Careers & People

6/16/2017
12:57 PM
100%
0%

Lack of Experience Biggest Obstacle for InfoSec Career

A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.

Relevant job experience is the biggest barrier when it comes to landing a career in information security, according to new data.

A recent Twitter survey by Tripwire also found that the lack of certification or appropriate training (20%) and "low salaries" (11%) were other issues keeping people from security jobs. The data was drawn from a poll of some 659 of Tripwire's Twitter followers.

Certifications can mean higher pay, according to a recent study by ISC2 that showed professionals with infosec certifications often earned more money in the field.

Tripwire's Twitter followers weighed in with their own complaints. User Eric Breen lamented that he has more than 10 years of IT support and administrator experience yet is having difficulty with employment because he "didn't sell me soul to a university." And another user, InfoSec Mutt, says "Employers won't give an #infosec pro the time of day because they lack a Bachelors degree. Also insane requirements for entry level jobs."

Read more about Tripwire's Twitter poll here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WilliamJ320
50%
50%
WilliamJ320,
User Rank: Apprentice
6/21/2017 | 2:28:04 PM
Re: College, schmollege
Yes, a college degree shouldn't stop you from getting a job and moving up, but you will hit a point in larger companies where you can only go so high. I've been in the computer industry since '89. I choose to pursue Novell certifications over college. I've done well, but I can't move into a CIO position without getting my degree, which I'm pursuing right now.
ThomasM371
50%
50%
ThomasM371,
User Rank: Apprentice
6/20/2017 | 8:44:01 AM
Poppycock! Mostly a grab by isc2 to sell more certs!
I started my info sec career in 1995, without a degree and without any certifications. Today I am a principal researcher, and have never found that college has prevented me from obtaining any job that I need. unfortunately, the road to a security career does require some sacrifices, A lot of hard work and studying, and eight fundamental understanding of network infrastructure. for anyone starting out in info security, I recommend Comer's quintessential text on the subject. I also recommend TCP/IP illustrated. finally get yourself a lab and start learning. using Web goat or a similar vulnerable Web server is a very good way to start your career. finally your initial job may suck. I started out managing firewalls for Kellogg. don't be afraid of short-term contract work, or jobs that you may think or beneath you. you may well end up helping the police find creepy people otherwise known as forensics, or something it is boring as a simple audit. don't forget there's a job with a part-time security component to it is an excellent way to begin your career. finally if you can program you're even more useful because then you can do things that a lot of folks can't. Very few security people know how to program unless they are pen tester's. I do recommend pursuing to see a CISSP, however if you'd like a broad overview of what security is about and which aspects you would like to pursue. if you would like to hack, however I would recommend giac or like a certified pen tester. these certs will get you most HR droids. finally, if you have an associates degree, simply list the name of the college with no credentials. It will get you by the HR people, and the people hiring he will ask you about your degree, and you'll simply indicate that is an associates. most people don't care unless you're looking for a big 4 company. also don't forget about freelancing, you could offer to find a local job will get you some good experience that will make your portfolio look better.
cybersavior
50%
50%
cybersavior,
User Rank: Strategist
6/16/2017 | 3:06:43 PM
College, schmollege
Within IT in general and InfoSec specifically, a college degree has never been more meaningless in the hiring process.  What is needed is staff that can pass background checks that have strong, current skill sets.  Experience in the right coding language, the most recent CASB, Web Content Filtering or Next Gen Firewall solution.  Software Defined Data Center (SDN, SDS, HCI...).  Don't worry about the degree you didn't get/finish.  I advise you instead to snuggle up to AWS/Azure, GitHub, Python, Microsegmentation, Highly Converged Infrastructure and tech like Palo Alto, FireEye, Splunk and Threat Modeling/Intelligence.  Your new school prowess will push you right past those who did obtain the degree(s).
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9036
PUBLISHED: 2018-06-20
CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.
CVE-2018-12327
PUBLISHED: 2018-06-20
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq ...
CVE-2018-12558
PUBLISHED: 2018-06-20
The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f").
CVE-2018-6563
PUBLISHED: 2018-06-20
Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti...
CVE-2018-1120
PUBLISHED: 2018-06-20
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call t...