Getting Into IT Security? Opinions?

RSS
Email

0 Kudos

Author	Comment
ilconsiglliere	Getting Into IT Security? Opinions?		Lead	[-]
Posts: 591 11/19/09 10:56:03 Senior Member	Tags : None I am contemplating making an IT career switch. Want to hear others thoughts about it. My background is very broad ranging from Unix OS development/app programming/systems admin, dba (oracle, db2, ims), architecture, MVS programming (Cobol, IMS, DB2), Windows, systems/business analysis, project/program management, IT cost management and IT vendor management. I know its a lot of stuff but the longest I was in one area was when I was involved with Unix. I am more of a jack of all trades than an expert in one thing. I also have great communication skills because I like to talk . That being said I have always enjoyed the dark underbelly of the Net. I just find the whole security thing interesting from a penetration and keeping people out standpoint. I like to take it apart and find how it works. Most of you know I have not been happy for quite some time and I have been pursuing other things. But recently I have been thinking if I am going to stay in IT what do I really like to do. Certainly not what I am doing now, thats for sure. I am also very paranoid about becoming a specialist in 1 vendors products which is what my current employer wants and likes. In my experience if you become too specialized in the wrong thing you can be screwed. My friend is an IT security guy. Never seems to have a problem finding jobs. From what I have seen he is not competing with offshore work for his jobs and not with visa holders here either. He has a couple of IT security certs. I doubt most companies will offshore security as they are way too paranoid about access. So that being said, I was wondering if this might be a good match for me instead of the sludge I am doing now. I like security, am well rounded in a variety of technologies and would think this might be a good match for me. Do you see this as a good career opportunity or no? Or are opportunities limited? Any opinions are appreciated.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
G0ddard B0lt	Two things	#1	[url]	[-]
Posts: 9416 11/19/09 13:36:01 Have you ever tasted a rainbow? At OpenIT, you will.	1) High personal and professional liability. I'd see this kind of role as a lawsuit magnet. 2) High exposure to failure. You'd only get to fail once. If a network that you secured was penetrated, you'd be finished or very damaged.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
codger		#2	[url]	[-]
Posts: 2718 11/19/09 14:12:34 Senior Member	Have you had security-specific training? Unfortunately, a lot of this training is vendor-specific, and won't necessarily be portable to other vendors' hardware/software. I would investigate and learn what experience and credentials will get you the best mileage. Additionally, can your background withstand a very close investigation? Do you have a current government security clearance? You should discuss the nuts and bolts of how your friend (and others) gets hired. Ask him/her for a copy of their resume. If your interest in network-oriented security is a non-starter, consider training for Computer Forensic employment. Lots to think about.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
1Aussie1 1Aussie1 1Aussie1 Oi Oi Oi		#3	[url]	[-]
Posts: 2385 11/19/09 22:02:35 Senior Member	"That being said I have always enjoyed the dark underbelly of the Net. I just find the whole security thing interesting from a penetration and keeping people out standpoint. I like to take it apart and find how it works." While the 'take it apart and find out how it works' is a definite plus, that bit about 'always enjoyed the dark underbelly of the Net' strikes me as a bit of a worry. It sounds just a little as if you have a, well, kinda James Bond view of the gig.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
I D Shukhov		#4	[url]	[-]
Posts: 2294 11/19/09 23:36:32 Senior Member	I've always thought security makes sense. I've bought some books (1/8th read), but have never spoken with any real live IT security engineers to get a feel for "a day in the life" of an IT security engineer. I have a suspicion that some of the work might be a bit dull, as in making sure that all patches are up to date, and running scans on systems to make sure they meet some (again, dull, but probably needed) standard, and monitoring log files. But I'm suspicious of all paid work. He that would live in peace and at ease must not speak all he knows or all he sees. - Benjamin Franklin
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
David Randolph	So is plumbing	#5	[url]	[-]
Posts: 1627 11/20/09 11:04:39 Senior Member	This strikes me as being similar to plumbing: ya gotta clean up a lot of sh*t. Yes, there is good career here, but you have to have the credentials and perhaps certifications. More important is whether or not you know how to get customers. You can have all the credentials and certifications, but if you don't know how to get customers, you will starve. So, are you looking for other people to get you the customers or do you know how to get them yourself? http://www.prairietrail.com
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
codger		#6	[url]	[-]
Posts: 2719 11/20/09 13:50:04 Senior Member	I assumed that he wanted to work in net security as an FTE. w/o creds and certs one's resume goes immediately into the HR shredder. (Unless you have a high-level friend in the org.) Ilconsiglliere: Never underestimate the ability of a highly-placed friend/honcho to ignore, circumvent, and contravene seemingly ironclad HR edicts. Unless you have someone pulling you into this area, you will have an uphill battle to gain entry. Security a clannish group in most places I've worked.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
Richardk		#7	[url]	[-]
Posts: 2271 11/20/09 16:19:53 Moderator	Same thoughts here too. Plus you have to work in an area that has clients willing to admit and do something about their security issues. For instance, when was the last time that a bank had a security breach? Unless they had thousands of credit card numbers stolen or something similar, I'm willing to bet that they never report breaches since they want to appear secure. So it seems like certs, training and a very good network is essential. Confidentiality is of the utmost and what happens if there is a breach? Is it your problem? I'm thinking that E&O insurance would be through the roof. On the positive side, if you overcome these issues, it would be quite a nice niche.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
I D Shukhov	Security Certs	#8	[url]	[-]
Posts: 2295 11/20/09 17:18:31 Senior Member	http://www.computerworld.com/s/article/77849/Are_security_certifications_worth_it_?taxonomyId=17&pageNumber=2 The CISSP was the most popular 6 years ago. GIAC is described as being for practitioners, not for people trying to break into the field. He that would live in peace and at ease must not speak all he knows or all he sees. - Benjamin Franklin Last Edited By: I D Shukhov 11/21/09 10:00:08. Edited 3 times.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
G0ddard B0lt	To me it sounds like...	#9	[url]	[-]
Posts: 9420 11/20/09 17:35:04 Have you ever tasted a rainbow? At OpenIT, you will.	There are some significant training and credentialing barriers. To me it resembles a master's program, a little. Probably shorter in duration. What you learn and how you learn is critical to success. Learn and get certified in the wrong stuff and you are no farther ahead. There is a sort of closed camp of actors in this industry who can invite you in, or not. I'd have to ask what else a person could be doing with their time that has a greater chance of success. This sounds like a gamble with little concrete career path advice to go on. I'd say that retargeting your career for DoD related work would be comparable in getting you a more secure line of work that is not so subject to "foreignization" and glutting of the chosen field, but with a LOT less unknowns and probably less expense and time spent in preparation.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
I D Shukhov		#10	[url]	[-]
Posts: 2296 11/20/09 23:21:12 Senior Member	There are some significant training and credentialing barriers. To me it resembles a master's program, a little. Probably shorter in duration. The good thing about this is, like a CPA, the cert. means something. It might discourage people who want an easy path into the field from attempting it and reward someone who really wants to be a security engineer. He that would live in peace and at ease must not speak all he knows or all he sees. - Benjamin Franklin
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
ilconsiglliere		#11	[url]	[-]
Posts: 593 11/21/09 15:19:22 Senior Member	Thank you all for your input, it is much appreciated. As for me having an idealized view of it akin to James Bond, I know it is nothing like that. I have always just been interested in what makes these people tick and why they do what they do. That is what I meant by my comment about the dark under belly of the Net. I know the work is not glorious and as you said involves doing scans and making sure patches are up to date. Unfortunately I have no higher placed friends that can pull me and circument the gauntlet of HR. Perm as we all know is a thrill a minute at times so I am not focused on just being perm. I dont have a current govmt security clearance. When I was in telecom I had a low level one because we were involved with work for the govmt's network. I have 2 friends that are involved with IT security and they dont make any more than me. I dont know how one got into but the other one got into it by pure accident. He has been a contractor the bulk of his career but his last 2 jobs were perm. The previous one was at my current employer, he couldnt stand it anymore and found a job in a telecom related company and quit (but not one of the carriers). Both of my friends have given me pointers about certs and what not. After I wrote my first post the other day my one friend said to me point blank, dont think for a second there arent H1B visa holders in this too. He said the only place they are not is at DoD jobs but he said they were there at his last employer and at his current employer in security. He also said that some companies outsource their security work to 3rd party companies because they dont want to deal with. He was at several banks that did that. So in a nutshell some of my assumptions are shot to hell. Back to square one. I have to agree with Goddard, what else could I be doing that would gurantee a greater chance of success. I have multiple things going on simultaniously, some non-IT related. A few years ago I was in the process of getting a plumbing license and am curently like 2 credits away from completeing the program but than I have to pass the state test. I was also doing custom wood working including both wood surfboards, kayaks, canoes and boats. The thought of doing what I am doing for the next 25 years is not appealing.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
G0ddard B0lt	Here's an even more fundamental concern: eventual dilution of the field	#12	[url]	[-]
Posts: 9423 11/21/09 17:46:33 Have you ever tasted a rainbow? At OpenIT, you will.	I don't mean to be the Cassandra type here. But something at a primal level is bugging me about your idea. Even more so than the issue of how well spent your time would be toward this goal. Here's my concern. ANY technical specialty that has paid very well has eventually been "democratized" by access to H1B foreigners and by flooding of the market with rank trainees who supposedly fit some dumbed down certification process. In other words, "security guys" are now relatively scarce and expensive. One thing that the IT field is REALLY good at is throwing a whole bunch of poorly trained, stupid, meal ticket oriented, and/or non native English speakers into any particular "good" specialty. The train left the station in this manner for programming, system analysis, QA, and DBA work a LONG time ago. These are all now lowly commodity functions as far as most of the industry is concerned. I can really see the same thing happening to IT security. It's the pattern of this industry to destroy niches by diluting the definition of the niche and making the job requirements have to do with targeting preferred populations rather than the most qualified. Mark my words, I bet it's already taking place.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
DG9		#13	[url]	[-]
Posts: 1036 11/21/09 19:21:52 Senior Member	Plumbing sounds great, with a hobby of creating surfboards, kayaks, canoes and boats, cool! Either/both could evolve into a business and sound better than IT... If You're Not the Lead Dog, the Scenery Never Changes...
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
I D Shukhov	The Big Lie about decision making	#14	[url]	[-]
Posts: 2297 11/21/09 19:31:36 Senior Member	I've come to realize that it's a myth that there is any best decision. (Not my idea, I'm afraid. It's from Overcoming Indecisiveness [Rubin?]) I've wasted a good part of my life in not deciding. The goodness of a decision depends on how much a person is committed to making the choice succeed. So, IMO, deciding to become a security engineer is no different than deciding to be anything. Within reason, anyway. I don't think I could decide to be a U.S. senator But if a career choice is reasonable one could probably make a go of anything if one is 100% committed to making it succeed. I don't want to hijack the thread with this thought, I'll move it somewhere else if there is any debate about this. He that would live in peace and at ease must not speak all he knows or all he sees. - Benjamin Franklin
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
G0ddard B0lt	ID, your comments generally "ground" things to reality	#15	[url]	[-]
Posts: 9425 11/21/09 19:45:25 Have you ever tasted a rainbow? At OpenIT, you will.	This is a really, really good point. Now, let's home in on the one attribute that is necessary to succeed: commitment to a goal. I have stayed steadily employed in SW development as a contractor, even though the business climate around my work has always been terrible and has been in a state of continual degradation for 15+ years. However, I'm not real happy with that choice, at this point in my life. So, your point is valid, assuming that ilconsigliere (or whomever) is fully committed and wants to to the actual work, regardless what curve balls that the business community will throw in his path regarding the dilution of security work.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
DG9	The goodness of a decision depends on how much a person is committed to making the choice succeed.	#16	[url]	[-]
Posts: 1037 11/21/09 21:54:48 Senior Member	I think this deserves a thread... If You're Not the Lead Dog, the Scenery Never Changes...
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
David Randolph	Custom Woodworking	#17	[url]	[-]
Posts: 1628 11/23/09 12:20:27 Senior Member	The problem with any artistic venture such as custom woodworking is that 50% of your time has to be spent on marketing and getting clients. It sounds similar to making a living in IT. Given our current economic situation, I suspect that any field has been overwhelmed with unemployed people looking for easy money. Ergo, the thing that makes someone stand out is committment and marketing. In "Outliers", the author makes the point that to become professional at any field, one needs to spend 10,000 hours on it. So, what are you willing to spend that much time learning how to do and sell? http://www.prairietrail.com
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
ilconsiglliere	I Totally Agree About The Committment Part Of It	#18	[url]	[-]
Posts: 594 11/23/09 15:03:55 Senior Member	You are either in it 110% or you are not. You cant approach it half heartedly. I have noticed that most successful people have a passion for whatever it is and will follow it doggedly into it logical conclusion. Not always successfully but they will stay at it until it happens one way or the other. I think Goddar's analysis of any niche eventually being overwhelmed is a very true statement. IT security may be heading down that road. I have noticed the time of discovery of a niche in IT to its eventual commoditization now is very, very short. Witness the iPhone. When it first appeared there were a couple hundred applications, now there are literally thousands of them with new ones appearing all the time. As more people enter it the chance of hitting it big, gets less and less. Though I think the mobile device app market has a ways to go yet. The plumbing is interesting though I have noticed many plumbers are starving now with this economy as well. There is just no work for them now unless something breaks. Construction has dried up and people arent renovating anymore so the only work they have now is leaky toilets and pipes. Things that NEED to be repaired. As for the woodworking, I built my first wood surfboard over the past winter. I had started surfing a few years ago as I grew up near the ocean. When I was a kid my parents were not thrilled with the idea of me drowning so I was forbidden from doing it. Anyway I have tried out many, many different kinds of boards. One day while playing in a surf shop I came across a wood one. First one I had ever seen. It was like a piece of fine furniture. After looking at it closely I realized I could probably build one. I met a guy on the west coast who imparted the knowledge I needed. For me it was not difficult as I had built wooden boats before. It only took about 3 weeks on/off to build it. Come May I took it to a surf shop where I lived and they took it on consignment. It sold in the middle of the summer for 3K. Not too shabby. I cut the owner of the surfshop in on 20% off the top as it was my first one. He asked me if I could make more and have plans over the winter to make a few more. I also did some reading on computer forensics over the weekend. That actually looks very interesting but I dont know how much demand there is for it.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
codger		#19	[url]	[-]
Posts: 2720 11/23/09 16:47:29 Senior Member	"I also did some reading on computer forensics over the weekend. That actually looks very interesting but I dont know how much demand there is for it. " I did a little research on computer forensics a while ago, and after asking around, decided that this is an area mostly staffed by people from police forces, and outsiders are not welcome. I can understand this, as an important part of the work is following rigid, highly structured procedures, and being a polished expert witness in court hearings. Pretty narrow niche. It did sound interesting, but getting one's foot in the door is almost a feat of magic.
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote
I D Shukhov		#20	[url]	[-]
Posts: 2298 11/24/09 09:20:09 Senior Member	You are either in it 110% or you are not. You cant approach it half heartedly. I have noticed that most successful people have a passion for whatever it is and will follow it doggedly into it logical conclusion. Not always successfully but they will stay at it until it happens one way or the other. I've got this quote posted on the wall near my desk: The Price of Success "I often wonder what it is that brings one man success in life, and what it is that brings mediocrity or failure to his brother. The difference can't be in mental capacity; there is not the difference in our mentalities indicated by the difference in performance. In short, I have reached the conclusion that some men succeed because they cheerfully pay the price of success, and others, though they may claim ambition and a desire to succeed, are unwilling to pay that price. And the price is... To use all your courage to force yourself to concentrate on the problem in hand, to think of it deeply and constantly, to study it from all angles, and to plan. To have a high and sustained determination to put over what you plan to accomplish, not if circumstances be favorable to its accomplishment, but in spite of all adverse circumstances which may arise and nothing worthwhile has ever been accomplished without some obstacles having been overcome. To refuse to believe that there are any circumstances sufficiently strong to defeat you in the accomplishment of your purpose. Hard? I should say so. That's why so many men never attempt to acquire success, answer the siren call of the rut and remain on the beaten paths that are for beaten men. Nothing worthwhile has ever been achieved without constant endeavor, some pain and constant application of the lash of ambition. That's the price of success as I see it. And I believe every man should ask himself: Am I willing to endure the pain of this struggle for the comforts and the rewards and the glory that go with achievement? Or shall I accept the uneasy and inadequate contentment that comes with mediocrity? Am I willing to pay the Price of Success? by Joseph French Johnson founder Alexander Hamilton Institute' (1926) http://en.wikipedia.org/wiki/Joseph_French_Johnson He that would live in peace and at ease must not speak all he knows or all he sees. - Benjamin Franklin
Interact My Recent Posts Message Me Ignore User's Posts	Reply To This Post Quote

<< Previous Topic Next Topic >>

Replies

Getting Into IT Security? Opinions?	11/19/09 10:56:03	ilconsiglliere
Two things	11/19/09 13:36:01	G0ddard B0lt
Re: Getting Into IT Security? Opinions?	11/19/09 14:12:34	codger
Re: Getting Into IT Security? Opinions?	11/19/09 22:02:35	1Aussie1 1Aussie1 1Aussie1 Oi Oi Oi
Re: Getting Into IT Security? Opinions?	11/19/09 23:36:32	I D Shukhov
So is plumbing	11/20/09 11:04:39	David Randolph
Re: Getting Into IT Security? Opinions?	11/20/09 13:50:04	codger
Re: Getting Into IT Security? Opinions?	11/20/09 16:19:53	Richardk
Security Certs	11/20/09 17:18:31	I D Shukhov
To me it sounds like...	11/20/09 17:35:04	G0ddard B0lt
Re: Getting Into IT Security? Opinions?	11/20/09 23:21:12	I D Shukhov
Re: Getting Into IT Security? Opinions?	11/21/09 15:19:22	ilconsiglliere
Here's an even more fundamental concern: eventual dilution of the field	11/21/09 17:46:33	G0ddard B0lt
Re: Getting Into IT Security? Opinions?	11/21/09 19:21:52	DG9
The Big Lie about decision making	11/21/09 19:31:36	I D Shukhov
ID, your comments generally "ground" things to reality	11/21/09 19:45:25	G0ddard B0lt
The goodness of a decision depends on how much a person is committed to making the choice succeed.	11/21/09 21:54:48	DG9
Custom Woodworking	11/23/09 12:20:27	David Randolph
I Totally Agree About The Committment Part Of It	11/23/09 15:03:55	ilconsiglliere
Re: Getting Into IT Security? Opinions?	11/23/09 16:47:29	codger
Re: Getting Into IT Security? Opinions?	11/24/09 09:20:09	I D Shukhov
Re: Getting Into IT Security? Opinions?	11/24/09 11:44:32	John Masterson
You're too late.	11/25/09 18:56:50	jbucks
Re: Getting Into IT Security? Opinions?	11/25/09 18:59:00	G0ddard B0lt
re: You're too late.	11/25/09 20:04:12	Origisaurus
Re: Getting Into IT Security? Opinions?	11/25/09 23:12:02	I D Shukhov

Yuku free message boards

Replies