In his first post with InfoSecJon.com, Medjay tells his story of his journey so far. He begins the story as a campus police officer, dreaming of a career in InfoSec. Medjay tried and failed to pass the CompTIA Sec+ but did not let that discourage him. He faced the 3 common struggles starting an InfoSec career.
There are many struggles starting an InfoSec career
I always had dreams of being a detective growing up. I wanted to be like Stabler & Benson (Law & Order: SVU) and help out my community. For some reason, I could never get past the polygraph stage of the hiring process. I was very candid and honest about my past, I did some things I probably shouldn’t have, but that never seemed to be the problem. I went to college and got a Bachelor’s degree in Criminal Justice. To say I was confused and lost at this point in my life is an understatement.
Always marry up
My wife had recently been hired at a government contracting company specializing in cybersecurity. She was in an admin role but ended up suggesting that I speak with the recruiter about being a recruiter. It was fairly easy to get into for me because government contractors love to hire veterans. After about 2 weeks of training I got placed at the same company my wife worked at. I worked crazy hours, from 11pm-7am and the training classes were about 6pm-9pm. After about 6 months, I realized that I did not like recruiting. In my opinion, it’s a job that is about 85% luck and 15% skill. Like many others in the recruiting industry, I suffered through terrible management.
Finding something positive
I ended up recruiting highly qualified cybersecurity professionals with various specialties. Some of those I interviewed were IDS Analysts, Vulnerability Assessors, Penetration Testers, ISSOs, were some of the roles I recruited for. I had to learn about these positions in a small degree to figure out what exactly managers and leads were looking for. Things such as degrees, certifications, tools began to spark my interest. I started asking people who worked around me in the field “How do I get into cybersecurity?” That question led me to Security +.
If I knew then what I know now
I’ve never really considered myself a scholar by any means, but I studied hard for this test. Clearly not hard enough though, because to date I have failed this test 3 times. It’s a terrible feeling too because some places will hire you with no experience if you have this cert (IAT Level II compliance is huge in the DC Area). This made me feel like a failure. I was back to square one because getting into cybersecurity felt like it was impossible. After my manager gave me a (unearned) poor rating, I ended up leaving that company for a Help Desk Analyst position in early 2018. I was incredibly lucky and felt good. I got there and began learning things very quickly. After about 2 weeks though, I found out the contract was suddenly ending and I would be jobless.
There I was, about to lose my job. I had just purchased a home, and my wife was pregnant. I really wanted to get another IT job, I loved it. I searched and applied and failed because nobody wanted to take a chance on me. I began job hunting for another IT position. I was very stubborn at the time. I had that little taste of what I wanted and I was not about to go back to recruiting. This went on for about a month of unemployment. After a month of unemployment, I ended up back in a recruiting job. I set a goal for myself to get back into IT by the end of my 6-month contract.
Networking is still important
I caught wind of another IT position from an acquaintance I knew from an InfoSec group chat. It was only a month contract but it was a Desktop Support position at a hospital. I decided to take it and I hit it off with management. Due to me working hard, they decided to make me a permanent employee with them. I still want to get a job as a Penetration Tester, but I have a long way to go.
You need to work in IT before you can work in InfoSec
It is important that I tell you the lesson that I learned throughout this process. In the world of InfoSec, it is really hard to just get started blind. I had no experience with anything technical, I was entirely self-studied. Looking back now it makes sense that I struggled with the Security + test. I decided to take a step back and learn the fundamentals. My current job placed me in an A+ boot camp to help me out. I’ve told a few people this and they laugh but I’m moving at my pace. I will get to where I need to be. At the time of this writing, I’m only 28.
Thank you for reading and thank you, Jon, for being supportive and allowing me to blabber all over your website. The only reason I’m doing this because no matter what stories or advice you hear on how to get into IT, there is no one way to achieve it. I hope my story inspires whoever reads it to never give up on your goals, no matter how hard it gets. Keep in mind that for me it was very difficult.
The three common struggles starting an InfoSec career people experience are:
- Self-study versus paid classes (Both are great options. Read this for help choosing the right Information Technology Degree)
- Aiming too high, too fast (He started with Sec+. Check out this post about recommended infosec certification goals)
- Finding employment (Contract work is risky but are more likely to hire you without experience)
If you can afford them, paid classes are the fastest way to learn a new career, especially a technical field like IT. Shooting for the stars is great for a long-term goal, but knowing what short-term goals to set is important as well. It is very difficult to find that perfect entry-level job in InfoSec. Most people get into it after working in other areas first. Medjay is well on his way to fulfilling his dreams now that he has found the right path to InfoSec.
If you liked this article, Subscribe!
Check out Dave Collins’ post about how he had to Fail to Succeed
Read InfoSecJon’s post about his Path to InfoSec