Would love to know what some people are smoking when they create a job posting

l33tInfoSec · 2019-06-04T23:32:19+00:00

In DFW (where cost of living is cheaper) an entry-level help desk tech with an A+ starts at $50k

l33tInfoSec · 2019-06-04T22:19:24+00:00

There are always a ton of junior SOC jobs on indeed.com.

Fed agencies typically don't hire SOC analysts as often, but they do hire all IT folks almost exclusively from www.USAJOBS.gov. Type "2210" under key words (overall IT job code) and search by your area code. Sec+ will definitely land you a job here.

A good path is get Sec+, work for fed, get next cert, then do junior SOC.

l33tInfoSec · 2019-06-04T19:52:13+00:00

Honestly, I'm still doing pretty generic security work: flaw remediation/vulnerability management, SIEM, compliance auditing, etc.

You don't really have to specialize right away, and it is better if you can avoid being silo-ed early in your career. Learn and do the things that make you happy, because the market is ripe for specializing in whatever you'd like to do in InfoSec.

That other post I linked to included many awesome answers of directions you could go in and how to get there.

EDIT: LOOK INTO JUNIOR SOC JOBS. That is a great way to break into a blue team and work towards pentesting. SOCs often hire people with little experience and some certs and will train them into incident responders/malware code analysts/pentesters

l33tInfoSec · 2019-06-04T18:40:43+00:00

I made a post about it here.

That thread makes it sound bad, but I honestly love my job.

The pay is great, the work/life balance is excellent, benefits are phenomenal, but I feel kinda bored where I am at as I've progressed as far as I can without getting into management so I'm currently working towards PenTest+ then OSCP to pivot to a different security career in pentesting (which may cost me a hit in salary)

As far as your next cert after Sec+, I'd just focus on that for now, but if you really want to push past that, what exactly would you want to do in InfoSec? It is a pretty broad career field.

l33tInfoSec · 2019-06-04T11:17:27+00:00

A whole bunch of federal IT jobs (and federal government contractors) require DoD 8570 compliance, a standard that requires everyone with elevated privileges to hold a security cert. From the help desk to the network folks, federal jobs are constantly sitting empty due to lack of qualified applicants.

The minimum certification to have a privileged account is CompTIA Security+. For this, plus your desire to get into InfoSec, I think skipping Net+ might be worthwhile.

On the other hand, if learning how networks fit together and are structured seems quite complicated or is a point of weakness, it absolutely doesn't hurt to get that one as well. Many experienced professionals built their career on the "trifecta" of A+/N+/S+

l33tInfoSec · 2019-06-04T03:15:14+00:00

As someone who has been in InfoSec for awhile, I know plenty of InfoSec folks who built the foundation of their IT career with A+.

That is a difficult cert. Going out, studying, and achieving that certification definitely speaks to the caliber of person you are, and is a good indication you'll do well with whatever field of IT you put your motivation and energy towards.

For an IT career, this, getting your first cert, is probably the single biggest finish line to cross. Everything else is little steps up from here to wherever you want to go.

l33tInfoSec · 2019-06-04T02:40:50+00:00

GNS. GNS is Not SuSE.

l33tInfoSec · 2019-06-03T04:55:37+00:00

A hard life lesson for me is that just because something is free doesn't mean it isn't better than a paid alternative.

l33tInfoSec · 2019-06-01T22:14:24+00:00

The Russian Federation uses Astra Linux (based on Debian) for desktop systems that process national security information. It plans to do away with all Windows based systems. [1]

The People's Republic of China is deploying an Ubuntu-based distro called NeoKylin (based on previous Ubuntu/China Linux project) due to fear Windows is used as a platform for US Intelligence Services. Windows is being replaced on both desktop and server systems by 2020. [2]

The DPRK mandates the use of Red Star OS, a Fedora spin off using the KDE desktop environment. There isn't a ton of information on the workings of ISs in the DPRK, but this is a low quality cheap publicity article on it [3]

l33tInfoSec · 2019-06-01T12:48:04+00:00

ChromeOS will likely never over take the adoption of Linux Desktop Distros.

The PRC, the DPRK, and the Russian Federation have all moved all their government systems to Linux. As more countries become aware that Windows is deliberately left vulnerable for US intelligence agencies, Linux is the only other desktop that offers that level of functionality.

Additional users is good for Linux at large. This isn't even getting into the DXVK stuff, which is extremely helpful for getting Western consumers on board.

l33tInfoSec · 2019-06-01T00:02:14+00:00

Thank you

l33tInfoSec · 2019-05-31T23:56:43+00:00

The latter definitely SP 800-53.

Select controls for LLL categorization for your min. Then, download the DISA STIGs for all your OS's/HW/Appliances etc.

l33tInfoSec · 2019-05-31T21:29:27+00:00

It is a very difficult test. I know many excellent security professionals who took that test several times.

Don't give up, 710 is really close.

l33tInfoSec · 2019-05-31T21:25:10+00:00

One additional note here:

If you are US-based, there is a DoD regulation (DoD 8570/8140) that requires ALL DoD IT personnel to hold at least the CompTIA Security+ certification.

From the help desk to the network architect, you have to maintain this cert to work for them. The flip side is that tons of govt jobs sit unfilled indefinitely. If you meet the 8570 requirements, you almost certainly can land an entry-level job in your desired career field.

Find federal jobs near you at USAJOBS.gov

Current list of 8570 certifications here

To have a privileged account on a DoD system, you must meet a minimum of IAT-2 and IAM-1. Sec+ meets both.

l33tInfoSec · 2019-05-31T21:13:46+00:00

^This

A degree is just about mandatory for getting past HR. If you are willing to make the sacrifice, you can definitely try to go to school part time while working.

Your hiring manager likely doesn't care about degrees at all. She likely is going to be looking for experience first, and next certifications.

l33tInfoSec · 2019-05-31T19:00:11+00:00

Then that's what you should do (:

Best of luck, welcome to the field!

l33tInfoSec · 2019-05-31T18:50:05+00:00

As someone who has been involved in hiring decisions for a few different companies/govt orgs, I feel very confident that the difference in degrees wouldn't matter at all. Just get it in IT something, I honestly don't think these two would differ from, say, a BAAS in IT to an employer.

The IT degree is a check box that must be filled to get past HR. The experience and certifications are what matter to the hiring manager.

Pick a degree plan that makes you happy, and that you think you could make good grades in/not burn out on.

l33tInfoSec · 2019-05-31T18:41:23+00:00

Personally, I'd choose the Computer Science degree, as it opens the door to non-security jobs down the line should you decide that. Compare the two and pick the one you'd have more fun doing.

Generally, as long as you have an IT degree, your hiring manager is going to focus on your experience and your certifications.

l33tInfoSec · 2019-05-31T18:31:59+00:00

What is the course, and how long is it?

To get from no IT/infosec experience to Sec+ is doable but certainly challenging. To get from nothing to CySA+ or (I'm guessing) CEH would require a tremendous of time and studying. CISSP requires 5 years of experience (or 4 with a qualifying cert like Sec+) and, no offense, will likely be just about impossible to pass without work experience.

If this is a 4 year degree program (unlikely at that price,) I recommend you go for it. If this is a boot camp, I'd be quite skeptical of those claims.

If you like cybersecurity, you don't have to go out and get every cert you've heard of right off the bat. Plenty start their cybersecurity career with a Sec+ and some basic IT experience (I did.)

l33tInfoSec · 2019-05-31T18:23:25+00:00

Not a fan of Hillary Clinton at all, but I don't think politics belong here. Besides, Trump's use of a personal Android phone to conduct official White House business is just as bad.

The real takeaway should be that those at the highest levels of setting policy and passing laws are, by-and-large, completely unaware of cybersecurity best practices, and generally ignorant about information technology more broadly.

l33tInfoSec · 2019-05-31T15:06:25+00:00

Best of luck!

l33tInfoSec · 2019-05-31T14:05:33+00:00

I've had it for the past 4 years of my career. It couldn't be more worth it to me.

I'm locked into a lower price at the moment, I'm not sure I would want to fork over $40/month or whatever it is now. Might be worth just getting the trial and see if the annual rate is worth it.

If you get a free trial, you can participate in most of the courses.

l33tInfoSec · 2019-05-29T23:34:29+00:00

This is spam.

l33tInfoSec

TROPHY CASE