Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Becoming an IT Security consultant

  • 27-03-2014 11:03am
    #1
    Registered Users, Registered Users 2 Posts: 2,191 ✭✭✭


    Hi guys,

    I have been working in IT for around 13 years now predominately in
    IBM mainframe systems. I am hoping to move away from this over the next
    2-3 years into IT security.

    Does anyone here work as an IT security consultant and if so what is the best way to get your foot in the door.
    I know CISSP, CISA etc are commonly asked for, though I don't know how to achieve these without some experience
    in the IT security field. Are there any other recommended certifications or courses that might help me land a junior security role?.

    Cheers.


Comments

  • Registered Users, Registered Users 2 Posts: 4,331 ✭✭✭Keyzer


    Does the company you work for have an information security division?
    Are there any projects you could work on with a security aspect involved?


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Feelgood wrote: »
    Hi guys,

    I have been working in IT for around 13 years now predominately in
    IBM mainframe systems. I am hoping to move away from this over the next
    2-3 years into IT security.

    Does anyone here work as an IT security consultant and if so what is the best way to get your foot in the door.
    I know CISSP, CISA etc are commonly asked for, though I don't know how to achieve these without some experience
    in the IT security field. Are there any other recommended certifications or courses that might help me land a junior security role?.

    Cheers.

    You won't actually, let me rephrase that, you shouldn't get a CISSP without 5 years of IT Security experience. 2-3 years in a security related role is usually enough to get your foot in the door, but the CISSPs credibility has been diluted a bit by so many people who have it who don't know their arse from their elbow and who got the certification by spending $$$ or having their employer spend $$$.

    Is there a specific area of Security you want to work in? Its a very large area.

    As another poster asked are there any security related projects you can work on. Remember stuff like patch management falls under the umbrella of security, and change management and control falls under the umbrella of compliance. You probably have a few years experience in some security-oriented areas already.

    If I was you, I would:

    pick your area of expertise and involve yourself in it
    identify other areas where you are knowledgeable
    Identify potential employers
    ????
    Profit.


  • Registered Users, Registered Users 2 Posts: 69 ✭✭robbok


    I work in IT Security , virtually all ads for IT security roles will look for a CISSP, ( the value of it is debatable but thats not the issue here, I am simply stating what is asked for in virtually every ad) it is quite a broad based and difficult exam but with your background in IT you should find it OK.
    There is a lot of stuff in it to learn though and there are no shortcuts.
    Actually gaining the qualification is the first part , you would then need to prove you have 5 years of full time work experience in two of the 10 domains, you might already have this from your experience with mainframes and you would need a CISSP known to you to attest to this.
    If you haven't got the experience then the SSCP (also from ISC2) is an entry level qualification from ISC2 , I don't know anything about that but it seems like a good introduction
    If you go on the infosec forums there is endless debates on the value or otherwise of certifications, some are more technical than others and the value of them will depend on which area of IT Sec you want to specialize in , e.g pen testing or application security.
    There is such an alphabet soup of certifications that in all honesty I don't think most employers or HR departments can really keep up. Find an area that interests you and research the courses etc for that, I wouldn't rush to pay for many courses either, there is a huge amount of educational material available for free on the web , e.g check out OWASP
    Good luck in your future endeavours


Advertisement