IT Employment

General discussion


Situational Dilemma

By Mdog911 ·
I am interested greatly in the field of network security. While I possess a breadth of knowledge in the subject and familiarity with several products, I do not possess a IT Security position, nor will I ever given that my current employer is mainly focused in the area of software engineering. A big problem I am finding and fearing is the transition to a Security position. I suppose I could best describe my problem by making an analogy… If you were hiring a bodyguard, you would be extremely reluctant to hire someone with little or no fighting background/experience to protect you. Such is how I feel with security positions...I feel that companies will not want to hire me because of my lack of security experience in the workplace, despite my knowledge of it. Does anyone have any thoughts or suggestions?? Are my chances nil or do I have a legitimate shot at landing a security position??

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

CISSP or similar

by mlayton In reply to Situational Dilemma

I suggest getting a certification in security, which should increase an employers confidence. You would have a legitimate shot then since the need for security personnel is increasing. With the knowledge you have, passing the exams for certification should not be a problem.

Collapse -

A couple of suggestions

by maxwell edison In reply to Situational Dilemma

You could contact any number of "not for profit" organizations and express an interest in doing some volunteer work to help them with any computer network issues - emphasize your interest in focusing on security issues either before or after your offer, whichever might work under the circumstance. In the very least you could offer to do a "security evaluation" - free of charge, of course - and finalize the "evaluation" with a written report outlining your findings and recommendations. Whether or not you take it to the next step by implementing the suggested security measures would not really matter. It's OK if you don't, better if you do. In the very least you're getting some "experience" to list on a resume, as well as your copies of the reports to show as examples of your work.

You could also do the same thing with any business. You could present yourself as a security consultant offering to do a free security evaluation. Do the analysis, give them the report, and let the chips fall where they may. Offering to do something for free is always a good way of your foot in the door.

In either case (a not-for-profit or a private business) the best outcome could result in a job offer, and the worst outcome is experience to liston a resume for your future job search.

Good luck.

Collapse -

This is going to depend

by LordInfidel In reply to Situational Dilemma

On what your final goal is.

Do you want to be hired by a single company to manage *just* their firewall/security team?

Are you looking to be hired by a security firm?

With most small/mid-sized companies, security is done by the network administrators.

The larger companies will have teams devoted to network security. Usually you have to already be employed by their network staff to get on the security teams.

The small/mid-sized companies, is just part of the job.

The security firms however just don't take anyone. The best way to get in on that action is to find vulnerablities and have them posted and verified on BugTraq.

Once you get your name spread around on BugTraq as the author of various exploits. You will be more apt to be taken seriously by the "consultant" side of the security industry.

I would use your current position to begin security testing your companies own software. Audit your own systems. See what vuln's you can find. If they are not your own companies and belong to an another vendor. Write it up, send it to the vendor and work with them on it. Then post it on BugTraq.

It all goes back to first proving yourself as a security expert.

I would not say your chances are nil. As with anyone in the computer industry, If your skills are sharp you will be hired. If you can hack "very well" by exploiting the system without relying on 'script kiddie' tools. Then you have a good shot in the security industry.

All security pro's are just hackers who get paid to do "good".

Collapse -

Hanging out in the right places...

by admin In reply to This is going to depend

that's true. Great synopsis of the canvas for someone looking to paint.

One other possible idea.

To get started, they might be able to do some consultation for the small\medium sized businesses and if their skills are high, word can get aroundfast locally. Might not make a living right off, but with a good skillset on the way to a great one they might work their way towards the grail known as BugTraq, if they are so inclined.

I had a guy call me earlier today... a 2 person business and their computers keep doing "wierd" things and running by themselves at night was his description. Has reloaded multiple times and it only happens when he is on his broadband connection. They have a little web based merchandise business and got myname from the local business computing shop when they couldn't fix it. I can't help until late February at any price. (well.... ok... there is SOME price that would probably grab attention) but you know the gig. Many of us started this way, it's notthe easiest or cleanest or best money to get started and you're sure to get some real life lessons in how amazingly difficult people can be while you hone your customer service (including gettting the right customers to avoid you :> ) skills, but the little DR, Chiropracter, Daycare, Accountants, Graphic Designers, Independant Record Shops, etc. (a few weeks ago I fixed SAMBA file sharing for a hapless print shop while I was waiting for my printing for a little barter...), I could go on and on..... these small guys are toast most often as security becomes more important. They often need a local "geek" that can afford to charge 25$ or so an hour.

It's not an easy gig, as I know you well know, but it gets the word around locally, and when there actually are jobs around it can help immensily to have a good friend of a friend say:" I know this guy who does..... "

It's just an idea. :)

Collapse -

security appointment

by technoleach In reply to This is going to depend

read up, download,and learn as you go, works for me.good luck anyway.


Related Discussions

Related Forums