Starting a career in IT security

L

Le_Soul

New Member
Joined
Oct 3, 2016
Messages
3
Reaction score
0
Location
JHB
Hi guys,

Had a quick look in the forum for a similar post but couldn't see one. If there is indeed one, can someone please post a link.

I have been working in IT Support for about 4 years now and I am very interested in starting a career in IT security. I am busy studying for CompTIA Security+, teaching myself Python and Linux, doing daily research on IT security issues and busy playing around with Kali Linux to familiarize myself with pen testing and Linux. After that I have a few other certifications that I plan to finish, and my eventual goal is to get CISSP, but for that I require 5 years working experience in IT Security.

My current employer is not too keen on creating a role for me and granting me the opportunity to get experience. They feel its the IT managers responsibility, and the IT manager has no interest really in security.

I keep an eye on IT Security job postings and the requirements are rather demanding. It's a case again of you need experience, but can't get because of the lack of it. And not to mention the required qualifications (CISSP for example)

So my question is, how would I penetrate the market with no experience? Is there companies that will take someone like me on and give me an opportunity to grow and give me time to learn the ropes? So far I only see senior job posts so am getting a bit concerned. If anyone has had a similar issue and made it, please provide some tips and\or advise.

Thanks guys.
 
I suppose play around in your own time and don't get arrested would be the key:-P

Would Firewall work or securing current infrastructure in day to day IT not count experience wise towards this? Or partially?
 
francoislr said:
I suppose play around in your own time and don't get arrested would be the key:-P

Would Firewall work or securing current infrastructure in day to day IT not count experience wise towards this? Or partially?
Click to expand...

Well currently I am playing around in a test environment at home, so should be fine, for now :P

Our firewall is currently outsourced, and IT manager not allowing me to make any changes to current infrastructure, most likely for lack of knowledge on his end.
 
You can run simulations on GNS to get familiar with Firewall syntax etc.

I'm in the same boat, just have the advantage that I have access to firewalls.

My plan is to start writing governance documents for the company, whether they use it or not, atleast I'll be gaining some experience in that sense.
 
The security field can be hard to get into, because it requires a lot of knowledge that can take a long time to obtain. As a DBA you only need to know DBMS's well, as a network admin, you only need a good understanding of networking, but if you want to be good at security and especially pentesting, you need to have knowledge in all those fields and that takes time.

I'll tell you how I got into security, if that helps, it's been years of hard work. For me it started when I was still at school, my older brother introduced me to *nix, at first I would just read various articles online and really got to know linux inside out. After school I got my first job in a call center and starting working myself up, till I got a network admin job. Because I was experienced in Linux and especially ipchains(back in the day) and iptables, I managed to move into a security role managing firewalls and other defensive security stuff like IDS/IPS, proxies etc. After a few years of doing that, I got the job I have now at Offensive Security. I also did "pentesting" during that time purely as a hobby.

It sounds like you are aiming more towards pentesting and there some companies that will give a new guy a chance, but with all the serious pentesting teams it comes down to your skills, not your certs (but they certainly help). You will usually be expected to pass some sort of skills based test like compromising a test system they setup for you, but the pentest teams in SA are basically always looking for talented people so you can just go to their website and submit your CV.

It all comes down to hard work, serious infosec is more a lifestyle than a job and you need to spend insane amounts of time reading, learning and staying up to date on new techniques etc.

I see you already downloaded Kali, so if you need some vulnerable machines that you can practice and learn with, you can visit www.vulnhub.com.

In terms of certs, you might want to start with security+ just to give you the basic knowledge to get you started and then you can move on to something like OSCP. Obviously, I'm biased when it comes to that but you can ask anyone who has done the course and they will all tell you it was worth. There are several people on the forum that has completed it that might back me up here LOL
 
Last edited:
Zipkoppie said:
The security field can be hard to get into, because it requires a lot of knowledge that can take a long time to obtain. As a DBA you only need to know DBMS's well, as a network admin, you only need a good understanding of networking, but if you want to be good at security and especially pentesting, you need to have knowledge in all those fields and that takes time.

I'll tell you how I got into security, if that helps, it's been years of hard work. For me it started when I was still at school, my older brother introduced me to *nix, at first I would just read various articles online and really got to know linux inside out. After school I got my first job in a call center and starting working myself up, till I got a network admin job. Because I was experienced in Linux and especially ipchains(back in the day) and iptables, I managed to move into a security role managing firewalls and other defensive security stuff like IDS/IPS, proxies etc. After a few years of doing that, I got the job I have now at Offensive Security. I also did "pentesting" during that time purely as a hobby.

It sounds like you are aiming more towards pentesting and there some companies that will give a new guy a chance, but with all the serious pentesting teams it comes down to your skills, not your certs (but they certainly help). You will usually be expected to pass some sort of skills based test like compromising a test system they setup for you, but the pentest teams in SA are basically always looking for talented people so you can just go to their website and submit your CV.

It all comes down to hard work, serious infosec is more a lifestyle than a job and you need to spend insane amounts of time reading, learning and staying up to date on new techniques etc.

I see you already downloaded Kali, so if you need some vulnerable machines that you can practice and learn with, you can visit www.vulnhub.com.

In terms of certs, you might want to start with security+ just to give you the basic knowledge to get you started and then you can move on to something like OSCP. Obviously, I'm biased when it comes to that but you can ask anyone who has done the course and they will all tell you it was worth. There are several people on the forum that has completed it that might back me up here LOL
Click to expand...

Hi Zipkoppie,

Awesome thanks so much for the info, really helpful! I will definitely finish Security+ to get the basics under the belt and continue to familiarize myself with pentesting on my own time. I will also def have a look at OSCP in the near future.

I read somewhere that it is a lifestyle and not a day job, but I am prepared to do the hard miles.

Thanks again for your insight.
 
Hi Le_Soul

SensePost runs an "academy" program, where we (disclaimer, I work for SP) take promising individuals and put them through an accelerated learning program, with a view to employment at SensePost. We pay a (nominal) salary while you learn, which is better than not earning a salary, as well as paying for training courses, in my opinion!

There is also this thread with some suggestions.

Shout if you want to talk further about it.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X