Personal computing discussed
Moderators: renee, SecretSquirrel, notfred
KnightyKnight96 wrote:So I'd really like to hear some opinions from you guys, even if you're not working on this field.
Losergamer04 wrote:I also suggest working on the CEH (Certified Ethical Hacker) certification. If you're REALLY into it, OSCP (Offensive Security Certified Personnel). That's a PITA of a cert. Those are good certifications to have when looking for work in the penetration testing field. You can also start working on the CISSP now. It's been said it's an "inch deep and a mile wide." That's true. Is the defacto cert, but it requires 5 years of proven experiance (otherwise it's an associate, not professional, until you get the experience).
Losergamer04 wrote:Regardless of the route you choose if have noticed the best security people tend to be the most well rounded.
Losergamer04 wrote:The other choice is going into system administration.
Losergamer04 wrote:However, they are perceived as valuable by employers, meaning they are worth perusing for a person who is trying to get a job.
Losergamer04 wrote:Don't get me wrong, I've come across a lot of CISSP people who didn't know a damn thing. I'm not condoning the certification wars that seem to be going on. But they do have a purpose. The advice I gave was based on real experience from real employers. It's what worked for me.
Losergamer04 wrote:Regarding the "best" people in cyber security: I think that's a very broad statement to make. To clarify, when I said "well rounded" I was thinking of all IT, not security.
Glorious wrote:Losergamer04 wrote:However, they are perceived as valuable by employers, meaning they are worth perusing for a person who is trying to get a job.
As a way to get your foot in the door, maybe. I think you might be better served by differentiating yourself in other ways, but yes, there is clearly some value as some employers are indeed looking for them.
As long-term qualification? No, I really don't think so. They don't age well at all, and after a certain period of time I routinely see people de-emphasizing or outright eliding that they ever had certain ones.
Losergamer04 wrote:Don't get me wrong, I've come across a lot of CISSP people who didn't know a damn thing. I'm not condoning the certification wars that seem to be going on. But they do have a purpose. The advice I gave was based on real experience from real employers. It's what worked for me.
Perhaps it did, but overall it's not very beneficial to the industry at large as you even seem to acknowledge.
As I said, as an entry-level tactic it perhaps has some merit, but there are significant concerns, especially if you are personally paying for training/tests.
cphite wrote:So basically what you're saying is what he was saying, but you disagree with him? Honestly man, do you just argue for the sake of arguing or what?
KnightyKnight96 wrote:HI guys! Thanks for all the replies,ive been pretty busy at work the last days so i couldnt respond quickly,but with this army thing you kinda gave me a great option,but i don't actually know if is hard to get into the army...but that would be really awesome!Do you guys have any infos about it?
Airmantharp wrote:KnightyKnight96 wrote:HI guys! Thanks for all the replies,ive been pretty busy at work the last days so i couldnt respond quickly,but with this army thing you kinda gave me a great option,but i don't actually know if is hard to get into the army...but that would be really awesome!Do you guys have any infos about it?
Not being an Aussie myself (served in USAF), I don't have more suggestions than to start researching based on what you've been given above. In the US, you'd start with a recruiter- but a fair bit of warning, if the AU works anyway like ours, you're going to want to talk to people who do the job before committing, and you'll not want to visit a recruiter without getting a good feel for how all of this works. You may also want to seek out someone to visit a recruiter with, preferably someone who is serving or has served.
Jigar wrote:I am from IT security field i suggest you do some digging about Web application firewall, they are all the rage today and its a recommended solution for any company/firm to mitigate DDOS/hacking/vulnerability exploitation attempts.
People doing research in this field are paid very well
yeti wrote:Another little hurdle for you will be the need to be an Australian citizen. Fortunately you don't need to give up your US citizenship, but I don't how long you'll need to wait.
Do your research! Possibly look at the equivalent in the US armed services (or NSA? don't know if they're military or not ) first, see if you can meet all the requirements then check the ADF/ASD requirements to see which ones are similar or don't need to be worried about.
KnightyKnight96 wrote:yeti wrote:Another little hurdle for you will be the need to be an Australian citizen. Fortunately you don't need to give up your US citizenship, but I don't how long you'll need to wait.
Do your research! Possibly look at the equivalent in the US armed services (or NSA? don't know if they're military or not ) first, see if you can meet all the requirements then check the ADF/ASD requirements to see which ones are similar or don't need to be worried about.
I'm notfrom US Tho
KnightyKnight96 wrote:but since I don't really like programming I'd like to work on cybersecurity,
yeti wrote:KnightyKnight96 wrote:yeti wrote:Another little hurdle for you will be the need to be an Australian citizen. Fortunately you don't need to give up your US citizenship, but I don't how long you'll need to wait.
Do your research! Possibly look at the equivalent in the US armed services (or NSA? don't know if they're military or not ) first, see if you can meet all the requirements then check the ADF/ASD requirements to see which ones are similar or don't need to be worried about.
I'm notfrom US Tho
Sorry my bad! We've plenty of Italians here(if you're Italian;-))
But as the other posters have mentioned programming seems to be needed. Try to speak to as many people as you can in the field in which you're interested in... PM those in this forum if they know the requirements(and if they invite you or you ask nicely of them), both the pieces of paper and the actual skill set they reckon you'll need in the career. (Even if the pieces of paper only apply within their country, at least you can then compare with what available in yours, which gives you an idea of what to aim for)......the skills will be universal, quite frankly they are what your immediate boss would be looking for in the job.
Crackhead Johny wrote:KnightyKnight96 wrote:but since I don't really like programming I'd like to work on cybersecurity,
About that...
What do you mean by cyber security? DR/BCP, pentest, auditing, FW work, architecture, management, etc?
If you do pentest you will end up doing some work and it will really help if you can do some code/scripting. Heck even if you are a firewall guy being able to automate parts of your job is a really good thing.
As for infosec I have been doing it a long time in different ways. Get in where you can (probably help desk) and try to keep moving towards where you want to be.
A degree. Yeah, here in the US that is a good way to go into debt for life. HR likes a 4 year but beyond that they do not care what it is in or if it took 4 years. Find the fastest cheapest one you can if you care about this (remember IT and infosec move forward so fast that school learning tends to be very outdated). You are self study from here on out and you will be until you retire (or get replaced by a program)
Which will get you further: 4-5 years in college working on a compsci degree so you can go get a help desk job, 2-3 year in a help desk job with a 2 year technical degree, or 2-3 years in help desk jobs and then 1-2 years in mid/top level support positions/specialties?
Working: Stay at jobs you like as long as you can afford to (starting out any step up will be a good step up). Always be looking for new jobs which are a step up until you get to where you want to be. I mean that on your first day at a job update your resume and get it back out there. Infosec pays well because it is mercenary. Network like a mother ****, your connections are your next jobs and important people take their best with them when they go someplace new.
Do not start a family until you can quit living the airplane lifestyle. Even settling down may be stressful to your partner(s) if they only see you 1-2 weekends per month... or once per quarter.
Certs: CISSP. You can only get this with 5 years experience so keep that in mind and do not talk to people who say they can get you one with 0 exp (get all the info you can from those people and report them to ISC^2). This is a management infosec cert and by that I mean, this will give you a broad enough understanding to understand what your people are talking about. After that HR doesn't know what the other infosec certs are. GIAC used to be great for people in the trenches until they removed the practical from their tests so that they could be boot camped/cram exam'd. For other certs if you need a prettier email sig, look at PMP, ITIL and other big certs. HR recognizes big certs even if they have no clue what they are. You can even consider getting a Must Consult Someone Else (arguable value). Also keep in mind that many big certs have annual fees and CPE requirements that you have to keep up with even if you are not working (if you are working get your employer to pay your fees and send you to training conferences each year).