RE: Getting In

[Jason Armstrong <jarmstrong () technicacorp com>]

This might be stating the obvious, but from my own 
perspective it comes down to a few things. (Also,
I don't know all of the details of your situation,
So take what you can from this and discard the rest.
Perhaps you'll end up discarding all of it.    ;)

Education - At the very least you should be educating 
        yourself as much as possible so that when an
        opportunity does present itself, you will be
        prepared to seize it. The SANS InfoSec Reading
        Room http://www.sans.org/rr/ is a great place 
        to start. Also, look into buying an SSCP 
        (Systems Security Certified Practioner) book. 
        It's also a good place to start when learning 
        about security basics. Any security-related 
        certifications you can acquire will certainly 
        help. Additionally, a college degree can
        help as well, but is no longer a guarantee
        (not that it ever was, it just greases the
        skids a bit if you know what I mean.)

Network - It's all in who you know or _get_ to know. 
        I started with my current employer and worked 
        in the WAN group for the first two years. After 
        proving my value as an employee, I was allowed 
        (at my request) to move into the Information 
        Assurance group. I guess this could be distilled 
        down to: get a job in the field (any job, anywhere 
        in the field) and work hard to prove your worth. 
        You have to really want it. Post-dotcom bust, 
        things are very competitive all over. You have to 
        kind of blaze your own trail so-to-speak and make 
        it happen. Once you're in IT make every effort,
        however small it may seem at the time, to move 
        closer to the InfoSec arena.

I think it can safely be said that there is no recipe
for getting into this area of IT. It's a mixture of
persistence, determination, intelligence and some good
old fashioned luck. Being in the proverbial right place 
at the right time.   

But then again, I guess there is the cold, hard reality
that even all of that may not be enough.

Best of Luck,
Jason



-----Original Message-----
From: Duffy Hazelhurst [mailto:dhazelhurst () mobileplanet com] 
Sent: Monday, August 11, 2003 8:08 PM
To: Mike West; security-basics () securityfocus com
Subject: RE: Getting In



I can't wait to see the reply, I'd love to know the answer myself.

Duffy

    

-----Original Message-----
From: Mike West [mailto:mwest67 () ntlworld com]
Sent: Saturday, August 09, 2003 4:29 AM
To: security-basics () securityfocus com
Subject: Getting In


Guys

I know you have probably been asked this question many times but here goes.

I am currently a security enthusiast and employed as a software developer
for a large Telco company however I would like to get into the security
field but I am finding it a very tight market to get into.

How would be the best way to make a start in the Security field. As I have
found that most company's will not look at your CV unless you have had 2
years proffesional experience/certification and you can't get a
certification until you have the experience etc.

Thanks in advance
Mike



---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------