Security Basics mailing list archives
RE: Experts!: security-related career questions (long)
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Wed, 31 Dec 2003 12:01:23 -0800
General Questions:
1) Do I have to start all over again from entry-level position even if I have 5 or more years experience as systems engineer/software engineer?
Short answer yes, long answer maybe. There is security in software, why we don't talk about it often or even admit to its existence bothers me. Writing secure code is a very changeling experience (Done it in C++, C#, PHP, ASP, VB6) and very humbling, if I say so myself. I wouldn't recommend going for a CISSP unless you have extensive hands-on experience. The majority of the security certs require previous hands-on experience, which I'm all for. Security is a best-of-breed, unlike some admin positions where you can be as green as a leaf and be ok, security requires a more honed skill-set and mental attributes, which IMHO only experience can provide. Don't shoot for Pen Testing unless you're a successful hacker. I swear if I see one more "Penetration Testing Specialist" fire up SNORT and scan my network I'll flip. If you can't manually hack a network you won't go far in that specialized field. Move from your skill-set, coding, and slowly evolve that into security. Writing secure applications, auditing applications for secure code, writing security tools, etc.
2) Growth Potential: how long did it take you to move up the corporate ladder and finally make it to some type of management in the security field?
Management? Not me bud. Sorry can't help there. I like being in the trenches.
3) Job market: how's the job market for people with CCSA and other type
of
certifications who have no prior security work but still have development experience?
Limited, Meager, Marginal. With no experience you won't even get in, with a few certs you could get a Audit or Low Level Engineer position. Of course that depends on the firm and how intelligent they are.
4) Salary: What's the salary range you expect to be paid if you were to find an avg security related job in the DC metro area?
Don't know about DC metro, but I have a bud that does PKI and he can make upwards of $250 an hour, $500 for emergencies.
5) Lifestyle: Are you treated with "on-call hell" all the time day and night with grave yard shift or are you pretty much left alone and undisturbed? do you get to meet any new people or are you severed from civilization and often wish you can
ET-phone-home
every now and then?
With security if there is a problem you MUST get on it ASAP. Day, night, weekend, holiday not matter what. That depends on your company, but it's my personal opinion and experience. I have my logs copied to my iPAQ and I review them when I have any free second. In line that grocery store, or waiting for a movie to start I'm looking at my syslogs.
Related to CCSA 156-210.4
Haven't looked at it recently, sorry. Hope any of this helped and good luck man! Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 -----Original Message----- From: J. Yoon [mailto:supercool9000 () hotmail com] Sent: Monday, December 29, 2003 1:17 PM To: security-basics () securityfocus com Subject: Experts!: security-related career questions (long) I'm 29 now and make about $67k as software engineer but desperately trying to get my foot into the security field. I wanted to get a CISSP cert and even studied the training book but didn't take the exam. I probably would have passed the written but since 4 years of security work experience is required, I felt I be better off going for something like a CCSA instead. Originally, I am from a hard science background but also have about 5yrs experience using unix shell perl and cgi web programming working for large companies that develop scientific applications. My actual job experience can't be considered security-related but I have *some* personal experience at home locking down and tinkering with my home network & linux boxes. I would like your advice on how I can get my foot in the security job door without my experiences so far being flushed down the garbage disposal and ultimately become successful in the security field. ( I'm interested in any network security field but mainly pen-testing and/or codebreaking, encryption.) General Questions: 1) Do I have to start all over again from entry-level position even if I have 5 or more years experience as systems engineer/software engineer? 2) Growth Potential: how long did it take you to move up the corporate ladder and finally make it to some type of management in the security field? 3) Job market: how's the job market for people with CCSA and other type of certifications who have no prior security work but still have development experience? 4) Salary: What's the salary range you expect to be paid if you were to find an avg security related job in the DC metro area? 5) Lifestyle: Are you treated with "on-call hell" all the time day and night with grave yard shift or are you pretty much left alone and undisturbed? do you get to meet any new people or are you severed from civilization and often wish you can ET-phone-home every now and then? Related to CCSA 156-210.4 5) Is it essential to get hands-on checkpoint-ware administration experience to pass this certification exam? I don't have access to any of Check Point's software, how can I get experience using their software without spending too much dollars.. assuming hands-on experience is necessary. 6) Is "smart defense suite" a relatively big portion of the new exam 156-210.4, compared to the old exam 156-210? Should I not worry too much about it or should I get a new course book? _________________________________________________________________ Take advantage of our limited-time introductory offer for dial-up Internet access. http://join.msn.com/?page=dept/dialup ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Experts!: security-related career questions (long) Shawn Jackson (Jan 02)
- <Possible follow-ups>
- Re: Experts!: security-related career questions (long) Mitchell Rowton (Jan 02)