The (not so) secret path into an information security job (part one)

How to break into information security is not a secret

I see the same scenario all the time.  Colleges advertise their information security program fiercely.  They tell you that upon graduation, :poof: you’re an InfoSec pro!  Yeah…no, it doesn’t work like that.  I’m a gamer, grew up playing them, I love them, especially RPG’s.  I grew up playing a game called Shining Force, a series with a few games in it.  In it when your character hit level 20, you could promote them to an elite class with bonus abilities.  I like to say that information technology is the base class and you can specialize into several elite classes.  One of those classes is information security, there is also system engineering, project management, etc.  In order to get into security, you need to have some knowledge of a category of IT.

What I am NOT saying

People get into security from all walks of life.  There is a really good series on Secjuice from people who were in all sorts of industries prior to working in information security, and they successfully made the transition.  I am saying that you have to have knowledge about computers before making the jump.  I have read about people who are so smart they do get their degrees and jump into security analyst or administrator roles.  That is not the norm though, so as much as I admire those people, not everyone can do it.  More people struggle to land their first security role than successfully find it after college.

So what AM I saying?

For most of us, we have a passion about computers and we want to be in a technology career that is fun, supports a good living, and will be useful until we retire.  I started out in electrical engineering but always had a knack for working on computers.  All you need to start with is the drive to keep learning and reach for what you want.  You don’t need to go university for a 2 or 4 year program, but it can provide a huge boost to your knowledge, skills, and confidence in performing tasks.  It isn’t for everyone, and it can cost money depending on where you go.

So what do you actually need to know?

I had never been exposed to virtual technology, windows server, or networking devices prior to college.  I never even heard of Unix/Linux either before taking my first class in it.  These are all areas that you need some familiarity with to convince a hiring manager to pick you up.  I got Sec+ and A+ after taking the appropriate classes in school, and I thought I was ready to go.  They had told me from the beginning security was where it was at and they’d help me get there, but they didn’t.  After I realized I wouldn’t get a job straight away in security, I developed a plan to get there.

Here is what I did, a sure fire way to break through

The career counselor at my school set me up with a contract company for a job working on a help desk.  This help desk took people who had zero IT knowledge or experience, and trained us in enterprise active directory, how to troubleshoot exchange, their ticketing scheme and how to find answers in their knowledge management system.  It lasted 4 weeks, with the 5th week taking live calls.  I spent 6 months there before asking for a promotion and my boss knew I was interested in security.  I got promoted to working on the mitigation team which sounded pretty cool.  It ended up just re-installing patches that failed to install automatically, over and over again.  Pretty boring.

Bad luck, good luck

After fixing patches for a few months half the team got laid off because, ironically, we were so good at our job that the vulnerability report had diminished greatly.  I thought wow, I have some security experience now I’ll go get that job in security, but I was wrong.  Several applications later, and with time dwindling, I actually got an interview.  Long story short, the manager liked me but laughed at my knowledge and experience.  He set me up with another opening they had to be a system administrator and told me that I needed to start learning there first.

If you enjoyed this article, please subscribe to be notified about the latest posts and comment below.  Thanks for reading!

Continue to part 2

Return to career page

Back to Home

One Response

  1. Jyoti Kiran August 19, 2018

Leave a Reply