Any IT Security professionals out there?

[Pegun]

Grad Student in Networking and Systems Administration, heavy focus on security with focus on business security as well.

 

[invidia]

3. My MVPs: PenTester; Network Security Architect; Database Security Guy; LDAP guy. You will never ever find someone who does one of those things who is unemployed. They are near IMPOSSIBLE to find. Usually have to pay an obscene amount to get them from other companies.

Beef

I noticed that you listed in some specializations in IT security. It seems like infosec/IT security is a generalized industry, like medicine and many others. There are general practitioners but it's the ones who specialized in certain areas that get the big bucks and are always in higher demand than the general. But how does those industries compare to IT security?

I've been trying to get a list of IT security areas. For this industry, is it better to be a master of 1-2 trades or jack of all trades, master of none?

 

[beef5stew]

Everyone that I've encountered in this industry has a substantial depth of knowledge in several areas of Information Security. You have to have played in all the areas in order to really have a good foundation to build a world-class security shop. The guys who do specialties have first gained the generalized security know-how, then chose a specific portion to really dive into.

Keep in mind, the guys making the big bucks have a passion for the technology and how it can be used. They are the ones that go home and try out new hacks in their "home lab" for fun. They are learning 20hrs a day. They are un-real.

The specialties I mention are the ones that we constantly are looking for. Good areas to be in and pretty recession proof.

Beef

 

[MarkXIX]

Currently employed by the US Army as an INFOSEC professional. Have my CISSP, CCNA, Security+ certs completed.

I specifically manage a team of 7 people who collectively run a number of high security networks of a variety of classifications.

I agree with the post above, I literally consume knowledge in my field for well over 10-12 hours per day.

If you're interested in DoD level security guidelines, study up on the DISA Security Technical Implementation Guides (STIG). I live and die by these in my line of work, and simply put, if you follow the guidelines, you generally can't go wrong.

http://iase.disa.mil/stigs/stig/index.html

 

[Oakenfold]

Just thought I'd give you guys an update. In November I finally obtained my Certified Internal Auditor designation. I can't bask in the glory long, I'm registering to go for the CISA in June.

I've started reaching out to the InfoSec professionals that I know, trying to map out a career transition to Information Security and had the conversation with the boss. She's totally onboard and have her full support. Now I just really need to figure out do I want to go with the Information Security Officer route or the Infosec Assurance Engineer / Analyst route.

I enjoy the technical aspects of running the tools but my degree in business administration suggests a better fit with the Enterprise Risk Information Security aspect. I'll probably hold off making a decision until I pass the CISA and understand more about the different specializations within the field. In February I'll have 5 years of Internal Audit experience using a risk based system integration approach.

p.s.
Hello to all the InfoSec pro's that have posted in the thread over the last year!

 

[beef5stew]

If you are looking to move into the InfoSec arena, I suggest you talk with Jeff Combs: http://www.combssearch.com/ he's the top headhunter in the Infosec world. He knows everyone in the industry (I'm really not kidding), and everyone knows him. He can give you the lowdown on where the trends are moving and how to best place yourself for a position.

-Beef

 

[Oakenfold]

If you are looking to move into the InfoSec arena, I suggest you talk with Jeff Combs: http://www.combssearch.com/ he's the top headhunter in the Infosec world. He knows everyone in the industry (I'm really not kidding), and everyone knows him. He can give you the lowdown on where the trends are moving and how to best place yourself for a position.

-Beef

Thanks beef!
I shot jeff an email!
Oak

 

[sourceninja]

I manage antivirus servers, check point firewalls, and intrusion detection systems. Does that count?

 

[invidia]

What type of advice would you give a .NET web developer trying to shift to IT security? I've been spending more and more of my free time reading up on the field and completely obsess modifying and playing with my home network.

 

[vital]

Just thought I'd give you guys an update. In November I finally obtained my Certified Internal Auditor designation. I can't bask in the glory long, I'm registering to go for the CISA in June.

I've started reaching out to the InfoSec professionals that I know, trying to map out a career transition to Information Security and had the conversation with the boss. She's totally onboard and have her full support. Now I just really need to figure out do I want to go with the Information Security Officer route or the Infosec Assurance Engineer / Analyst route.

I enjoy the technical aspects of running the tools but my degree in business administration suggests a better fit with the Enterprise Risk Information Security aspect. I'll probably hold off making a decision until I pass the CISA and understand more about the different specializations within the field. In February I'll have 5 years of Internal Audit experience using a risk based system integration approach.

p.s.
Hello to all the InfoSec pro's that have posted in the thread over the last year!

We seem to have similar backgrounds.

<--- IT Auditor, CISA and just got my CISSP pass email today!

 

[MarkXIX]

Isn't waiting for that CISSP e-mail the worst? I was almost certain I failed when I walked out. Worst exam ever in my opinion.

 

[vital]

Isn't waiting for that CISSP e-mail the worst? I was almost certain I failed when I walked out. Worst exam ever in my opinion.

Indeed. I was really upset even during the exam. The fact that they had 25 research questions about things you might have never touched on really threw me off. Just glad I passed and it's all over with.

 

[rasczak]

Those of you in the InfoSec arena. Do you find it satisfying? Can you give a glimpse as to what your daily duties are? I've been trying to find a path to walk in the IT field, am almost certain I want to go into network engineering but want to strengthen my security. I don't really get in depth with security here except making sure audits are done and we follow the STIGs. I'd really like to know/see what you guys on the InfoSec lines are doing to see if that's what i may want to go towards.

 

[MarkXIX]

I find it rewarding, however, I am an InfoSec professional for the US Army, an organization I've grown up with and worked with almost every single day of my life.

Knowing that I contribute to the security and effectiveness of our military is a rewarding experience.

 

[Oakenfold]

We seem to have similar backgrounds.

<--- IT Auditor, CISA and just got my CISSP pass email today!

Awesome! Another auditor on the AT forums!
Management must be cringing in fear!

J/K.....a pun at the reputation of auditors as seen by management, we're not really "gotcha auditors" of days gone by. The IIA and ISACA have seen to it to implement a code of ethics and standards that when properly followed by auditors truly creates tremendous value from assurance and consulting services provided by audit professionals around the globe.

Shot you a PM Vital.
Oak

 

[Zugzwang152]

I can't believe this thread still lives. Congrats to all who've passed their cert exams recently.

 

[Reel]

Hey guys. I was browsing the forum and saw I had posted in this thread. That was way back in 2007. Wow.

I imagine there are a lot of people with security interest that look here. My program in my company (fortune 500 company) is hiring a bunch of operational information security jobs at a variety of experience levels with a variety of responsibilities. We run the network for a major government agency. Some minimum expectations are networking knowledge (TCP/IP), an interest in security, and a bachelor's degree or significant experience. It is a big company with plenty of opportunities for lateral movement as well.

Send me a private message if you want more details and I can tell you more or link you to the job descriptions.

 

[Firetower]

Studying for the CISSP-
Work is paying for the 7 Day bootcamp.
They want me to take it in the next couple of months!

Any tips!

 

[Shaotai]

Get the AIO book by Shon Harris. I think the 5th edition just came out.
Join the cccure forums and hit those practice questions everyday.

 

[MarkXIX]

I second CCCure website. I used that as a last minute cram tool the night before.

 

[Firetower]

Thanks for the tips guys. I just ordered the AIO SH book 5th ed.

I also joined cccuure.org- this is a great resource.

Thanks again.

 

[Zugzwang152]

Thanks for the tips guys. I just ordered the AIO SH book 5th ed.

I also joined cccuure.org- this is a great resource.

Thanks again.

Good book. I won't pretend I read every word, but the 4th edition did get me a pass on the exam in 2008.

 

[TXHokie]

Read AIO twice and practice the included test and also cccure.org 100 questions medium until you can consistently get 90&#37; and you're ready to go - at least that's what worked for me.

 

[beyonddc]

Planning to take CISSP exam sometime late this year or early next year.

I hold a BS in Comp. Sci and currently pursing MS in Information Assurance.

 

[MarkXIX]

Planning to take CISSP exam sometime late this year or early next year.

I hold a BS in Comp. Sci and currently pursing MS in Information Assurance.

There are currently jobs available within the United States Army as a civilian (GS pay grade) that can hire you straight off the street with the credentials that you're working on.

Starting pay grade will typically be GS-11 or higher. I can't stress enough that these jobs are non-competitively hired.