Up until a couple of months ago, I'd been facing the same question. Fortunately I've found a cool job as 'network security engineer' at a startup. Perhaps an outline of my experiences and what I've done will be helpful: For the past few years, I've been very interested in computer security, following bugtraq, reading mailing lists, and trying to experiment and learn on my own. At the same time, I was acquiring about 4 years of experience as a *nix admin in large and small heterogenous environments. My first "real" job was combo unix admin/perl&c programmer for a web development house. Since I was responsible for the security of machines on the 'net at that job, I was able to put a little security experience on my resume, especially because I tried to make it a large-ish part of my job. Following jobs were Tech Support at a "Secure ISP" (sucked, I wasn't learning, left after three months), and then contract sysadmin for Taos Mtn, this was cool, because I got some really diverse experience. For the last job, I moved down to San Jose, so I'm pretty much in the heart of where people are needed. I'd also posted to this list and asked for advice, help, etc. Some of the replies I got were very helpful and encouraging. Suggestions ranged from experimenting on my own to working for free for non-profits or such. One guy even said if I lived on the east coast and had a security clearance, he'd hire me, which was encouraging. I made sure all my friends knew this was the field I wanted to be in. I also watched the list, chatted with people on various irc channels, and tried to let my background and such be known as widely as possible. The way I finally got a security job is pretty funny: A friend of mine from detroit was chatting with some guy on irc who mentioned his company was looking for a security person. My friend said, "hey, I know this guy..." and got me the other guy's email address. I sent him off my resume, and got an interview almost immediately. When I talked to the people here, they seemed pretty cool with my experience and such, when I explained how I'd been trying to focus on security. They quizzed me a bit on my firewall and network knowledge, as well as unix and nt (which I didn't know too well), and then I talked to the director of operations. He told me they were basically looking for someone who wasn't too senior, because those people are extremely difficult to find (which strikes me as true, plus, I'm certain I'm a lot cheaper :). They wanted someone who could grow and expand to do well in the position, with proper training, support, etc. That sounded like me, so the end result is that they made me an offer (5k less than i was making at my taos job, but with enticing pre-ipo options) and I decided to take it. So the path the job took to find me was: San Carlos->Detroit (IRC) Detroit->San Jose (a MUD) San Jose->San Carlos (email) All that said, that might be the sort of organization/position you should look for. Get the word out to any friends you have in the industry, and be persistent. I first realized I wanted a real security job about a year and a half ago, but it's finally a reality, and I love it. Keep your ear to the ground. -gabe On Wed, Feb 16, 2000 at 08:44:54PM +0000, Jason Murphy wrote: > I don’t know if this is the proper forum to ask or to discuss this question > but here it goes. > > I am a recent graduate with a degree in Computer Information Systems > (Computer Science Degree where a Business minor substitutes for the Math, > Physics, and Chemistry classes) and have been looking for a job for about > the last 6 weeks and have noticed a pattern. About every Computer Security > job posting I read is for a Senior position. I have yet to see a Junior or > entry level Computer Security job posting, although, I think being a Network > Admin is a at least Junior Computer Security job. > > Now my question is, how do I break into (No pun intended) the Computer > Security field? I have been following the Computer Security Scene for about > 10 years as a hobby/passion and I never have had job in the Computer > Security field. How do I convince job recruiter that know Computer Security? > I can not state at a interview that I have broken into machines and have > done some activities that would be considered illegal or at least immoral. I > also can not prove that I have done work for other people (Helping people, > clubs, organizations that need security help). What can I do to get > recognized? > > So what should I do? Any help or recommendation of any kind would be greatly > appreciated. > > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com -- Gabriel Coelho-Kostolny gabeat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:04 PDT