Home page logo

basics logo Security Basics mailing list archives

need some advice please (rather long read)
From: Matt <mpvarner () gmail com>
Date: Fri, 24 Aug 2007 13:48:25 -0500

Hi everybody,
I recently signed up for this list and it appears that this would be
the place to ask for some advice. First off I apologize for the long
note but I'm a bit frustrated and I'm hoping that by providing enough
detail that I may be able to find some direction. Thanks in advance
for taking the time to read my book!

I'm currently looking for work in the Austin area and it seems that
I'm either overqualified or under qualified for the positions that
come up. I'm trying to determine if there is something I could do to
improve my resume or some certifications I should pursue. My goal of
course is CISSP but I don't feel that my experience would fit the
criteria because even though I did security related jobs it was not in
my "job title" I may be wrong about this and it would be great if
somebody who is a CISSP or knows these kinds of things could take the
some time to look at my resume and give me some advice.

I currently have certs for Security +, MCP, A+ as well as some vendor
specific certs that I picked up with various companies I've worked
for. I am considering something like the TICSA and the CCNA but I'm
not sure which certs would be the most advantageous.

The good and the bad I think is my experience, lack thereof or how I
portray it. I started off as an aviation electronics tech in the Navy
from which I worked at a cable company doing repairs, then tech
support (phone) then I moved to a startup company where I did
everything from technical writing to desktop support to managing the
phone system. After the crash I went back to school and got my college
degree. Then I went to work for a VAR doing everything you can think
of for small to med size business. Everything from removing spyware to
managing user accounts to troubleshooting network problems, wireless,
hipaa compliance for doctors offices and more. (good old jack of all
trades master of non) It appears that due to this that I am
"overqualified" for entry level stuff and "under qualified" for any
full blown security positions.

I have a broad background as in I've done everything from shell
scripting to troubleshooting and repairing circuit boards to the
component level (I really don't enjoy and wish to say away from this)
My interests are on the security side but the "experience" I have are
things like discovering a server that was rootkitted at one company
(where there was no full time security position) or going into a large
real estate firm and tracking down and eliminating a worm that had
infiltrated their network. I have learned a lot on my own using
Nessus, Netstumbler, Snort and things like this out of curiosity but
the only experience I have with the corporate stuff like ISS is
finding some online training programs or reading articles that I have

I was hoping that the Security + cert and my experience, education and
other certs would put me in a decent position to pick up something at
least entry level in the security field but I'm beginning to wonder.

Thanks in advance for any useful advice!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]