Re: Experts!: security-related career questions (long)

[Mitchell Rowton <mitchell () attackprevention com>]

J. Yoon wrote:

> General Questions:
>
> 1) Do I have to start all over again from entry-level position
> even if I have 5 or more years experience as systems engineer/software 
> engineer?

I started out as a Cisco person, then started tinkering with ACL's, then 
started tinkering with PIX's.  If you can market yourself as a "Security 
Focused System Engineer" then it may be a smoother transition.

> 2) Growth Potential: how long did it take you to move up the corporate 
> ladder
> and finally make it to some type of management in the security field?

Especially with specific technologies (PIX, CheckPoint, SNORT, Real 
Secure) you don't have to have a lot of experience, because most of 
these products are relatively new.  Many larger organizations need to 
hire people to work with specific technologies (Firewall admin in a 
primarily Checkpoint or PIX shop)  A couple of years of only security is 
above average in this field.

Management isn't different than most other fields, depends entirely on 
the organization.  But lots of general security and management 
experience is usually a must.

> 3) Job market: how's the job market for people with CCSA and other 
> type of certifications
> who have no prior security work but still have development experience?

I wouldn't even try to answer that, its important to remember that a 
cert is just a bullet point on a resume.  If you market yourself as a 
"CC??" it may not be as effective.

> 4) Salary: What's the salary range you expect to be paid if you were 
> to find an avg security related job in the DC metro area?

If you happen to have a security clearance, DC is the place to be.  If 
you don't then there is still lots of work but a high cost of living.

> 5) Lifestyle: Are you treated with "on-call hell" all the time day and 
> night with grave yard shift

When I was the Firewall admin guy I was of course on call, but things 
weren't too hectic.  Now I'm more of a general "Security guy" position 
and I don't do much on call at all.  I comparison with some other jobs 
its easy.

> or are you pretty much left alone and undisturbed?

Yep

> do you get to meet any new people

Sure, lots of evaluating vendors, outsourcing , talking with people, etc...

> or are you severed from civilization and often wish you can 
> ET-phone-home every now and then?

If you do "Information Security" rather than "System or Network 
Security" one job description is to meet everyone, spread the security 
gospel, be in every meeting.  Did you mean how much time do you still 
have at home?  hmmm...  I suppose I have it easier than I did first 
starting on the helpdesk.  People who are really good at this line of 
work - work a lot anyway.

> Related to CCSA 156-210.4
>
> 5) Is it essential to get hands-on checkpoint-ware administration 
> experience
> to pass this certification exam?  I don't have access to any of Check 
> Point's software, how can I get experience using their software 
> without spending too much dollars.. assuming hands-on experience is 
> necessary.

(note - I have not taken the new test, but this link may be of use)
http://www.securestandard.com/certifications/checkpoint/

Ive have several certs (ccnp, ccdp, cissp, ccsa, .....)  Tell you the 
truth, I thought the CCSA was totally out of whack with what you learn 
administering a checkpoint firewall.  People always say "bla bla paper 
cert - bad"  or "bla bla boot camp - bad"  But my memories with CCSA is 
that you should read over the crappy little online test's that flood 
cert sites, because the test has little to do with experience anyway.  
(sorry checkpoint)

Hope this helps!

--
Mitchell Rowton
http://www.attackprevention.com/


---------------------------------------------------------------------------
----------------------------------------------------------------------------