Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

6/16/2017
12:57 PM
100%
0%

Lack of Experience Biggest Obstacle for InfoSec Career

A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.

Relevant job experience is the biggest barrier when it comes to landing a career in information security, according to new data.

A recent Twitter survey by Tripwire also found that the lack of certification or appropriate training (20%) and "low salaries" (11%) were other issues keeping people from security jobs. The data was drawn from a poll of some 659 of Tripwire's Twitter followers.

Certifications can mean higher pay, according to a recent study by ISC2 that showed professionals with infosec certifications often earned more money in the field.

Tripwire's Twitter followers weighed in with their own complaints. User Eric Breen lamented that he has more than 10 years of IT support and administrator experience yet is having difficulty with employment because he "didn't sell me soul to a university." And another user, InfoSec Mutt, says "Employers won't give an #infosec pro the time of day because they lack a Bachelors degree. Also insane requirements for entry level jobs."

Read more about Tripwire's Twitter poll here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WilliamJ320
50%
50%
WilliamJ320,
User Rank: Apprentice
6/21/2017 | 2:28:04 PM
Re: College, schmollege
Yes, a college degree shouldn't stop you from getting a job and moving up, but you will hit a point in larger companies where you can only go so high. I've been in the computer industry since '89. I choose to pursue Novell certifications over college. I've done well, but I can't move into a CIO position without getting my degree, which I'm pursuing right now.
ThomasM371
50%
50%
ThomasM371,
User Rank: Apprentice
6/20/2017 | 8:44:01 AM
Poppycock! Mostly a grab by isc2 to sell more certs!
I started my info sec career in 1995, without a degree and without any certifications. Today I am a principal researcher, and have never found that college has prevented me from obtaining any job that I need. unfortunately, the road to a security career does require some sacrifices, A lot of hard work and studying, and eight fundamental understanding of network infrastructure. for anyone starting out in info security, I recommend Comer's quintessential text on the subject. I also recommend TCP/IP illustrated. finally get yourself a lab and start learning. using Web goat or a similar vulnerable Web server is a very good way to start your career. finally your initial job may suck. I started out managing firewalls for Kellogg. don't be afraid of short-term contract work, or jobs that you may think or beneath you. you may well end up helping the police find creepy people otherwise known as forensics, or something it is boring as a simple audit. don't forget there's a job with a part-time security component to it is an excellent way to begin your career. finally if you can program you're even more useful because then you can do things that a lot of folks can't. Very few security people know how to program unless they are pen tester's. I do recommend pursuing to see a CISSP, however if you'd like a broad overview of what security is about and which aspects you would like to pursue. if you would like to hack, however I would recommend giac or like a certified pen tester. these certs will get you most HR droids. finally, if you have an associates degree, simply list the name of the college with no credentials. It will get you by the HR people, and the people hiring he will ask you about your degree, and you'll simply indicate that is an associates. most people don't care unless you're looking for a big 4 company. also don't forget about freelancing, you could offer to find a local job will get you some good experience that will make your portfolio look better.
cybersavior
50%
50%
cybersavior,
User Rank: Strategist
6/16/2017 | 3:06:43 PM
College, schmollege
Within IT in general and InfoSec specifically, a college degree has never been more meaningless in the hiring process.  What is needed is staff that can pass background checks that have strong, current skill sets.  Experience in the right coding language, the most recent CASB, Web Content Filtering or Next Gen Firewall solution.  Software Defined Data Center (SDN, SDS, HCI...).  Don't worry about the degree you didn't get/finish.  I advise you instead to snuggle up to AWS/Azure, GitHub, Python, Microsegmentation, Highly Converged Infrastructure and tech like Palo Alto, FireEye, Splunk and Threat Modeling/Intelligence.  Your new school prowess will push you right past those who did obtain the degree(s).
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7981
PUBLISHED: 2020-01-25
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
CVE-2019-0141
PUBLISHED: 2020-01-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-7596
PUBLISHED: 2020-01-25
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
CVE-2020-7980
PUBLISHED: 2020-01-25
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.
CVE-2012-6613
PUBLISHED: 2020-01-25
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.