Information security, security analyst questions

Randman · Nov 29, 2011

Is anyone in that field, or anyone able to give me some information with regards to breaking into that sector, no pun intended..

ZX9RCAM · Nov 29, 2011

Well, you know what they say, they could tell you, but......

Randman · Nov 29, 2011

Always a comodeian in the group.... :banghead:

majormadmax · Nov 29, 2011

Google 'CISSP' and you'll find everything you need...

Or just read this: Certified Information Systems Security Professional - Wikipedia, the free encyclopedia

Cheers! M2

Randman · Nov 29, 2011

I was thinking security+ cert, just to get into the arena... I don't have to make a ton of money right out of the gate... Entry level is fine with me..

matefrio · Nov 29, 2011

You'll need a good background as a system admin or developer and grow into getting responsibilities that do more and more things related to security such as getting on or creating a disaster preparedness team or helping develop security policies and procedures in your company. That path will help shoe horn you into the area from being anything from desktop support to system admin or DBA. Even if it's looking at audit logs.

Another way to get into the industry is become an auditor. Certified Information Systems Auditor - IT Certification - CISA | ISACA will take you that route.

CompTia is better than nothing but I'd drop it from the resume once you have a year's experience: CompTIA Certifications & Exams

The way I got in 15 years ago was volunteer to do stuff with security that no body else wanted to do such as write policy and procedures, check logs, I volunteered to form a "Security" group out of experts in the networking department, desktop support, NT and Unix admins etc, we met monthly and talked for an hour about what to do to get more secured.

In two years thanks to viruses like nimda, I love you etc. I had enough projects where I was put into a made security position, in another two we had three people in the department due to new SOX
regulations.

Clockwork · Nov 29, 2011

What is your background experience like?

Sometimes the way you word a resume for that industry can make all the difference...

Randman · Nov 29, 2011

I'm not an IT guy. I have been working with a company out of Frisco as a consultant doing configurations (Taleo). Nothing in depth, just basic configs. I was talking with a friend of mine that works the security side (different company) and he made it sound somewhat easy to get into. Not discounting what he said, just wanted to find out what others thought. I hear it's a growing industry so I thought I would look into it..

Clockwork · Nov 29, 2011

I wouldn't say it's so easy to get in to if you don't have experience or certifications...

Clockwork · Nov 29, 2011

Then again, I've known some serious dipshits that have gotten some nice jobs with contracting companies to work with the DoD on various projects.

matefrio · Nov 29, 2011

Helps a ton if you have .gov security clearance. Sometimes it's easier to put in a dip@#$ who has an existing clearance than go in and wait up to two years and $120,000 for a background check and put a qualified person in.

Mexican_Hippie · Nov 29, 2011

Good advice already.

Matefrio is right, either through audit or as a system admin. Like MM said CISSP is the main cert.

You may also want to read up on some of the common authoritative sources ISO27001/2, HITEC, NIST, etc. just to become familiar with what's in them at a high level. That way you can at least speak to them in an interview.

Or...ask to help with SOX; people will gladly let you

DISCLAIMER: I'm not a day-to-day security guy so take my advice for what you paid for it.

Randman · Nov 29, 2011

Clockwork said:
Then again, I've known some serious dipshits that have gotten some nice jobs with contracting companies to work with the DoD on various projects.

What'd you call me?!?! lol

Randman · Nov 29, 2011

matefrio said:
Helps a ton if you have .gov security clearance. Sometimes it's easier to put in a dip@#$ who has an existing clearance than go in and wait up to two years and $120,000 for a background check and put a qualified person in.

Not sure if it's the same, or even good anymore, but I had a secret clearance when I was in the Army.

Randman · Nov 29, 2011

Mexican_Hippie said:
Good advice already.

Matefrio is right, either through audit or as a system admin. Like MM said CISSP is the main cert.

You may also want to read up on some of the common authoritative sources ISO27001/2, HITEC, NIST, etc. just to become familiar with what's in them at a high level. That way you can at least speak to them in an interview.

Or...ask to help with SOX; people will gladly let you

DISCLAIMER: I'm not a day-to-day security guy so take my advice for what you paid for it.

checks in the mail...

Information security, security analyst questions

The #1 community for Gun Owners in Texas

Member Benefits:

Randman

Well-Known

ZX9RCAM

Over the Rainbow bridge...

Randman

Well-Known

majormadmax

Úlfhéðnar

Randman

Well-Known

matefrio

ΔΕΞΑΙ

Clockwork

TGT Addict

Randman

Well-Known

Clockwork

TGT Addict

Clockwork

TGT Addict

matefrio

ΔΕΞΑΙ

Mexican_Hippie

TGT Addict

Randman

Well-Known

Randman

Well-Known

Randman

Well-Known

Latest posts

Staff online

Members online

Forum statistics