ITSECfag here. This thread is about finding work in the ITSEC field. I've worked in security for 10+ years, previously worked at Symantec. The industry is experiencing an absolutely massive shortage of skilled workers. You can find work all over the world, for good pay, and many places offer 100% telecommuting schedules. That being said, it's not a job for brainlets.
Interested in starting a career in this industry but have questions? I'll be available for the next hour or so to answer them.
answer honestly not some hopium bullshit. if not, how do i get employed in this industry? im 18yo btw. what certs do i need etc.
Nicholas Jackson
what is itsec m8?
Camden Hughes
also what do i search for, when looking for jobs? I do a search for "ITSEC" and only about a dozen job results come up.
Brandon Jackson
I do not have a degree. It would help or be required for managerial positions, but it is not absolutely required. Demonstrable skill and a cert like CISSA/P can suffice. That being said, you may need to be very intelligent and motivated without a degree.
Cybersecurity, Infosec, IT Security, etc.
Grayson Martin
Cybersecurity seems to be the prevailing term in recent years.
David Robinson
What should I be focussing on to transition from a sysadmin role into ITSEC?
Leo Sanchez
ok and will they hire an 18yo if i have these certs? Because i am looking at these jobs and they are around £45-60k a year.
Landon Brooks
greetings colleague. What’s your specialty? I head up Cyber Sec design/arch for an insurer. The skills shortage has made this a tough year.
Xavier Long
With sysadmin experience a CISSA should suffice to transition. You should have no problem finding a junior level security position and moving up from there, especially if you have experience with linux/unix/Solaris and/or forensic analysis.
So long as you're professional and can demonstrate skill I dont see why anyone wouldn't. Young staff are typically far more motivated and on top of emerging tech / trends.
Isaac James
Malware analysis / threat hunting and incident response but I'm kind of doing jack of all trades work at the moment.
Bentley Allen
>CISSP what is this? i look everywhere and it says like one week to get the cert?? your telling me im employable after 1 week? this cant be right. what other skills do i need to learn?
What's the pay like? I kinda want to transition from healthcare, but only if I can make $120k minimum after a few years of experience.
Ayden Cook
1 week bootcamp after you've read a study guide (most study guides are 800-1000 pages) seems more likely. I wouldn't recommend trying to go 0 to 100 in one week.
Easier certs would be GIAC GSEC, CompTIA Sec+, but much less valued than CISSA/P.
I work for the government so my pay is probably a little low for my area but my benefits are solid. I make 139k + benefits + pension. Pay also depends on the area you're working in and your degree of specialization.
Sebastian Rogers
We’ve been asked to take on threat hunting/management, proving difficult to resource it. How do you find it and how many people do you have in that space?
Wyatt Carter
Me and one other guy on my team do threat hunting. It's difficult because most of the EDR out there is based on modeling that is pretty new. Finding people with knowledge in machine learning is difficult. I select training every year that my job pays for. The good thing is most of the companies that sell EDR products provide their own models and regular reports/consultations. Darktrace does this, and are very good, but also very expensive. I did a POC evaluation with them last year and it just wasnt providing a whole lot of value for the price tag so we went another route.
Zachary Ward
what's it like? Is it kinda like law/med where you have to memorize lots of facts and know what each components do? Math + programming knowledge needed?
Julian Thompson
What's your recommended route to study for CISSA/P? Any books/courses/bootcamps?
Chase Young
also, is Jow Forums's netsec and cyberpunk threads a good starting point to learn
Christopher Morgan
>ITSEC >basically bunch of marketing fags with compTIA certs in "security" selling cloud antivrus hopium subscriptions to corp brainlets
come back when you get your CCIE:SEC, CISSP and few higher clearance levels
Fundamental knowledge of information systems is required, and on top of that, knowledge about securing information systems. Math and programming isnt necessarily required. You can get by with minimal scripting ability and knowledge of CLI for powershell or linux shell. There's lots of easy jobs out there that are just glorified sysadmin positions. That being said there are also more specialized and difficult positions as well. ITSEC covers a lot.
Ryder Fisher
what do the difficult positions entail? With med and law you can very easily understand the stereotypes but what about specialised positions in cybersec?
Elijah Robinson
ISC2 has official study guides and they are good.
>come back when you get your CCIE:SEC, CISSP and few higher clearance levels
Lol, what do you know? Come back when you're at least TS (SBBI). Then maybe you'll be eligible to talk shit.
Ethan Ross
Thanks user, appreciate your input.
Jason Collins
Look up the 10 security domains for high level descriptions of each. Like I said before, the range is wide. From something as simple as administrating an AV application and servers for a company, to legal, regulatory, systems architecture/ design, cryptography, etc.
Joseph Johnson
can you explain what kind of things you do? you said here >threat hunting
how do you go about doing this? i know how to program so if you could explain in detail would be fine.
do you just write scripts that go through the file system and send an alert if they find something strange?
Elijah Kelly
Thanks user, interesting thread
Henry Torres
CISSP or CISSA - which do you have or would recommend pursuing based on need? Whats the difference in pay / work for each job you're likely to land with either?
Michael White
Mirror traffic on your switches, log traffic and run algorithms to detect patterns and abnormalities in traffic (basic machine learning), investigate anomalies. For instance, we know that our main office is closed after 5pm, so if one of our machines reaches out to Vietnam at 1am, we immediately isolate it from the network and investigate it.
Nathaniel Thomas
oh how cute you used google search to find out about clearance level you never heard in your life before
You have to have at least 4 years work experience in one of the 10 domains to get the P. It's the same exam for both CISSA and CISSP. P Just means "Professional" and notates you're not a newb. CISSA is usually what a junior position holds. CISSP would be tier 2 or senior level.
Blake Stewart
Cool. Take your big balls and troll someone else cool guy. I'm here to help people, not entertain you.
Easton Wright
ok so to get a job in this field you want;
>CISSA cert >some machine learning stuff projects on github
is there any other "must have" certs?
Camden Foster
CEH is also good if you want to do stuff like pen testing and application security. CISA (information systems auditor) if you want the most boring job in the field lol.
Camden Anderson
why don't you gtfo of /biz and do something else productive in your life ? you clearly lack intellect if you think you can help these sub 30 IQ brainlets on here with your "get a job in IT security" advice
How many cocks can you stick in your fucking mouth, faggot?
Levi Fisher
Thanks for the advice, Mr. Productivity.
Joseph Brown
ok cool. and what is the interview process like? so for example in programming they will ask you some whiteboard problem or ask about your projects. whats a typical interview?
Carter Watson
cool, thanks!
Aiden Smith
How big are they?
Landon Williams
you welcome mister "I can be replaced by a 2 line golang script" faggot
Levi Gomez
I've really only had 3 interviews related to ITSEC, but general IS questions, project experience questions, examples of innovation or situations where you developed something on the fly to solve a problem. I had one guy ask me which websites I went to for security information. 1 of them gave me a network map and asked me to identify potential security problems with it.
Dylan Turner
Damn. I hope one day I can be as 1337 as you. That would be so cool.
Connor Ross
>I can be replaced by a 2 line golang script Hello newfriend, I would recommend that you at least learn a little bit before typing something that makes you look like a fool
Chase Murphy
What's the difference between this and CCNA? I am aiming for ccna, but worth it to get both?
Michael Hill
CCNA is Cisco networking. Basically you'd be an infrastructure guy, not a security guy. Youd probably spend most of your time programming switches, installing switches, troubleshooting network problems, etc. CCNA is pretty niche and I wouldn't recommend it for most people.
Ryan Smith
Don't I need 5 years of experience for CISSA?
Josiah Young
No, anyone can get CISSA. You need experience for CISSP, although, it's the same test and cert essentially. CISSP just tells employers that you have verified experience in one of the 10 domains.
Blake Phillips
OP, I'm 21, about to start my final semester of college as a Math major and CS minor, and I'm still looking for jobs. Despite choosing to be a pure math major, I'm not a complete brainlet. I've done enough programming that I think I can pick up anything new, but I have absolutely 0 experience or exposure with anything security related. What do I have to learn to get a job?
Cameron Lee
newfriend >hmmmmmmmmm I wonder I wonder
Matthew Torres
>does it matter if you have a degree? it doesn't, at all. what matters is experience, knowledge and interest in learning more. you will NEVER stop learning in this industry.
infosec is a very broad field, but most companies are looking for pentesters
start reading infosec news (r/netsec is good), start doing stuff, get interested and show your interest to others, learn, learn, learn.
Jordan Moore
What are the best places to find these jobs all over the world with 100% telecommuting schedules? Any particular job sites for the ItSec world?
Anthony Ortiz
Will ITSEC still be short on workers in 4 years?
I plan on joining Marines soon as a data network specialists where i have to get those certificates CompTIA and stuff, and get out in 4 years and get a super comfy job coupled with crypto investments.
Would I be set following this path?
Hudson Murphy
Much better (open ended like that) than white boarding torture. I won’t mind if they take a practical test on threat hunting or on other attack vectors.
Parker James
This is the problem with “cyber”... whoring out the industry to a bunch of idiots. The people that are coming in are fucking morons that say they’re “professionals” and couldn’t read an ACL to save their life. How about DACL or even RACF? Nope. Try google maybe you’ll find your answer....
- +20 yrs in industry and watching it die as my mentors get buried in the ground due to stress and cancer.
Jackson Gomez
Hey bro, info sec consultant here- 26 years old 75k salary not including signing and annual bonus
Infosec is where it’s at!!!
Camden Martinez
Your wrong in many ways. Companies are not looking for pentesfers.. consulting/service companies are, if you have the skills... or you can go to a trustwave shoppe and be a hack.
The security space has multiple fields, some are commodities, while others are specialized.
Need a good threat hunter? Yeah, but they better know how to connect the dots.
Need a good IR? (Newbs can google) yeah but it’ll cost you.
Need an analyst? Get a great sys admin with 5-10 years.
Now a days the kids coming out of college have no clue. I had one that gave me a blank stare when I asked about social engineering... >
Leo Lewis
Grats on spouting access management tier shit and a fucking proprietary ibm standard for boomerware
Parker Bailey
Bahahahahaha nice. Where you at? Bangalore? How about puket
Dylan Gomez
It’s not much different than other IT fields in that the lesser retards coming out without any sysadmin experi nice under their belt will get relegated to “security roles” that are just AD admins with different titles. We will prosper
Nathan Moore
Yeah, if you get your feet wet you’ll run across it.
Jaxson Perez
I've worked with IBM IDM platform.. Fuck I can't even believe I'm forgetting what it's called ISIM? Used to be tivoly but it got obtained,,, interesting stuff but with shit like avatier coming out and being easier to scale support and implement ibm boomerware will start to get abandoned or at least not picked up by newer businesses that are looking for more up to date, affordable and agile solutions....
plus you can learn all the proprietary access management platform shit you like, but if you don't understand how LDAP is doing everything bneath the hood then you frankly are just another sys admin
im not saying you im just sharing my young and limited but I would say ahead of my peers perspective.
Joseph Adams
I spouted ACL as it’s a great beginning for anyone thinking about getting into the field. Having a networking background is required. Knowing where a deny statement belongs is necessary.
If you can’t hang on that part, how will you get security groups/zones and the litany of other access control that forms one of the pillars for info sec?!
Caleb Price
Based response. Not many peeps even get to that level.
LDAP is what makes the world spin. ADFS makes it connected.
Sebastian Ortiz
These jobs aren't on Monster.com, dummy. If you don't know where to look, you're not qualified.
Parker Allen
True true I didn't really mean to come at you infosec bro I'm just being an elitist douche like everyone else on here really I'm young and obviously have a lot to learn. Really fortunate to have rubbed elbows with some really smart guys, yes I do have a degree in computer and network security but it's from a nationally recognized university (by nsa and DHS) -- you are right in that
Evan Parker
For the newbs that care to learn... look up TOGAF.
Jeremiah Moore
in that most chumps coming out with info sec degrees are meme tier noobs but there are some diamonds in the shit like me who are humble, willing to put in the hours to learn and really just have an aptitude for computers --
Being in the industry and just any business environment in general has taught me that there are two distinct types of people in this world: You either REALLY REALLY get computers and can pretty much learn anything technical with not that much time, even getting the hang of a concept platform software within a day
Or you can't
ADFS/SAML is so fucking critical to business infrastructure now it's absurd especially with so many businesses either migrating to the cloud (though most already have) or just adopting any new product or solution is going to be cloud based anyway. My first job out of college was mostly access management related now it's just consulting on all fronts for security programs on the whole from networking to governance, risk/vuln management it's really cool I'm just really fucking lucky to be honest.
Nicholas Robinson
Ahh the ole nsa masters in info assurance... I know of this. It’s a great start for getting started. It’s basically a 30k course to get your CISSP. Don’t even think it will get you read for OSCP or GIAC.
Lucas Edwards
Not masters, B.S., I'm sitting for my SSCP in late jan. and then going for my cissp afterwards once I have the experience requirements under my belt (Less than a year left really). Like I said, it's semi-meme tier but getting it got me in the door for my first job's interview - even my team to be was really skeptical at first but my professional experience and knack for computers really came in and I proved myself to be more than capable
Colton Hughes
However, I can definitely see how people who have been in the industry for years are skeptical as fuck. Even CISSP is diluted by now, so many boomers I've worked with putting their CISM or CISSP on their email titles yet don't know the first thing about cryptography, SSL/TLS, OSI model, etc fucking anything man it's just crazy.... CISSP is diluted as fuck just another tool to get you in the door if you can't back it up by talking shop and knowing your shit you're just going to look like a fool and infosec professionals who do know their shit are very wise to degree/certification wielding imposters trying to hop on the infosec bubble/mania
Julian Thomas
also not information assurance - computer and network security - it was first and foremost a technical degree and I am thankful to have selected a valuable degree from a good school that actually taught me shit beyond conceptual bullshit like "ethics" and "the cia triad"
(the latter still coming in handy when doing security assessments at my current position.)
Christian Williams
You will do well. You already get the jist of spotting charlatans in the industry. That’s why the interviews are important, if you bs your way through you’re toast. If you understand you don’t know everything, you might just get further ahead.
Logan Allen
I've done a TAFE cert IV in it, I was interested in computer security and netsec and have general knowledge of it, I was going to do a uni course in cybersecurity but decided not to because I don't want to have any debt if possible.
Do I have any options?
I wouldn't mind doing some sort of internship/learn on the job while getting paid though if that is a thing.
Jackson Stewart
Debt sucks. Depends on what you can handle... Get a few carts that matter and some solid work years at entry level and your set. Entry level is support type work. The shit us boomers don’t want to do.
Look at ccna, AWS certs, and cissp still gets the basics out of the way. I also recommend SANS.
Hudson Lee
What should I do certwise after I get the Comptia Trifecta? This is assuming I will be working in helpdesk in the mean time.
Dylan Bailey
I was considering doing sans.
I think basic pentesting isn't that hard. Social engineering, basic lockpicking and having physical access is fairly easy I think. Everything elseis premade scripts and software.
Finding exploits manually is a bit more difficult I think.
Angel Bennett
Assuming an user is a complete noob to the IT field, what cert roadmap would you say is good? I was thinking of the following: A+ --> Net+ --> Sec+--> (Get job as helpdesk technician) --> RHCSA --> (Get job as junior sysadmin) --> RHCE --> (Get job as full fledged sysadmin) --> then what? Is my roadmap a good one?
Matthew Ortiz
For anyone who cares about making money in IT, pay attention to this. The big bucks are in architecture and anyone who can successfully apply an enterprise architecture framework like TOGAF will do well. For security architecture, SABSA is God-tier.
Anthony Stewart
Not OP but our reliance on computers and tech is only going to become more so in the coming years with talent harder and harder to come by due to being already at close to capacity. In short yes it will do your marines son ajd get them certs, Im jelly busted knee so cant enlist.
Aiden Hill
once i depart brainfog plus a will to live i may want to become a worker for the itsec sector of telecommunications
Anthony Jackson
looks like the real money is in selling retarded "certifications" to braindead indians so they can peddle this snake oil to normie businesses