Careers & People

6/16/2017
12:57 PM
100%
0%

Lack of Experience Biggest Obstacle for InfoSec Career

A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.

Relevant job experience is the biggest barrier when it comes to landing a career in information security, according to new data.

A recent Twitter survey by Tripwire also found that the lack of certification or appropriate training (20%) and "low salaries" (11%) were other issues keeping people from security jobs. The data was drawn from a poll of some 659 of Tripwire's Twitter followers.

Certifications can mean higher pay, according to a recent study by ISC2 that showed professionals with infosec certifications often earned more money in the field.

Tripwire's Twitter followers weighed in with their own complaints. User Eric Breen lamented that he has more than 10 years of IT support and administrator experience yet is having difficulty with employment because he "didn't sell me soul to a university." And another user, InfoSec Mutt, says "Employers won't give an #infosec pro the time of day because they lack a Bachelors degree. Also insane requirements for entry level jobs."

Read more about Tripwire's Twitter poll here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WilliamJ320
50%
50%
WilliamJ320,
User Rank: Apprentice
6/21/2017 | 2:28:04 PM
Re: College, schmollege
Yes, a college degree shouldn't stop you from getting a job and moving up, but you will hit a point in larger companies where you can only go so high. I've been in the computer industry since '89. I choose to pursue Novell certifications over college. I've done well, but I can't move into a CIO position without getting my degree, which I'm pursuing right now.
ThomasM371
50%
50%
ThomasM371,
User Rank: Apprentice
6/20/2017 | 8:44:01 AM
Poppycock! Mostly a grab by isc2 to sell more certs!
I started my info sec career in 1995, without a degree and without any certifications. Today I am a principal researcher, and have never found that college has prevented me from obtaining any job that I need. unfortunately, the road to a security career does require some sacrifices, A lot of hard work and studying, and eight fundamental understanding of network infrastructure. for anyone starting out in info security, I recommend Comer's quintessential text on the subject. I also recommend TCP/IP illustrated. finally get yourself a lab and start learning. using Web goat or a similar vulnerable Web server is a very good way to start your career. finally your initial job may suck. I started out managing firewalls for Kellogg. don't be afraid of short-term contract work, or jobs that you may think or beneath you. you may well end up helping the police find creepy people otherwise known as forensics, or something it is boring as a simple audit. don't forget there's a job with a part-time security component to it is an excellent way to begin your career. finally if you can program you're even more useful because then you can do things that a lot of folks can't. Very few security people know how to program unless they are pen tester's. I do recommend pursuing to see a CISSP, however if you'd like a broad overview of what security is about and which aspects you would like to pursue. if you would like to hack, however I would recommend giac or like a certified pen tester. these certs will get you most HR droids. finally, if you have an associates degree, simply list the name of the college with no credentials. It will get you by the HR people, and the people hiring he will ask you about your degree, and you'll simply indicate that is an associates. most people don't care unless you're looking for a big 4 company. also don't forget about freelancing, you could offer to find a local job will get you some good experience that will make your portfolio look better.
cybersavior
50%
50%
cybersavior,
User Rank: Strategist
6/16/2017 | 3:06:43 PM
College, schmollege
Within IT in general and InfoSec specifically, a college degree has never been more meaningless in the hiring process.  What is needed is staff that can pass background checks that have strong, current skill sets.  Experience in the right coding language, the most recent CASB, Web Content Filtering or Next Gen Firewall solution.  Software Defined Data Center (SDN, SDS, HCI...).  Don't worry about the degree you didn't get/finish.  I advise you instead to snuggle up to AWS/Azure, GitHub, Python, Microsegmentation, Highly Converged Infrastructure and tech like Palo Alto, FireEye, Splunk and Threat Modeling/Intelligence.  Your new school prowess will push you right past those who did obtain the degree(s).
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark Reading,  12/3/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20009
PUBLISHED: 2018-12-10
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
CVE-2018-20010
PUBLISHED: 2018-12-10
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
CVE-2018-20011
PUBLISHED: 2018-12-10
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
CVE-2018-20012
PUBLISHED: 2018-12-10
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
CVE-2018-20015
PUBLISHED: 2018-12-10
YzmCMS v5.2 has admin/role/add.html CSRF.