How to get into the IT/ Cyber Security Industry and what certifications I need

Anything to do with the traditional world of get a degree, get a job as well as its alternatives
Post Reply
TheRedHare
Posts: 202
Joined: Tue Dec 20, 2016 4:40 pm
Location: Atlanta, GA

How to get into the IT/ Cyber Security Industry and what certifications I need

Post by TheRedHare »

Hi,

I'm a young, recent college grad and have manged to pick up a small IT job at my college. Because it's a state school, they need to abide by the state's new information security polices, and so they have hired a few new people in order to bolster their labor force in order to meet all the regulations needed. That being said, I'm trying to find a way that will enable me to become a bigger asset to the school so that I can secure my position, and so that I can start gaining more experience in cyber security/IT.

Unfortunately, I graduated with a stupid BS in Business degree which is totally useless. At this point I'm trying to sell myself as a guy who is good with computers and good at managing people :roll: Anyway, aside from not have a CS degree, which I wish I had, I need to figure a way to better market myself and gain the skills needed for the cyber industry. Does anyone have any suggestions as to what certs would be desirable? Thanks!

davebobk47
Posts: 14
Joined: Tue Dec 13, 2016 10:41 am
Location: Colorado
Contact:

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by davebobk47 »

I certainly would not consider a business degree worthless. A lot of government cyber security work involves mountains of paperwork to go with some of the more interesting stuff. When I was in this world there was a certificate for a "certified ethical hacker". I would start there and see if you could pick up a few other basic security certificates. Most can be done via self study at home then take the test. With those certs and a business degree you could possibly get picked up by a government contractor however they typically look for someone with a current clearance.

Scott 2
Posts: 2824
Joined: Sun Feb 12, 2012 10:34 pm

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by Scott 2 »

The purpose of a certificate is to pass the screening interview. Everything else is BS sold by the continuing education providers, to pad their pockets. Until you are looking to jump ship, and can't find a decent opportunity, I wouldn't bother.

Since you already have the job, I'd suggest having that very conversation with your boss, or even better, their boss.

"I'm really excited to be here. I know I have a lot to learn. What do you suggest I focus on to add value to the organization? Can I ask you for help understanding when I have questions..."

Provided you follow through and keep that chain of communication open, everything else will happen. The demand for enthusiastic cyber security workers is huge and exploding.

Don't act like you know it all or are the expert. Even once you eventually do know a lot, it's advantageous to present as the humble student.

With that said, I did not find the work enjoyable. Very little time with the interesting security problems. Mostly audits, policies, training, and meetings. And you are annoying everyone that has to work with you, because security is a pain in the ass.

TheRedHare
Posts: 202
Joined: Tue Dec 20, 2016 4:40 pm
Location: Atlanta, GA

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by TheRedHare »

With that said, I did not find the work enjoyable. Very little time with the interesting security problems. Mostly audits, policies, training, and meetings. And you are annoying everyone that has to work with you, because security is a pain in the ass.
So what did you decide to go off to instead? I'm just curious.

My cousin is database engineer for a health care company, and he just recently started his own company and has gotten contracted. He invited me on board, but I had to turn him down because I wasn't quite sure what to expect as far as the stability of his startup. Anyway, database management kinda looks boring to me. The security thing looks and sounds interesting, but I have my doubts. However, I guess you could say that about any job really.
That's why we retire early I guess :D

Scott 2
Posts: 2824
Joined: Sun Feb 12, 2012 10:34 pm

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by Scott 2 »

At the time I started doing the work, the company was quite small, around fifteen people. It was one of many hats.

We've more than tripled in size, so we hired someone full time for the security work.

I just keep wearing my other hats - pm, ba, QA, release management, support, etc. Eventually I'll be PM/BA only. That's the work I enjoy most. BA is actually my favorite, but wrapping it with PM pays much better.

davebobk47
Posts: 14
Joined: Tue Dec 13, 2016 10:41 am
Location: Colorado
Contact:

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by davebobk47 »

I would certainly second what Scott said about the work being boring. I moved into the BA/PM world as well and it is much better. (Also went from govt sector to corporate)

I did computer engineering first, then MBA. Sounds like you started with the business degree and want to go technical which is definitely doable. Going technical doesn't necessarily require a degree, just pursue that route via job experience.

TheRedHare
Posts: 202
Joined: Tue Dec 20, 2016 4:40 pm
Location: Atlanta, GA

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by TheRedHare »

I just keep wearing my other hats - pm, ba, QA, release management, support, etc
I moved into the BA/PM world as well and it is much better.
Sorry kinda out of the lingo, but what is BA/PM, and what makes it better? So from yall's experience Cyber is mostly just paper work. Funny how tv shows make cyber sound like the coolest job ever.

ether
Posts: 263
Joined: Sat Nov 17, 2012 1:50 am
Location: Jacksonville, FL
Contact:

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by ether »

Welcome to the industry!

You're a state employee & it sounds like your college has neglected security for a while, so congrats you're on the ground floor of building a department.

Start off easy in cyber. Social engineering. The most famous book is The Art of Deception By Mitnick. Pretty much he recked havoc in financial and telecommunication systems with just his ability to get people to hand over info. Maybe after reading the book you can help the department start up an education program for professors on how to avoid fraudsters.

The second most common threat you will face is email phishing. That's where people send unsolicited emails to students and passwords pretending to be the universities IT department. They then say something like "reset your password in 24 hours or you're getting banned" and then direct them to a website that looks identical to your password reset page, but they own it and steal their password. I literally handled like 15 cases a week of people falling for these scams and they are impossible to stop unless you teach people how to spot them.

This part of cyber requires VERY little technical knowledge, but is the most common issue in the industry.

TheRedHare
Posts: 202
Joined: Tue Dec 20, 2016 4:40 pm
Location: Atlanta, GA

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by TheRedHare »

@ether
Thanks for the tips! The title "social engineering" always makes me cringe. I usually think of socially inept people gathered in some room discussing ways to "socialize" with people haha. But yeah I do realize it's importance, and I'll be sure to look into the book you mentioned.
Start off easy in cyber
I appreciate you laying out a good starting place as this industry is very daunting, and I get lost in the endless amounts of information. If it's not too much to ask, do you think you could give a brief list of different aspects of information security to learn? Also a list of the different jobs you can do in IT related work maybe?

Thanks again ether!

Scott 2
Posts: 2824
Joined: Sun Feb 12, 2012 10:34 pm

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by Scott 2 »

PM - project management
BA - business analysis

Basically it's figuring out what needs to get done (BA), then making sure it happens (PM). For the person who can cross both business and technical knowledge, it's well paid.

There's also a decent career path, ranging from simple projects to portfolios of projects to full products to portfolios of products. The more complex you go, the more you are using soft skills and relying on the expertise of others.

High 5 figure pay is very doable running relatively simple projects.

TheRedHare
Posts: 202
Joined: Tue Dec 20, 2016 4:40 pm
Location: Atlanta, GA

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by TheRedHare »

PM - project management
BA - business analysis

Basically it's figuring out what needs to get done (BA), then making sure it happens (PM). For the person who can cross both business and technical knowledge, it's well paid.

There's also a decent career path, ranging from simple projects to portfolios of projects to full products to portfolios of products. The more complex you go, the more you are using soft skills and relying on the expertise of others.

High 5 figure pay is very doable running relatively simple projects.
So I started my job today, and I'll mostly be working on getting up to date on it's polices which isn't that exciting, but I get to really understand how everything works on an administrative point of view. The other interesting thin that I'll be working on is helping out on a PCI DSS project. What are your thoughts on PCI verification among business or schools? I think that could be something really marketable for me once looking for other jobs.

George the original one
Posts: 5404
Joined: Wed Jul 28, 2010 3:28 am
Location: Wettest corner of Orygun

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by George the original one »

PCI certification is a must-do for anyone taking card payments "in a big way". The small firms will outsource it, but the big ones need someone on the inside and often also need to hire independent PCI auditors.

It's all kind of boring, but if you have a business-bent, also highly lucrative.

Google the City of Portland's experiences with PCI. Basically they went from one tier to the next higher one due to volume of payments.

TheRedHare
Posts: 202
Joined: Tue Dec 20, 2016 4:40 pm
Location: Atlanta, GA

Re: How to get into the IT/ Cyber Security Industry and what certifications I need

Post by TheRedHare »

The small firms will outsource it, but the big ones need someone on the inside and often also need to hire independent PCI auditors.
Hmmm, I wondering if I could possibly work my way into becoming the college's inside PCI expert. But then again, I'm not quite sure I want to corner myself in just yet. This seems to suit me a bit better than say being a coder because I don't have any coder experience, but I'm learning on the side.
Google the City of Portland's experiences with PCI. Basically they went from one tier to the next higher one due to volume of payments.
I tried looking up some stuff about this, but couldn't really find much of anything. However, I did notice how advance Portland was with they technology.


Post Reply