On Wed, 25 April 2001, Charles England wrote: > I have been trying to change my career focus from Jack of all Trades > in a high paced service environment to network security. Despite > banging on many doors I have up to this point come up empty. I have been having a similar problem with my job hunt. I've been what my company calls a "Information Security Analyst" for about 6 years and have worked on mainframe, client-server, network and web security administration and projects for all that time. I can honestly say that I'm very good at my job. I understand the operating systems and applications that run on them and can secure them, even when one system doesn't want to talk the same security language as another. I have a global view of the systems and how they work together, but also understand the details of how they work individually. We have a systems group that is responsible to build our network and database servers, so I haven't had the hands-on experience of building a server from scratch. I have configured security and worked with systems folks on the system design to make sure security issues were handled correctly. I have the responsibility for securing the systems after the servers are up and running. Could I build and maintain a server - sure, I could, it's not rocket science - have I actually done it, no. This one gap in my experience has made it almost impossible to find a company who will allow that I have the knowledge they need and grant me an interview. For most companies "Security Administration" has come to mean build the server, keep it running AND administer security all at once. When HR people or IT managers find that I haven't built my share of servers, that's it for me. I'm out of the running. That's my sad story, but I see it as a bigger problem in the security industry, because, to be honest, I haven't always been impressed with the ability of the systems people to deal with security issues. In my experience, most of them aren't trained in basic security and control issues and sometimes they aren't even interested. Their focus is to keep the system up and running and security usually takes a back seat. As far as certification goes, my CISSP certification has gotten me a couple of phone interviews, but that's as far as it's gone. As far as what certifications are important, get an MSCE and you'll probably get hired, though you sure won't know any more about security. My 2 cents. Sharon Joyner smarie99at_private Find the best deals on the web at AltaVista Shopping! http://www.shopping.altavista.com
This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 18:04:38 PDT