I need Career recommendations for SecurityCareer Goals

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Cyber Security Career Goals I need Career recommendations for Security

This topic contains 8 replies, has 6 voices, and was last updated by  blgoh1 4 years, 3 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
  • #50345


    Hi guys,

    I started my career in IT for about 6 years now. Begun with jobs as IT Technician & Administrator, took some Cisco networking certifications, then moved on software development (last 3+ years) and now I’m doing a Masters degree on “Advanced Software Development with Security”. But all the time I was having security in mind because I really like & enjoy it. The point is that I don’t have any professional experience in security (like Security Engineer, Ethical Hacker, Digital Forensics etc).

    So the questions are:
    1 – What is the best way for me to join in the professional tracks of security and how? Taking certifications (CEH, CISSP, CHFI etc)? Considering that most certifications require to have professional experience to be eligible for it & cost quite much for my standards, is there any alternative?
    2 – What is the best specific field of security (pentesting, malware analysis, forensics, risk management & planning etc.) for me to focus on it. (Considering my experience, market trends and expected/needs now and in few years)?

    Thank you very much in advance



    @jareck sounds like you’re in a similar situation as @djax120 so I’ll give you pretty much the same advice I gave him. You clearly have all the necessary requirements to get into a CS position and believe it or not you DO have the necessary experience to get certs that require it. You’re probably running into a problem where your resume is worded in a way that would appeal to software development or networking. Here is your first real world hacking assignment using social engineering. Remake your resume with a larger focus on security. When you were writing code did you make input validation precautions? That’s security experience (enough to qualify you as having some experience at least). Did you take steps to prevent buffer overflow? When you were working Networks did you ever implement port security? or work with ACL’s? This is security experience also. NOW ask yourself whether or not your resume reflects any of that. The CISSP also counts physical security; have you worked in an office if RFID badges? or even just door locks? Mantraps? These are all physical security measures and if you’re familiar with them then you have experience with them. Just because you don’t have the word “Security” in your job title doesn’t mean you don’t have experience in security.

    After making the necessary tweaks to your resume, now you need exposure. Join the ISSA and attend some local ISSA meetings, get to know some local people in the CS field and ask questions. Don’t just keep to yourself because you need the exposure. Introduce yourself and ask some technical questions and relate them to your experience thus far. I also suggest looking on meetup.com to see if there are any CS related groups in your area, join these, attend and get involved. Lastly you probably have a local DefCon chapter (search facebook for Defcon### where the numbers are your area code) these groups are often loaded with local CS types.

    For your second question, for you I’d highly suggest malware analysis and reverse engineering, this is the career path that has probably the highest technical need and pays the best. Another route would be security application development, this one is a bit of a niche market though. Certification wise if you want to go the Malware analyst route you’re looking at a C|EH (or equivalent GPEN etc.), the CHFI wouldn’t be a bad choice and the GREM. CISSP is for more of a management type role so if you want to stay behind a keyboard that may not be the route you want to go. Hope this helps and feel free to message me if you need any more advice.




    IT security speacialist



    @harnoor , Bubble gum… Oh sorry I thought we were just posting some random words with no context.



    Thank you very much for your comments guys, I really appreciate it.
    @abrasevo and @812teck










Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?