SOCNET

Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #201  
Old 3 February 2020, 10:20
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: Texas
Posts: 8,384
dusts off the thread

One concerning trending issue in cybersecurity is that everyone and their brother has been dashing towards the field. While this can be disconcerting, it should also be viewed as an opportunity for anyone looking to get into it while it's hot. That opportunity exists in have a solid, quality understanding of technologies and security concepts to protect and defend. I'm seeing a lot of folks pushing into the field with only a modicum of knowledge to back it up. Colleges and universities are cashing in on cyber-related degree programs, but it's churning out subpar candidates, in my opinion. Technical certifications remain a solid means to prove some level of technical competency (depending on the governing body).

I know I've said it in this thread before, but take the time to learn the basics and then build on that.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #202  
Old 3 February 2020, 15:14
BOFH's Avatar
BOFH BOFH is offline
I aim to misbehave
 
Join Date: Jul 2004
Location: \\Gibson\garbage
Posts: 4,347
Quote:
Originally Posted by CV View Post
Colleges and universities are cashing in on cyber-related degree programs, but it's churning out subpar candidates, in my opinion. Technical certifications remain a solid means to prove some level of technical competency (depending on the governing body).
That has been the bane of my existence since the first time I had to hire. HR only wants to forward candidates with applicable degrees, and they have, almost without exception, been nigh worthless. External recruiters seem a lot better at finding candidates with applicable certifications and/or the right experience.

The problem with certs is the cost...for someone trying to break into the field, the right certs are prohibitively expensive (except for OSCP). That said, if someone is a good self-directed learner, a solid base of technical skills can be gained from self-study, and a solid entry-level check in the box cert (security+) can get a foot in the door...after that, employers will usually pay for certs...most often, I've seen employers willing to pay for a certification course and test yearly.

So...my advice, to play off of CV's post, is to learn everything you can. Opensecuritytraining.info has amazing training for free. Chris Sanders has some very good training courses at reasonable prices, though there is no associated cert. Do whatever you can to gain knowledge...then pony up the cash for security+ as a "foot in the door," with HR. Spend a year or three working in the SOC and gathering up certs, and then you're pretty much golden...as long as you have the skills to back up the certs. That is, again, where self study can be huge.

Look for Defcon local groups in your area, infosec mentoring groups, etc.

Additionally, if you want to move beyond the low level soc analyst positions, you need to be able to communicate well, both written and verbal. Find a Toastmasters group. Enroll in a technical narrative writing course. Chris Sanders has a great infosec writing course (I think it's called "excellence in infosec writing") for right at $100. I'm sure there are other good resources...those are just the ones I'm familiar with.
__________________
"...for those who man the battle line, the bugle whispers low, and freedom has a taste and price the protected never know..."


While true:
Continue
Reply With Quote
  #203  
Old 8 February 2020, 12:33
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: Texas
Posts: 8,384
Also, if you're already in tech as a IT development, engineering, or otherwise, I would strike while the iron is hot and dip your toe (or your entire foot) into some security certs. I have enough leeway to push solid candidates into DevOps/DevSecOps engineering roles starting at $140k+ as we speak.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 15:46.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.
Socnet.com All Rights Reserved
SOCNET 1996-2018