Security Professional Hopeful. Any Advice?

[Carpathian]

Hey guys, I recently started an IT Security Specialist program and am really enjoying the material. The ultimate goal is to get a job in the field as a pentester, an analyst, or potentially some other security related job. I have a bachelor's degree, but it isn't in a computer science or related field (history/poli sci). The plan right now is essentially to get my certifications through CompTIA and some other vendors. I'm currently on track to get my Security+ certification by the end of Spring, as well as my Ethical Hacker certification. From there I will try to branch off into some other certifications as I progress through my Security Specialist program.

So I guess my questions to you guys would be is there any advice you have? Recommendations for certs? Will not having a computer science degree hurt me? Do I NEED to learn how to code on a moderate level to be successful, or will having an in depth knowledge of security really be all that I need?

Any and all advice is greatly appreciated. As you can all very much tell I am incredibly new and still learning with all of this. So feel free to throw your input at me whether it be positive or otherwise.

Thanks for your time

EDIT: I should clarify that although my Bachelor's of Science is not in a Computer Science field, upon completion of my current program I will have an Associates of Applied Science in IT Security as well as all of the certifications that I plan on accumulating along the way.

 

[ComputerSecurityGuy]

Lots of Linux experience and certifications help. Lack of a CompSci degree will be a problem, but not all the time.

 

[boosted1g]

You are on the right track.

As far as lack of Computer Science background being an issue:
It entirely depends on what realm you get into. If it is network security then it wont be an issue, if it is PC security or finding/fixing exploits then yes it will be a problem.

 

[Carpathian]

Lots of Linux experience and certifications help. Lack of a CompSci degree will be a problem, but not all the time.

Yea, I also plan on getting my Linux+ certification through CompTIA and some other Networking certs to bolster that Linux knowledge. I should also clarify that by the time I finish this program I am currently in I will have an Associates of Applied Science in IT Security. So even though it is just a two year degree I suppose its better than nothing? Especially if it is coupled with certifications. Some people that I have spoken to in the field have told me that it is okay that my bachelor's degree isn't in Comp. Science, the important thing is just having one in the first place, which I do. However, I figured it would be better to maybe ask that question in a larger forum.

 

[Slumy__57]

The certs you'll want to get will depend on whatever area of IT you want to get into. If you get a few of the basic CompTIA certifications, it will definitely help you land a job. Not having a com sci degree may or may not hurt you. If by not having a degree in com sci you mean not having an IT degree in general, then yes, this will definitely limit the number of jobs you will be qualified for. However, com sci is not the only route to go in the IT field, there are many many other degrees you could choose from. For example, I just got an A.A.S. in Cybersecurity from a community college, and I am working as a network engineer at an IT firm.

That being said, I do work with a few people that have no college degree, and have their jobs simply because they have a few certifications, and a few years of experience in the field. IMHO, that is the most important thing with regards to getting a job in the world of IT. Experience. Once you get your foot in the door, and land that first job, things will get much easier. With a year of experience, a lot more employers will be willing to give you a chance, and once you have 5 years in the field, you're all set.

In general, I would say go for as many of the basic certifications you can, especially Security+, and A+. If you're up to the challenge, CISSP is an awesome certification to have, and will open up many job opportunities for you. Once you decide on a definite area within the information technology field, then I would recommend getting some job specific certs. For example, since I do networking, in addition to getting Security+, A+, and Linux+, I am also looking into getting my MCSE, and CCNA certifications.

 

[Carpathian]

The certs you'll want to get will depend on whatever area of IT you want to get into. If you get a few of the basic CompTIA certifications, it will definitely help you land a job. Not having a com sci degree may or may not hurt you. If by not having a degree in com sci you mean not having an IT degree in general, then yes, this will definitely limit the number of jobs you will be qualified for. However, com sci is not the only route to go in the IT field, there are many many other degrees you could choose from. For example, I just got an A.A.S. in Cybersecurity from a community college, and I am working as a network engineer at an IT firm.

That being said, I do work with a few people that have no college degree, and have their jobs simply because they have a few certifications, and a few years of experience in the field. IMHO, that is the most important thing with regards to getting a job in the world of IT. Experience. Once you get your foot in the door, and land that first job, things will get much easier. With a year of experience, a lot more employers will be willing to give you a chance, and once you have 5 years in the field, you're all set.

In general, I would say go for as many of the basic certifications you can, especially Security+, and A+. If you're up to the challenge, CISSP is an awesome certification to have, and will open up many job opportunities for you. Once you decide on a definite area within the information technology field, then I would recommend getting some job specific certs. For example, since I do networking, in addition to getting Security+, A+, and Linux+, I am also looking into getting my MCSE, and CCNA certifications.

I am very much on the same track that you took. I'm in the process of getting an AAS at my local community college while collecting as many certs as I can along the way. I am taking my 901 and 902 CompTIA A+ tests in the next two weeks. Next on the list is Network+, then Security+, Ethical Hacking, and Linux+.

 

[Slumy__57]

Well you are definitely on the right track, the AAS is an awesome degree, I landed my current job the summer after my freshman year. I had no experience, barely any classes taken, and no certifications, and I still got a job. There is a huge shortage of IT professionals right now, and it is absolutely the field to be in.

You're really smart to get those certs while you're still in school, if you have a few of those certs when you get your first job in IT, I guarantee you will make a lot more money than I did when I started my first job.

Is there any specific field of IT you're leaning more towards at this point?

 

[Carpathian]

Well you are definitely on the right track, the AAS is an awesome degree, I landed my current job the summer after my freshman year. I had no experience, barely any classes taken, and no certifications, and I still got a job. There is a huge shortage of IT professionals right now, and it is absolutely the field to be in.

You're really smart to get those certs while you're still in school, if you have a few of those certs when you get your first job in IT, I guarantee you will make a lot more money than I did when I started my first job.

Is there any specific field of IT you're leaning more towards at this point?

Right now I'm leaning more towards Network Security, specifically pentesting. However, I don't plan on limiting myself to just that. I figure with my degree in cybersecurity in conjunction with security & Linux certs I could also work as a Linux administrator or even as a Network Engineer like yourself. If you don't mind my asking, how were you able to land a job as a Network Engineer without having any certifications or experience? Was it merely just an "apply and interview" type thing combined with the company just needing people to do the job? From what I understand Network Engineers are paid pretty well.

 

[Slumy__57]

Yeah, the cybersecurity degree is pretty diverse in terms of what kind of job you can get with it. Well there was a combination of things that helped me get the job I have right now. For starters, I'm not actually a straight up Network Engineer, I'm technically an intern, but that's more or less just a title, my job duties are more relateable to that of an entry-level Network Engineer. But I applied for a small company, I didn't do it through any kind of official channel. I did have a connection to the company, my father used to work with the CFO. So I just sent the CFO an email asking about a paid internship, and I attached my resume to the email.

I was contacted by their recruiter, I came in for an interview, then started working there. Like I said, I'm not an official employee yet, I am still an intern, but with any luck I will be able to move up to an official job in the spring when I completely finish up with my degree. But I am payed well, and I'm not like a coffee boy or anything, just to clarify, haha. I do a lot of work in our data center, both hardware and software. I've installed $100k servers, done a lot of different things with VMs, configured routers, IDSs, and switches, etc etc.

 

[Carpathian]

Yeah, the cybersecurity degree is pretty diverse in terms of what kind of job you can get with it. Well there was a combination of things that helped me get the job I have right now. For starters, I'm not actually a straight up Network Engineer, I'm technically an intern, but that's more or less just a title, my job duties are more relateable to that of an entry-level Network Engineer. But I applied for a small company, I didn't do it through any kind of official channel. I did have a connection to the company, my father used to work with the CFO. So I just sent the CFO an email asking about a paid internship, and I attached my resume to the email.

I was contacted by their recruiter, I came in for an interview, then started working there. Like I said, I'm not an official employee yet, I am still an intern, but with any luck I will be able to move up to an official job in the spring when I completely finish up with my degree. But I am payed well, and I'm not like a coffee boy or anything, just to clarify, haha. I do a lot of work in our data center, both hardware and software. I've installed $100k servers, done a lot of different things with VMs, configured routers, IDSs, and switches, etc etc.

Okay, I gotcha. I currently work for county government where I live so my plan was to see if I could laterally transfer over to their basic IT department or their county wide MIS department to gain some experience in IT while I'm in school. However, I may try looking into some paid internships after reading what happened with your situation. What are you hours like? Just standard 9-5, or something a little more hectic? Is your employer flexible with your classes and stuff? I ask because in the event that I am able to snag a job while still in school I want to make sure I am actually able to FINISH the program I am in hahah