cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
pkmike
Reader I

Your advice is much appreciated

Hello security pros,
I recently decided to make a switch to the field of IT/iS. Long story short I was a construction project manager making a decent living but wanted to put my education to use (bachelors in computer info systems) so I took a job as a help desk technician. In my free time I self-studied and acquired CompTIA A+, Net+, and Sec+ and most recently passed the CISSP (associate status).

I guess my question is what career advice/guidance would you give to someone looking to land a security role. Is there some particular pre requisite jobs/companies you recommend looking into?

I am new to this field and am open to the many types of jobs. (I understand InfoSec is a broad field).

If anyone has any pointers or advice to get me in going in the right direction I’d greatly appreciate it.

Thanks all,

Mike
7 Replies
Until_then
Contributor I

Congratulations on everything and welcome. Question I have for you is, what type of personality do you have which would best fit a particular area in Information Security? With your construction background, you seem to be a hands-on, technical person. There are numerous disciplines of that nature within IT Security, ranging from Incident Response (e.g. Forensics) to Architecture (e.g. Access Control). Then there's also a Governance, Risk, Compliance (GRC) side which is more risk management focused (policy, procedure, admin).
Until_then
Contributor I

I should've added that GRC is more management, not technical/hands-on, as you may know with your CISSP. Therefore, if you're looking for more technical, don't go GRC.

You'll find that when searching for jobs in either private or government, many jobs of different titles may have the same tasks. Conversely, two or more jobs of the same title may have different tasks. As you said, INFOSEC is a vast field. Despite that, lots of overlap with the many different areas which is a good thing because one of the difficult aspects of our field is plugging in all those gaps in job roles to properly secure a system (e.g., NIST SP 800-181).

AppDefects
Community Champion

It really depends on what motivates you, what you are passionate about, and where you want to go. You might even consider leveraging you PM experience to drive projects like Cloud transformation or you might more like  hands-on keyboard to work like network security - there are many "layers" of opportunity. Tell us more about your security interests.

CEMyers
Newcomer III

The background knowledge you have been building is useful to you and, in the case of the CISSP, enables you to understand the field of Information Security.  The other topic areas you have been covering provide some of the underlying background technical Systems/Network knowledge.  You can rely on the helpdesk and project management experiences that you have; both useful disciplines under information Security but will need to be addressed from a cyber security perspective.  You now need to determine what field of "cyber" you wish to go into (management, architecture, risk and consultancy, operational etc.) you also need you determine if the design and development of systems is where you want to be, or the day-to day running of security of systems/products be that in a Security Operations Centre, build and configuration, or daily maintenance (patch, update, incident management, helpdesk).  On top of this, what business domain do you want to progress in - law enforcement, healthcare (national/local), defence, government (national/federal, local)?  At the end of the day, you need to maintain the development of knowledge, gain appropriate experience, and hone and develop your skills in the areas chosen. Keep stretching yourself, keep learning, and keep enjoying the journey. Good Luck

CEMyers
Newcomer III

One of the big decisions is: do you want to be a big fish in a small pond (consider a lone security "expert" in a small building firm or a "generalist")  or a small fish in a big pond (think IBM Consultant or a "specialist").  You might consider starting with what you know - cyber security in the construction industry for example - best of both knowledge domains.  The world really is your oyster.  Create an Information Security (Cyber) relevant CV highlighting your relevant skills, experience, and knowledge and target something that will take you beyond your current comfort zone.  Remember to prepare examples of experiences to support the CV - have a few examples (Situation (what was the issue), Task (what were you asked to do), Action (what did you do), Result (how well was it received or did you/your solution perform) format - presentation style) that you can share at interview (remember this may prompt questions - and if you don't know, don't bluff but instead say so but then add .. but this is how I would approach investigation and preparation of a solution for example).

csjohnng
Community Champion

First congrats and welcome to the club.

 

Yes correct. Security field is a board field.

From first line of defence, 2nd line, 3rd line, 4th line , researches..

from CISO, architecture, engineering, analyst, project/program management, SOC, red team, incident response.

 

And you are correct, the best is have your eyes open, understand the field first and see what interests/motivates you.

It's difficult to recommend or give much advice with limited information.

Cheers

 

John
RRoach
Contributor I

Noticed post. Since you already have degree, certs, and HD experience I don't see any issues in landing a position. You technically are a security pro (security related duties in your help desk job). Just going to need to research the various positions (job/certification sites/etc.). One recommendation is to look at LinkedIn as part of your career development and network.