Careers & People

6/16/2017
12:57 PM
100%
0%

Lack of Experience Biggest Obstacle for InfoSec Career

A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.

Relevant job experience is the biggest barrier when it comes to landing a career in information security, according to new data.

A recent Twitter survey by Tripwire also found that the lack of certification or appropriate training (20%) and "low salaries" (11%) were other issues keeping people from security jobs. The data was drawn from a poll of some 659 of Tripwire's Twitter followers.

Certifications can mean higher pay, according to a recent study by ISC2 that showed professionals with infosec certifications often earned more money in the field.

Tripwire's Twitter followers weighed in with their own complaints. User Eric Breen lamented that he has more than 10 years of IT support and administrator experience yet is having difficulty with employment because he "didn't sell me soul to a university." And another user, InfoSec Mutt, says "Employers won't give an #infosec pro the time of day because they lack a Bachelors degree. Also insane requirements for entry level jobs."

Read more about Tripwire's Twitter poll here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
cybersavior
50%
50%
cybersavior,
User Rank: Strategist
6/16/2017 | 3:06:43 PM
College, schmollege
Within IT in general and InfoSec specifically, a college degree has never been more meaningless in the hiring process.  What is needed is staff that can pass background checks that have strong, current skill sets.  Experience in the right coding language, the most recent CASB, Web Content Filtering or Next Gen Firewall solution.  Software Defined Data Center (SDN, SDS, HCI...).  Don't worry about the degree you didn't get/finish.  I advise you instead to snuggle up to AWS/Azure, GitHub, Python, Microsegmentation, Highly Converged Infrastructure and tech like Palo Alto, FireEye, Splunk and Threat Modeling/Intelligence.  Your new school prowess will push you right past those who did obtain the degree(s).
WilliamJ320
50%
50%
WilliamJ320,
User Rank: Apprentice
6/21/2017 | 2:28:04 PM
Re: College, schmollege
Yes, a college degree shouldn't stop you from getting a job and moving up, but you will hit a point in larger companies where you can only go so high. I've been in the computer industry since '89. I choose to pursue Novell certifications over college. I've done well, but I can't move into a CIO position without getting my degree, which I'm pursuing right now.
ThomasM371
50%
50%
ThomasM371,
User Rank: Apprentice
6/20/2017 | 8:44:01 AM
Poppycock! Mostly a grab by isc2 to sell more certs!
I started my info sec career in 1995, without a degree and without any certifications. Today I am a principal researcher, and have never found that college has prevented me from obtaining any job that I need. unfortunately, the road to a security career does require some sacrifices, A lot of hard work and studying, and eight fundamental understanding of network infrastructure. for anyone starting out in info security, I recommend Comer's quintessential text on the subject. I also recommend TCP/IP illustrated. finally get yourself a lab and start learning. using Web goat or a similar vulnerable Web server is a very good way to start your career. finally your initial job may suck. I started out managing firewalls for Kellogg. don't be afraid of short-term contract work, or jobs that you may think or beneath you. you may well end up helping the police find creepy people otherwise known as forensics, or something it is boring as a simple audit. don't forget there's a job with a part-time security component to it is an excellent way to begin your career. finally if you can program you're even more useful because then you can do things that a lot of folks can't. Very few security people know how to program unless they are pen tester's. I do recommend pursuing to see a CISSP, however if you'd like a broad overview of what security is about and which aspects you would like to pursue. if you would like to hack, however I would recommend giac or like a certified pen tester. these certs will get you most HR droids. finally, if you have an associates degree, simply list the name of the college with no credentials. It will get you by the HR people, and the people hiring he will ask you about your degree, and you'll simply indicate that is an associates. most people don't care unless you're looking for a big 4 company. also don't forget about freelancing, you could offer to find a local job will get you some good experience that will make your portfolio look better.
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVE-2018-11472
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVE-2018-11473
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVE-2018-11474
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
CVE-2018-11475
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.