/biz/ - Business & Finance

>>12169565
does it matter if you have a degree?

answer honestly not some hopium bullshit. if not, how do i get employed in this industry? im 18yo btw. what certs do i need etc.

>>12169565

what is itsec m8?

>>12169565
also what do i search for, when looking for jobs? I do a search for "ITSEC" and only about a dozen job results come up.

>>12169582
I do not have a degree. It would help or be required for managerial positions, but it is not absolutely required. Demonstrable skill and a cert like CISSA/P can suffice. That being said, you may need to be very intelligent and motivated without a degree.

>>12169589
Cybersecurity, Infosec, IT Security, etc.

>>12169598
Cybersecurity seems to be the prevailing term in recent years.

>>12169565
What should I be focussing on to transition from a sysadmin role into ITSEC?

>>12169630
ok and will they hire an 18yo if i have these certs? Because i am looking at these jobs and they are around £45-60k a year.

>>12169565
greetings colleague. What’s your specialty? I head up Cyber Sec design/arch for an insurer. The skills shortage has made this a tough year.

>>12169649
With sysadmin experience a CISSA should suffice to transition. You should have no problem finding a junior level security position and moving up from there, especially if you have experience with linux/unix/Solaris and/or forensic analysis.

>>12169652
So long as you're professional and can demonstrate skill I dont see why anyone wouldn't. Young staff are typically far more motivated and on top of emerging tech / trends.

>>12169679
Malware analysis / threat hunting and incident response but I'm kind of doing jack of all trades work at the moment.

>>12169630
>CISSP
what is this?
i look everywhere and it says like one week to get the cert?? your telling me im employable after 1 week? this cant be right. what other skills do i need to learn?

>>12169565
What's the pay like? I kinda want to transition from healthcare, but only if I can make $120k minimum after a few years of experience.

>>12169734
1 week bootcamp after you've read a study guide (most study guides are 800-1000 pages) seems more likely. I wouldn't recommend trying to go 0 to 100 in one week.

Easier certs would be GIAC GSEC, CompTIA Sec+, but much less valued than CISSA/P.

>>12169735
I work for the government so my pay is probably a little low for my area but my benefits are solid. I make 139k + benefits + pension. Pay also depends on the area you're working in and your degree of specialization.

>>12169721
We’ve been asked to take on threat hunting/management, proving difficult to resource it. How do you find it and how many people do you have in that space?

>>12169808
Me and one other guy on my team do threat hunting. It's difficult because most of the EDR out there is based on modeling that is pretty new. Finding people with knowledge in machine learning is difficult. I select training every year that my job pays for. The good thing is most of the companies that sell EDR products provide their own models and regular reports/consultations. Darktrace does this, and are very good, but also very expensive. I did a POC evaluation with them last year and it just wasnt providing a whole lot of value for the price tag so we went another route.

what's it like? Is it kinda like law/med where you have to memorize lots of facts and know what each components do? Math + programming knowledge needed?

>>12169787
What's your recommended route to study for CISSA/P?
Any books/courses/bootcamps?

also, is /g/'s netsec and cyberpunk threads a good starting point to learn

>>12169565
>ITSEC
>basically bunch of marketing fags with compTIA certs in "security" selling cloud antivrus hopium subscriptions to corp brainlets

come back when you get your CCIE:SEC, CISSP and few higher clearance levels

>>12169897
Fundamental knowledge of information systems is required, and on top of that, knowledge about securing information systems. Math and programming isnt necessarily required. You can get by with minimal scripting ability and knowledge of CLI for powershell or linux shell. There's lots of easy jobs out there that are just glorified sysadmin positions. That being said there are also more specialized and difficult positions as well. ITSEC covers a lot.

>>12169950
what do the difficult positions entail? With med and law you can very easily understand the stereotypes but what about specialised positions in cybersec?

>>12169920
ISC2 has official study guides and they are good.

>>12169931
>come back when you get your CCIE:SEC, CISSP and few higher clearance levels

Lol, what do you know? Come back when you're at least TS (SBBI). Then maybe you'll be eligible to talk shit.

>>12169865
Thanks anon, appreciate your input.

>>12169981
Look up the 10 security domains for high level descriptions of each. Like I said before, the range is wide. From something as simple as administrating an AV application and servers for a company, to legal, regulatory, systems architecture/ design, cryptography, etc.

>>12169950
can you explain what kind of things you do? you said here
>threat hunting

how do you go about doing this? i know how to program so if you could explain in detail would be fine.

do you just write scripts that go through the file system and send an alert if they find something strange?

>>12170039
Thanks anon, interesting thread

>>12169565
CISSP or CISSA - which do you have or would recommend pursuing based on need? Whats the difference in pay / work for each job you're likely to land with either?

>>12170048
Mirror traffic on your switches, log traffic and run algorithms to detect patterns and abnormalities in traffic (basic machine learning), investigate anomalies. For instance, we know that our main office is closed after 5pm, so if one of our machines reaches out to Vietnam at 1am, we immediately isolate it from the network and investigate it.

>>12169995
oh how cute you used google search to find out about clearance level you never heard in your life before

>>12169995
Thanks, will take a look

>>12170078
You have to have at least 4 years work experience in one of the 10 domains to get the P. It's the same exam for both CISSA and CISSP. P Just means "Professional" and notates you're not a newb. CISSA is usually what a junior position holds. CISSP would be tier 2 or senior level.

>>12170111
Cool. Take your big balls and troll someone else cool guy. I'm here to help people, not entertain you.

>>12170119
ok so to get a job in this field you want;

>CISSA cert
>some machine learning stuff projects on github

is there any other "must have" certs?

>>12170204
CEH is also good if you want to do stuff like pen testing and application security. CISA (information systems auditor) if you want the most boring job in the field lol.

>>12170138
why don't you gtfo of /biz and do something else productive in your life ?
you clearly lack intellect if you think you can help these sub 30 IQ brainlets on here with your "get a job in IT security" advice

>>12169565

How many cocks can you stick in your fucking mouth, faggot?

>>12170249
Thanks for the advice, Mr. Productivity.

>>12170240
ok cool. and what is the interview process like? so for example in programming they will ask you some whiteboard problem or ask about your projects. whats a typical interview?

>>12170119
cool, thanks!

>>12170256
How big are they?

>>12170258
you welcome mister "I can be replaced by a 2 line golang script" faggot

>>12170261
I've really only had 3 interviews related to ITSEC, but general IS questions, project experience questions, examples of innovation or situations where you developed something on the fly to solve a problem. I had one guy ask me which websites I went to for security information. 1 of them gave me a network map and asked me to identify potential security problems with it.

>>12170273
Damn. I hope one day I can be as 1337 as you. That would be so cool.

>>12170273
>I can be replaced by a 2 line golang script
Hello newfriend, I would recommend that you at least learn a little bit before typing something that makes you look like a fool

What's the difference between this and CCNA? I am aiming for ccna, but worth it to get both?

>>12170676
CCNA is Cisco networking. Basically you'd be an infrastructure guy, not a security guy. Youd probably spend most of your time programming switches, installing switches, troubleshooting network problems, etc. CCNA is pretty niche and I wouldn't recommend it for most people.

>>12170708
Don't I need 5 years of experience for CISSA?

>>12170955
No, anyone can get CISSA. You need experience for CISSP, although, it's the same test and cert essentially. CISSP just tells employers that you have verified experience in one of the 10 domains.

>>12169565
OP, I'm 21, about to start my final semester of college as a Math major and CS minor, and I'm still looking for jobs. Despite choosing to be a pure math major, I'm not a complete brainlet. I've done enough programming that I think I can pick up anything new, but I have absolutely 0 experience or exposure with anything security related. What do I have to learn to get a job?

>>12170474
newfriend
>hmmmmmmmmm I wonder I wonder

>>12169582
>does it matter if you have a degree?
it doesn't, at all. what matters is experience, knowledge and interest in learning more. you will NEVER stop learning in this industry.

>>12169598
infosec is a very broad field, but most companies are looking for pentesters

>>12169630
>>12169931
>CISSA/P
>GIAC GSEC
>CompTIA Sec+
>CCIE:SEC
you surely meant OSCP, right?

>>12170078
OSCP for a practical, hands on cert

>>12169649
start reading infosec news (r/netsec is good), start doing stuff, get interested and show your interest to others, learn, learn, learn.

>>12169565

What are the best places to find these jobs all over the world with 100% telecommuting schedules? Any particular job sites for the ItSec world?

>>12169565
Will ITSEC still be short on workers in 4 years?

I plan on joining Marines soon as a data network specialists where i have to get those certificates CompTIA and stuff, and get out in 4 years and get a super comfy job coupled with crypto investments.

Would I be set following this path?

>>12170300
Much better (open ended like that) than white boarding torture. I won’t mind if they take a practical test on threat hunting or on other attack vectors.

>>12169565
This is the problem with “cyber”... whoring out the industry to a bunch of idiots. The people that are coming in are fucking morons that say they’re “professionals” and couldn’t read an ACL to save their life. How about DACL or even RACF? Nope. Try google maybe you’ll find your answer....

- +20 yrs in industry and watching it die as my mentors get buried in the ground due to stress and cancer.

>>12169565

Hey bro, info sec consultant here- 26 years old 75k salary not including signing and annual bonus

Infosec is where it’s at!!!

>>12172033
Your wrong in many ways. Companies are not looking for pentesfers.. consulting/service companies are, if you have the skills... or you can go to a trustwave shoppe and be a hack.

The security space has multiple fields, some are commodities, while others are specialized.

Need a good threat hunter? Yeah, but they better know how to connect the dots.

Need a good IR? (Newbs can google) yeah but it’ll cost you.

Need an analyst? Get a great sys admin with 5-10 years.

Now a days the kids coming out of college have no clue. I had one that gave me a blank stare when I asked about social engineering... ><

>>12172237

Grats on spouting access management tier shit and a fucking proprietary ibm standard for boomerware

>>12172275
Bahahahahaha nice. Where you at? Bangalore? How about puket

>>12172291

It’s not much different than other IT fields in that the lesser retards coming out without any sysadmin experi nice under their belt will get relegated to “security roles” that are just AD admins with different titles. We will prosper

>>12172294
Yeah, if you get your feet wet you’ll run across it.

>>12172317
I've worked with IBM IDM platform.. Fuck I can't even believe I'm forgetting what it's called ISIM? Used to be tivoly but it got obtained,,, interesting stuff but with shit like avatier coming out and being easier to scale support and implement ibm boomerware will start to get abandoned or at least not picked up by newer businesses that are looking for more up to date, affordable and agile solutions....

plus you can learn all the proprietary access management platform shit you like, but if you don't understand how LDAP is doing everything bneath the hood then you frankly are just another sys admin

im not saying you im just sharing my young and limited but I would say ahead of my peers perspective.

>>12172294
I spouted ACL as it’s a great beginning for anyone thinking about getting into the field. Having a networking background is required. Knowing where a deny statement belongs is necessary.

If you can’t hang on that part, how will you get security groups/zones and the litany of other access control that forms one of the pillars for info sec?!

>>12172370
Based response. Not many peeps even get to that level.

LDAP is what makes the world spin. ADFS makes it connected.

>>12172075
These jobs aren't on Monster.com, dummy. If you don't know where to look, you're not qualified.

>>12172375
True true I didn't really mean to come at you infosec bro I'm just being an elitist douche like everyone else on here really I'm young and obviously have a lot to learn. Really fortunate to have rubbed elbows with some really smart guys, yes I do have a degree in computer and network security but it's from a nationally recognized university (by nsa and DHS) -- you are right in that

>>12172370
For the newbs that care to learn... look up TOGAF.

>>12172399

in that most chumps coming out with info sec degrees are meme tier noobs but there are some diamonds in the shit like me who are humble, willing to put in the hours to learn and really just have an aptitude for computers --

Being in the industry and just any business environment in general has taught me that there are two distinct types of people in this world:
You either REALLY REALLY get computers and can pretty much learn anything technical with not that much time, even getting the hang of a concept platform software within a day

Or you can't

ADFS/SAML is so fucking critical to business infrastructure now it's absurd especially with so many businesses either migrating to the cloud (though most already have) or just adopting any new product or solution is going to be cloud based anyway. My first job out of college was mostly access management related now it's just consulting on all fronts for security programs on the whole from networking to governance, risk/vuln management it's really cool I'm just really fucking lucky to be honest.

>>12172408
Ahh the ole nsa masters in info assurance... I know of this. It’s a great start for getting started. It’s basically a 30k course to get your CISSP. Don’t even think it will get you read for OSCP or GIAC.

>>12172457

Not masters, B.S., I'm sitting for my SSCP in late jan. and then going for my cissp afterwards once I have the experience requirements under my belt (Less than a year left really). Like I said, it's semi-meme tier but getting it got me in the door for my first job's interview - even my team to be was really skeptical at first but my professional experience and knack for computers really came in and I proved myself to be more than capable

>>12172457

However, I can definitely see how people who have been in the industry for years are skeptical as fuck. Even CISSP is diluted by now, so many boomers I've worked with putting their CISM or CISSP on their email titles yet don't know the first thing about cryptography, SSL/TLS, OSI model, etc fucking anything man it's just crazy.... CISSP is diluted as fuck just another tool to get you in the door if you can't back it up by talking shop and knowing your shit you're just going to look like a fool and infosec professionals who do know their shit are very wise to degree/certification wielding imposters trying to hop on the infosec bubble/mania

>>12172457

also not information assurance - computer and network security - it was first and foremost a technical degree and I am thankful to have selected a valuable degree from a good school that actually taught me shit beyond conceptual bullshit like "ethics" and "the cia triad"

(the latter still coming in handy when doing security assessments at my current position.)

>>12172504
You will do well. You already get the jist of spotting charlatans in the industry. That’s why the interviews are important, if you bs your way through you’re toast. If you understand you don’t know everything, you might just get further ahead.

>>12172291
>>12169565
I've done a TAFE cert IV in it, I was interested in computer security and netsec and have general knowledge of it, I was going to do a uni course in cybersecurity but decided not to because I don't want to have any debt if possible.

Do I have any options?

I wouldn't mind doing some sort of internship/learn on the job while getting paid though if that is a thing.

>>12172661
Debt sucks. Depends on what you can handle... Get a few carts that matter and some solid work years at entry level and your set. Entry level is support type work. The shit us boomers don’t want to do.

Look at ccna, AWS certs, and cissp still gets the basics out of the way. I also recommend SANS.

>>12169565
What should I do certwise after I get the Comptia Trifecta? This is assuming I will be working in helpdesk in the mean time.

>>12172696
I was considering doing sans.

I think basic pentesting isn't that hard.
Social engineering, basic lockpicking and having physical access is fairly easy I think.
Everything elseis premade scripts and software.

Finding exploits manually is a bit more difficult I think.

Assuming an anon is a complete noob to the IT field, what cert roadmap would you say is good? I was thinking of the following: A+ --> Net+ --> Sec+--> (Get job as helpdesk technician) --> RHCSA --> (Get job as junior sysadmin) --> RHCE --> (Get job as full fledged sysadmin) --> then what? Is my roadmap a good one?

>>12172411
For anyone who cares about making money in IT, pay attention to this. The big bucks are in architecture and anyone who can successfully apply an enterprise architecture framework like TOGAF will do well. For security architecture, SABSA is God-tier.

>>12172119
Not OP but our reliance on computers and tech is only going to become more so in the coming years with talent harder and harder to come by due to being already at close to capacity. In short yes it will do your marines son ajd get them certs, Im jelly busted knee so cant enlist.

once i depart brainfog plus a will to live i may want to become a worker for the itsec sector of telecommunications

looks like the real money is in selling retarded "certifications" to braindead indians so they can peddle this snake oil to normie businesses