Careers & People

6/16/2017
12:57 PM
100%
0%

Lack of Experience Biggest Obstacle for InfoSec Career

A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.

Relevant job experience is the biggest barrier when it comes to landing a career in information security, according to new data.

A recent Twitter survey by Tripwire also found that the lack of certification or appropriate training (20%) and "low salaries" (11%) were other issues keeping people from security jobs. The data was drawn from a poll of some 659 of Tripwire's Twitter followers.

Certifications can mean higher pay, according to a recent study by ISC2 that showed professionals with infosec certifications often earned more money in the field.

Tripwire's Twitter followers weighed in with their own complaints. User Eric Breen lamented that he has more than 10 years of IT support and administrator experience yet is having difficulty with employment because he "didn't sell me soul to a university." And another user, InfoSec Mutt, says "Employers won't give an #infosec pro the time of day because they lack a Bachelors degree. Also insane requirements for entry level jobs."

Read more about Tripwire's Twitter poll here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WilliamJ320
50%
50%
WilliamJ320,
User Rank: Apprentice
6/21/2017 | 2:28:04 PM
Re: College, schmollege
Yes, a college degree shouldn't stop you from getting a job and moving up, but you will hit a point in larger companies where you can only go so high. I've been in the computer industry since '89. I choose to pursue Novell certifications over college. I've done well, but I can't move into a CIO position without getting my degree, which I'm pursuing right now.
ThomasM371
50%
50%
ThomasM371,
User Rank: Apprentice
6/20/2017 | 8:44:01 AM
Poppycock! Mostly a grab by isc2 to sell more certs!
I started my info sec career in 1995, without a degree and without any certifications. Today I am a principal researcher, and have never found that college has prevented me from obtaining any job that I need. unfortunately, the road to a security career does require some sacrifices, A lot of hard work and studying, and eight fundamental understanding of network infrastructure. for anyone starting out in info security, I recommend Comer's quintessential text on the subject. I also recommend TCP/IP illustrated. finally get yourself a lab and start learning. using Web goat or a similar vulnerable Web server is a very good way to start your career. finally your initial job may suck. I started out managing firewalls for Kellogg. don't be afraid of short-term contract work, or jobs that you may think or beneath you. you may well end up helping the police find creepy people otherwise known as forensics, or something it is boring as a simple audit. don't forget there's a job with a part-time security component to it is an excellent way to begin your career. finally if you can program you're even more useful because then you can do things that a lot of folks can't. Very few security people know how to program unless they are pen tester's. I do recommend pursuing to see a CISSP, however if you'd like a broad overview of what security is about and which aspects you would like to pursue. if you would like to hack, however I would recommend giac or like a certified pen tester. these certs will get you most HR droids. finally, if you have an associates degree, simply list the name of the college with no credentials. It will get you by the HR people, and the people hiring he will ask you about your degree, and you'll simply indicate that is an associates. most people don't care unless you're looking for a big 4 company. also don't forget about freelancing, you could offer to find a local job will get you some good experience that will make your portfolio look better.
cybersavior
50%
50%
cybersavior,
User Rank: Strategist
6/16/2017 | 3:06:43 PM
College, schmollege
Within IT in general and InfoSec specifically, a college degree has never been more meaningless in the hiring process.  What is needed is staff that can pass background checks that have strong, current skill sets.  Experience in the right coding language, the most recent CASB, Web Content Filtering or Next Gen Firewall solution.  Software Defined Data Center (SDN, SDS, HCI...).  Don't worry about the degree you didn't get/finish.  I advise you instead to snuggle up to AWS/Azure, GitHub, Python, Microsegmentation, Highly Converged Infrastructure and tech like Palo Alto, FireEye, Splunk and Threat Modeling/Intelligence.  Your new school prowess will push you right past those who did obtain the degree(s).
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7399
PUBLISHED: 2019-02-17
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
CVE-2019-8392
PUBLISHED: 2019-02-17
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead.
CVE-2019-8394
PUBLISHED: 2019-02-17
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
CVE-2019-8395
PUBLISHED: 2019-02-17
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
CVE-2019-8389
PUBLISHED: 2019-02-17
A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) ...