Home page logo

pauldotcom logo PaulDotCom mailing list archives

Re: Career Advice
From: Michael Dickey <lonervamp () gmail com>
Date: Wed, 8 Sep 2010 19:01:17 -0500

Oh, and I'd also suggest Googling yourself and seeing what's out there for
you. If there's not much, start commenting on other blogs, posting on yours,
contributing to security mailing lists, forums, and so on. I often Google
security guys who touch my enterprise and I truly do make judgements quite
quickly (and I'm sure every hiring manager does the same and more). No
security-related posts at all? Probably not a geek and I admit I'll not
expect much from them. Lots of involvement? Well shit then we can geek out
together and have a smashing good time! The stuff found doesn't have to be
amazingly deep and badass, but just seeing involvement in things like
security-basics mailing list, twitter security groups, and an exotic
liability forum presence says enough to me.

If your name isn't very uncommon enough to be searchable, find a decently
unique screenname to go by!  (Or if you're like me, you have an old one you
can't drop because it *is* too unique to just let go!)

On Wed, Sep 8, 2010 at 6:55 PM, Michael Dickey <lonervamp () gmail com> wrote:

I'll probably say the obvious that you already know, but...

With your experience, picking up a Security+ cert should be easy. Likewise,
I doubt you'll have too much trouble with a CISSP, given purchasing a book
and getting signed up to take the test. People who geek out about security
and are surrounded by it either at work or at play should not have much
trouble. OSCP is very cool, but don't fall into the unanticipated trap I
fell into: clear off a month of time so you can get your cost out of it.

Certs can really only help in the job search, and shouldn't hurt you.

I'll second the items about being involved either in local security groups
or in the greater online locations, like Twitter, blogging, and so on.

Honestly, we need more people like you (and in a self-serving sort of way
me, since we're in similar boats!) who have solid backgrounds in enterprise
operations. Not only does that knowledge help in knowing the common trouble
spots, but also to give real-world tips on Getting Things Done, instead of
the often-times unrealistic expectations some may give who've never had to
live with those recommendations themselves. Besides...being in ops means
you've probably been in higher-pressure situations than any security-only
people have ever been in. ;)

The best part, though, and it applies to most any career: The first "real"
job in that field is by far the hardest one to land.

Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]