Interested in Cybersecurity?

[wtburnette]

ISC2, a leading organization in Information Security certification programs, has an initiative to get new people into the field:

(ISC)² Opens Global Enrollment for One Million Certified in Cybersecurity

www.isc2.org

The above details how to sign up as a Candidate and get benefits such as training and taking their new Certified in Cybersecurity (CC) exam for free. Link to the cert page:

Certified in Cybersecurity Certification | (ISC)²

Certified in Cybersecurity from (ISC)² — the new entry-level certification from world’s leading cybersecurity professional organization known for the CISSP.

www.isc2.org

This is a great opportunity to get certified in a high paying and growing field. Even if you don't want to get into Cybersecurity itself, but are looking to get into another area of Information Security, this certification would provide great education and provide an introduction to an organization that has many more certifications focused on Information Security.

 

[Tactically Fat]

I'd love a good-paying career in this field!

Only I'd be starting at below ground zero...

And I can't afford a pay cut to get in on the basement. :-(

 

[wtburnette]

This is mostly for those who are starting out or aren't too far ahead in their current career. Starting salary in the Indy area that I've seen is anywhere from $40k/yr to $55k/yr for a starting InfoSec role. Add a degree in IT/InfoSec and any IT/InfoSec experience and that goes up. Luckily the pay should go up every 2 - 3 years if you're doing a good job. Salary bumps are normally in the 10 - 15% range. The salary can go quite high, easily into the 6 figures.

 

[rhamersley]

Any tips for a young (28 and 31 years old) man on getting a job in cybersecurity? I have two boys, one already has some sort of IT/CS degree (have no clue myself...I'm a ME) and one is going to WGU to get another bachelors for that (first is digital marketing or some such) and will be taking some number of certifications for different IT stuff. They both work for a school system right now as IT people. Just curious as the youngest is looking to change jobs since he got his degree last spring. Thanks in advance for any guidance I can pass on to the younguns.

 

[wtburnette]

There are plenty of resources for looking at different job openings through LinkedIn and other online sites like Glassdoor. Glassdoor is great since you can see ratings that people give the employers. I know for my team, we require experience over anything else, as an indicator that you can handle tasks and be professional. There are some entry level positions for Information Security that will accept education and certifications as their criteria. Might also look at companies who might provide intern opportunities. Having direct work experience in IT will be helpful, at least for entry level positions. Keep an eye on large companies. Anthem (or whatever they call themselves now), IU Health, Sally Mae, etc. Between them and sites mentioned above, they should be able to find open positions and start sending resumes.

I would definitely encourage them to look at this program and get certified. ISC2 is THE certification body for Information Security, so getting certified for free certainly won't hurt.

 

[WebSnyper]

Any tips for a young (28 and 31 years old) man on getting a job in cybersecurity? I have two boys, one already has some sort of IT/CS degree (have no clue myself...I'm a ME) and one is going to WGU to get another bachelors for that (first is digital marketing or some such) and will be taking some number of certifications for different IT stuff. They both work for a school system right now as IT people. Just curious as the youngest is looking to change jobs since he got his degree last spring. Thanks in advance for any guidance I can pass on to the younguns.

I'd also check and see if their current employer or perspective employers that they may start with pay for certifications or at least have access to training programs (whether it be the less intensive individual certs such as Microsoft/AWS or something more comprehensive like industry or CSSP, etc)
There are sometimes programs for students as well for discounts or free certs.

Taking advantage of those and getting some fundamentals certs will help boost the resume a bit. Don't need to go crazy with them.

Student discounts

Student discounts

learn.microsoft.com

AWS Educate – Credits, Training, Content, and Collaboration for Students & Educators | Amazon Web Services

Update May 17, 2022 – AWS Educate has expanded access to free, on-demand cloud education for learners around the world as young as 13 years old. For all of the latest details, please see the announcement blog post here. We want to do our part to help educational institutions all over the world...

aws.amazon.com

 

[indyblue]

I'm surprised starting pay is that low. InfoSec is difficult and complex to get right. It can also be a PITA. At my last job it seemed like we sysadmins knew more about it than they did. Kept running scans and asking us to fix things that weren't there or n/a.

And everything to study is behind paywalls (study materials/practice test). I know some free stuff can be found but is typically lower quality that leaves holes in concepts.

Our software repos were protected by Thales systems. We had it setup with a triad of key cards.

 

[wtburnette]

I'm surprised starting pay is that low. InfoSec is difficult and complex to get right. It can also be a PITA. At my last job it seemed like we sysadmins knew more about it than they did. Kept running scans and asking us to fix things that weren't there or n/a.

And everything to study is behind paywalls (study materials/practice test). I know some free stuff can be found but is typically lower quality that leaves holes in concepts.

Our software repos were protected by Thales systems. We had it setup with a triad of key cards.

Our entry level Analyst position pays between $43k and $75k, so there's plenty of room to start out depending on experience, education and certifications. It only goes up from there. I talked to a buddy who is on a team of people and at the high end, they're making over $200k/yr for a similar role. I think the field pays great if you can be making 6 figures with hard work and dedication to your career.

 

[indyblue]

I might look into it. But I know the job can be a PITA as well. pushback from admins and mgmt. due to time/cost to implement.

I spent alot of hours running nmap and ssl scans proving our versions of ssh were patched and secure. Many of our RedHat (centos) systems had out of date versions and I had to compile the current ones to distribute.

UUgh, makes my head hurt.

 

[wtburnette]

I might look into it. But I know the job can be a PITA as well. pushback from admins and mgmt. due to time/cost to implement.

I spent alot of hours running nmap and ssl scans proving our versions of ssh were patched and secure. Many of our RedHat (centos) systems had out of date versions and I had to compile the current ones to distribute.

UUgh, makes my head hurt.

In any IT related field you deal with pushback. It's part of the job. I just don't let it get to me.

I started at Anthem (back when it was still WellPoint) back in 2012. I'd already worked almost 20 years in IT, but mostly support so my salary stank. I started on the Vulnerability Management team. Anthem wasn't too bad when I started, but got worse and worse. Too many meetings, too many PowerPoints decks needed for upper management, etc. They wanted everyone working 50+ hours a week, would drop last minute stuff on people all the time and wouldn't give good feedback on how to get to the next level. Other teams were different, but this is what I went through. I worked the VM team and then vendor risk, there for almost 5 years.

Then I took a chance at an opportunity at IU Health. Much different work environment due to my manager, she's great. I do my job and don't have to make PowerPoint decks for execs, have only a minimum amount of meetings, work from home, have a flexible schedule and decent pay. Yeah, from time to time you get things that suck, but that's why it's called work. All in all I love my job and my field.

InfoSec has lots of different areas. Risk Management, Vulnerability Management, Vendor Risk, Cyber Security, Forensics, Identity & Access Management and more. Some roles are operations based, meaning a set schedule and likely on call needs, and some roles aren't operational. After almost 20 years in the operations side of things in IT, I'm quite happy not doing that dance any longer.

Like any field, it's what you make of it and has a lot to do with the employer and management.

 

[HoughMade]

My son is an engineer in the IT field. At last count, he has 19 certifications, some of which are in cyber security. Anyone looking into the field, it's a good one. His hours can be be wonky because one of the things he does in run disaster recover drills and simulations which have to take place when the client is not operating, so the wee hours of the morning and weekends at times.

He loves it. He makes more than our starting attorneys, even the 1 year experience ones,, but without the extra 3 years of expensive school. He needed about three years of experience after college to get to that point, but that's 3 years of getting paid instead of paying.

 

[wtburnette]

I don't get paid as much as I could in this field, but make decent money and I love what I do. I get up every morning ready to get to work and do what I need to do, without dreading it. That says a lot, to me.

 

[HoughMade]

Sometimes I message my son a picture of the Post-it note stuck to my work monitor with my password on it just to mess with him.

 

[Expat]

I think I would have enjoyed getting into a field like that in my younger days. I used to be a bit of a computer hobbyist ( polite term used back then).

 

[Usmccookie]

My best friend just left the army as an officer, 1lt I believe after an enlistment in the corps and the army.

He has a degree in Geospatial engineering and I believe he has a t.s. clearance, even just finished a cert program with Deloitte.

Would this be a good fit? He is located in Arkansas. His wife is putting her MBA to work with W***mart. So they are kinda stuck there.

 

[wtburnette]

My best friend just left the army as an officer, 1lt I believe after an enlistment in the corps and the army.

He has a degree in Geospatial engineering and I believe he has a t.s. clearance, even just finished a cert program with Deloitte.

Would this be a good fit? He is located in Arkansas. His wife is putting her MBA to work with W***mart. So they are kinda stuck there.

No clearance needed and it sounds like he definitely can think in a technical manner. My suggestion would be to have him check out that link and see if he can take part in the free training and get the certification. If he finds it interesting, I would bet his education and experience, coupled with a cert would help get his foot in the door somewhere. ISC2 has plenty of other certifications, so he could get more if he's really interested in breaking into the field.

One great thing is a lot of positions in this field are remote. Due to that, he could live anywhere. Heck, have his wife look into it as well. If they both got into the field with remote positions they could be digital nomads and live wherever they want. I wish I was younger to take more advantage of this than I do.

 

[WebSnyper]

My best friend just left the army as an officer, 1lt I believe after an enlistment in the corps and the army.

He has a degree in Geospatial engineering and I believe he has a t.s. clearance, even just finished a cert program with Deloitte.

Would this be a good fit? He is located in Arkansas. His wife is putting her MBA to work with W***mart. So they are kinda stuck there.

The big cloud providers (MS, AWS, Google) and other areas are usually looking for clearanced folks to farm them back out to DoD. Lots of govt contracts in this space that do want clearance.

Lots of programs to help veterans as well.

I'd definitely tell him to get a few certs and start applying.

Search Jobs | Microsoft Careers

careers.microsoft.com

AWS Cleared Jobs

Make a difference where it matters most. There are many layers of digital security, and at AWS, we partner with customers at the highest levels. Our Amazon Dedicated Cloud team develops and deploys tools on air-gapped networks that enable a secure, full-cloud environment at multiple...

www.amazon.jobs

 

[wtburnette]

It's hard to recommend how to break into the field as every organization has different requirements. Some will hire with no experience and just education/certs and some won't hire without some experience. I know we would vastly prefer to hire people with experience, but vendor risk is pretty niche, so we don't always have that option.

 

[wtburnette]

The big cloud providers (MS, AWS, Google) and other areas are usually looking for clearanced folks to farm them back out to DoD.

I'd definitely tell him to start applying.

Another great option.

For that matter, ISC2 has a CCSP cloud cert that would be a good one I think. Plus of course MS, AWS and Google have certs for their specific platforms. The nice thing about the ISC2 cert is that it's platform agnostic from my understanding.