seemingly always around the corner, the threats will also never end.

Thanks to you too for answering, it’s helped me view things from a new perspective!

1 Like

#5

When I went through some prep material, they were covering windows 95 and telnet. I never took the actual cert test though, and it could have changed, I looked at this stuff in 2016.

I’ll be honest, I’m basically in the same boat as you. I love infosec, and am starting to want to transition from devops to it.

If you like the red team stuff, I have a stack of resources for you, I’ll post em when I get back from the gym and have had time to eat. (gotta feed the gainz)

1 Like

#6

Well holy… I guess I’ll look back over the preparation material then, perhaps it’s changed since 2016, but we shall see.

That’s super encouraging to hear, and yes absolutely post the resources that’d be awesome! Do we have an infosec/cybersecurity thread on the forum by chance?

I can’t blame you there, super important to do, enjoy!

1 Like

#7

Please let me know if it’s changed. I would love to give it my blessing.

I’ll post em.

We don’t have a thread, but I thought about creating one for a while. I’ll write something up shortly.

1 Like

#8

It’s looking like an updated exam was released last year possibly, and after checking on CompTIA’s website the last exam update was put out in 2017. I’ll look at the Cybrary course to see what they say needs to be covered and see if anything looks outdated from their “lessons”.

I’m absolutely ready for that, I’ll contribute to it however I can, but any sort of infosec threads we can have I’m onboard with!

0 Likes