cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Talos
Newcomer I

Experience

Hi

 

I have an SSCP and currently work as a 3rd line IT engineer. Whilst security is important at my current company it is not the main focus (they are an small IT support Company).

 

Security is where I see my career progressing but am finding it hard to find any roles that do not require previous experience in Information Security. I would still like a hands-on role i.e. SOC engineer or info sec analyst but as I said these jobs normally require you to have SIEM experience or the like which I wont have coming from an IT background.

 

Any advice would be great

 

many thanks

Simon

11 Replies
JoePete
Advocate I


@Talos wrote:

I would still like a hands-on role i.e. SOC engineer or info sec analyst but as I said these jobs normally require you to have SIEM experience or the like which I wont have coming from an IT background.

 


Just because these tools might not be used by your current employer, it doesn't mean you can't get some experience with them. There are plenty of open-source SIEM resources (including OSSIM), you can get your feet wet with. You can also search out non-profits groups who might welcome someone willing to build their resume with a little volunteer work doing security-related projects. This said, I bristle at the suggestion that an IT background doesn't involve security. I know what you are getting at; many employers draw that line. But part of your task in trying to get an interview is to convince a potential employer that your experience is relevant. Security is integral to IT operations. It's not some special sauce. It is attention to detail, developing sound processes and following them.

Badfilemagic
Contributor II

I woud recommend the following: get a copy of a book called “building virtual machine labs,” which is by a former coworker of mine. It will walk you through building security-focused labs, installing open source ids/ips, seims, etc. you will get lots of hands-on opportunities at home this way.

Another good book is “the practice of network security monitoring”. Check that out, too. Richard Bejtlich knows his stuff.

If you focus, you should be able to pass an interview for a jr/mid soc analyst position. Once you have the job, pay attention, keep learning and seek training. If you get a job someplace with a training budget, the SANS courses on intrusion analysis and incident handling will serve you well in moving on to sr levels in that job silo.
-- wdf//CISSP, CSSLP
Talos
Newcomer I

Thank you very much for your input

 

kind regards

Simon

Early_Adopter
Community Champion

One thing that might help you progress if you are not getting any joy in terms of moving to a security focused role in operations teams, etc is to look at the tools you currently use and have experience with and develop close relationships with the vendors and resellers of those tools. Hands on is vital and you are much better off leveraging what you have/know already. This might lead to a pre-sales/support/ProServices gig with the vendor/partner and I can tell you good security knowledge, with good technical capabilities and strong communications skills with a dash of panache are pretty rare to find.

 

If thats not open, then I'd look at attacking specific market verticals you'd like to enter - lets say you were interested in being a SoC Analyst(and with 8-12 hour shifts, massive TVs showing nonsense, and unhealthy lighting schemes who wouldn't be?) Then the first place to start would be to segment the market out for Managed Security Service Providers.

 

Read the freely marketing artifacts(people commissioning services do):

 

https://www.trustwave.com/Resources/Library/Documents/2017-Gartner-Magic-Quadrant-for-Managed-Securi...

 

And thinking like a Product Manager, segment that market - who are the big dogs? Who is cheap and cheerful? What's the value proposition? Where are they based?(SoCs with some exceptions are not terribly man portable - so be prepared to move).What are the vendors worry about? how would you make money with this service?

 

Then think like an end user, get the free trials, get hands on, form options, think like an evaluator of a solution, blog your fair and balanced thoughts, even if you like a solution be rigorous and critical about it's shortcomings whilst recognizing its value - get feedback on your opinions.

 

You could look at other persona's but the idea would be to take 3-6 months and immerse yourself in the space(need not be MSSP) - then get your details out there - at some stage one of those players will win a contract, have someone leave or need to take on employees onto bench.They may even be supplying an analyst to be embedded into one of their customers - but the bottom line at some point commercial imperative will mean that someone will need to cut their coat according to their cloth, and someone like yourself with an operational security cert, understanding of the market and technology and a desire to learn and the ability to move quickly will be quite a rare find.

 

 

 

 

 

 

Talos
Newcomer I

thank you for your input very insightful

 

kind regards

Simon

nagarajan
Contributor I

Hello Talos,

 

If you can find some voluntary work for Schools, Libraries, and Hospitals where you help them in security then you can show that in your profile. Keep up the learning curve, learn web security and how to protect the systems. All this will help you suggest best to your company and other institutions. 

 

You should be able to see the gaps and come up with ways to mitigate the risks. I have always seen the bigger picture and see security holistically. 

 

Nagarajan

 

 

Regards,
Nagarajan Viswanathan (Raj)
Ravenshroud
Newcomer III

If you haven't heard the phrase yet, it is a valuable one.

 

"Move out to move up or move on."  

 

Raises and career development are supported so sparsely in our industry.  You will be very lucky to find an organization that will support your needs unless you are at a large or global organization.  Now that isn't to say there aren't some REALLY good ones out there, but I personally think your best bet would be to find 2-3 contract jobs in a row that deal with the type of security you want to do and then transition back to full time when you are ready.

 

There are so many sec ops contracts that will pay $50-100/hr and last 6 months to 3 years, but it depends on the stability you need in your life.

 

I have made a life out of contracting and love all of the people I meet, but I always get anxiety near the end of the contracts regardless.

jordanpw
Newcomer III

Hey Talos

 

I think the suggestions above regarding setting up your own (virtual or physical) labs are right on. Think on some security topics you are most interested in learning and practice like heck in your lab. If you have a little budget, look at some online courses to help and accompany your lab efforts. There are lots of good options out there now with very low/reasonable pricing - including PluralSight, Pentester Academy, Udemy, and plenty more. Courses can be as low as $15-30.

 

I'd also say you do not necessarily need to do volunteer work at schools etc or become a contractor. You could also look for IT Services / MSP firms that offer a job role that will offer a fair bit of security work out of the box even if it's an all-rounder engineer / consultant role. That way you still get paid what your experience is worth while getting an opportunity to expand your security skillset. I've worked in roles like that in MSPs and they helped get me into 'pure' security roles down the road.

 

If you land a job along those lines and spend time with courses and working your lab you should be heading down a good track I think.

Talos
Newcomer I

thank you all for your help with this

 

kind regards

Simon