Career Advice: IT Security

Hi folks,

I know there's a similar post from 2014 but IT has evolved alot since and i'm sure i will get better understanding on what i would like to do from this topic.

I would like to get some ideas/suggestion for my brighter future in IT industry.

I have been in IT industry for just 3.5 years, i know it's not alot. that's why i need your guidance.

I was in a L1 support role for 1 year then i have been working as a junior sys admin for around 2.5 years.

I have Master degree and would like to study a bit more, possibly certificate courses.

I am leaning towards IT Security and intending to do CISSP. I am not very good at scripting or programming.

I would like to work as a security architect one day.

Comments

  • need work experience for CISSP

    • You mean work experience in security?

      • yes and then more to retain the membership

  • +3

    I will advise you to spell "advice" with a "c".

    • Good pick up. English is my third language and let’s get back onto the topic. I’m sure you have a lot to say about the topic

  • Try getting work in a Security Ops Centre. They will typically train you but expect shift work.

  • If you haven't graduated very long ago you could do something like this https://www.accenture.com/au-en/careers/jobdetails?id=006318…

  • What kind of IT security are we talking here? It's quite diverse in Australia. There are the businesses responsible for auditing and compliance that are getting quite big thanks to the new laws about reporting data breaches. Then there is the installation and management of network security or even the cyber security centre jobs.

    • If be keen to understand the role of cyber security auditor

      • I'm involved in network security but not so much the auditing side of it so I wouldn't be able to say what happens day to day. But to give you some insight… with the introduction of the privacy laws surrounding the requirement that businesses need to report data breaches within 30 days of the incident. It's becoming more common for insurance companies and law firms to be involved who then bring in security auditing firms.

        Let's say it was a ransomware incursion. A third party exploited a vulnerability, gained access to the system and planted ransomware. The auditors would need to determine when/how the incursion occurred, if data was taken/destroyed, is the infection still present, does the third party still have access to the syste, etc etc.

        This could lead to the auditors gaining access to the system to see how it operates, their security policies, what kind of security products are being used and sifting through system logs like AD to find how/when/where the breach occurred. After that you have the fun job of doing paperwork and preparing a report.

        I personally prefer deploying and maintaining the security systems myself. I frequently deploy a lot of hardware based security products like Blue Coast Systems and UTMs, as well as software based solutions, group policy, penetration testing and user training. Less admin and more practical in my opinion.

        One of the parts I enjoy the most is setting up mock servers in the same environment the business would operate and throw real world ransomware samples against it. Finding out what works and what doesn't to protect the system.

  • I’m a Network & Security Engineer in Melbourne, the security part mainly covers things like Nextgen Firewalls, NAC, IDS/IPS, Identity Services (e.g Cisco ICE), Vulnerability and Security Scanning, device hardening. If you were looking at getting into this field I would recommend industry certificates, study HARD. Get vendor certs for example Cisco, Checkpoint, Palo Alto, Juniper, F5, etc. I can’t overstate the importance of self study and getting certificates. Also, plenty of devices have free trial virtual editions that you can spin up at home to practise on, for example Cisco ICE, Palo Alto, Checkpoint, etc, so
    might be worth investing in a server (or beefy computer) that will allow you to create a virtual environment at home.

Login or Join to leave a comment