RE: Experts!: security-related career questions (long)

["Shawn Jackson" <sjackson () horizonusa com>]

> General Questions:

> 1) Do I have to start all over again from entry-level position
> even if I have 5 or more years experience as systems engineer/software 
> engineer?

Short answer yes, long answer maybe. There is security in software, why
we don't talk about it often or even admit to its existence bothers me.
Writing secure code is a very changeling experience (Done it in C++, C#,
PHP, ASP, VB6) and very humbling, if I say so myself. I wouldn't
recommend going for a CISSP unless you have extensive hands-on
experience. The majority of the security certs require previous hands-on
experience, which I'm all for. Security is a best-of-breed, unlike some
admin positions where you can be as green as a leaf and be ok, security
requires a more honed skill-set and mental attributes, which IMHO only
experience can provide. Don't shoot for Pen Testing unless you're a
successful hacker. I swear if I see one more "Penetration Testing
Specialist" fire up SNORT and scan my network I'll flip. If you can't
manually hack a network you won't go far in that specialized field. Move
from your skill-set, coding, and slowly evolve that into security.
Writing secure applications, auditing applications for secure code,
writing security tools, etc.

> 2) Growth Potential: how long did it take you to move up the corporate 
> ladder
> and finally make it to some type of management in the security field?

Management? Not me bud. Sorry can't help there. I like being in the
trenches.

> 3) Job market: how's the job market for people with CCSA and other type
of 
> certifications
> who have no prior security work but still have development experience?

Limited, Meager, Marginal. With no experience you won't even get in,
with a few certs you could get a Audit or Low Level Engineer position.
Of course that depends on the firm and how intelligent they are.

> 4) Salary: What's the salary range you expect to be paid if you were to
> find 
> an avg security related job in the DC metro area?

Don't know about DC metro, but I have a bud that does PKI and he can
make upwards of $250 an hour, $500 for emergencies.

> 5) Lifestyle: Are you treated with "on-call hell" all the time day and
> night 
> with grave yard shift
> or are you pretty much left alone and undisturbed?
> do you get to meet any new people
> or are you severed from civilization and often wish you can
ET-phone-home 
> every now and then?

With security if there is a problem you MUST get on it ASAP. Day, night,
weekend, holiday not matter what. That depends on your company, but it's
my personal opinion and experience. I have my logs copied to my iPAQ and
I review them when I have any free second. In line that grocery store,
or waiting for a movie to start I'm looking at my syslogs.

> Related to CCSA 156-210.4
        Haven't looked at it recently, sorry.


Hope any of this helped and good luck man!

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: J. Yoon [mailto:supercool9000 () hotmail com] 
Sent: Monday, December 29, 2003 1:17 PM
To: security-basics () securityfocus com
Subject: Experts!: security-related career questions (long)

I'm 29 now and make about $67k as software engineer but desperately
trying 
to get my foot into the security field.
I wanted to get a CISSP cert and even studied the training book
but didn't take the exam. I probably would have passed the written but
since 
4 years of security work experience is required,  I felt I be better off

going for something like a CCSA instead.

Originally, I am from a hard science background
but also have about 5yrs experience using unix shell perl and cgi web 
programming working for large companies that develop scientific 
applications.  My actual job experience can't be considered
security-related
but I have *some* personal experience at home locking down
and tinkering with my home network & linux boxes.

I would like your advice on how I can get my foot in the security job
door
without my experiences so far being flushed down the garbage disposal
and ultimately become successful in the security field.

( I'm interested in any network security field but mainly pen-testing
and/or 
codebreaking, encryption.)

General Questions:

1) Do I have to start all over again from entry-level position
even if I have 5 or more years experience as systems engineer/software 
engineer?

        

2) Growth Potential: how long did it take you to move up the corporate 
ladder
and finally make it to some type of management in the security field?

3) Job market: how's the job market for people with CCSA and other type
of 
certifications
who have no prior security work but still have development experience?

4) Salary: What's the salary range you expect to be paid if you were to
find 
an avg security related job in the DC metro area?

5) Lifestyle: Are you treated with "on-call hell" all the time day and
night 
with grave yard shift
or are you pretty much left alone and undisturbed?
do you get to meet any new people
or are you severed from civilization and often wish you can
ET-phone-home 
every now and then?


Related to CCSA 156-210.4

5) Is it essential to get hands-on checkpoint-ware administration
experience
to pass this certification exam?  I don't have access to any of Check 
Point's software, how can I get experience using their software without 
spending too much dollars.. assuming hands-on experience is necessary.

6) Is "smart defense suite" a relatively big portion of the new exam 
156-210.4,
compared to the old exam 156-210? Should I not worry too much about it
or should I get a new course book?

_________________________________________________________________
Take advantage of our limited-time introductory offer for dial-up
Internet 
access. http://join.msn.com/?page=dept/dialup


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------