In this video, Marc Menninger explores creative ways to get required experience for an IT security job. Explore four ways to get security experience going the "do it yourself" route. Learn how to get valuable real-world experience at companies before you're even out of college. Discover ways to get experience and help your community.
- [Instructor] Let's say you've decided to get started in an IT security career, but you're missing that essential element, experience. Most IT security jobs, even entry-level ones, require years of experience in the security field. But how are you suppose to get the experience for the job, if you need the job to get the experience? This sounds like the classic chicken and egg problem. Luckily there are many ways to solve this problem, but first let's talk about what experience is. Many people might think experience only means on the job experience, but there are plenty of other ways to get valuable experience all of which will look great on a resume.
The first way is to go the DIY route and get security experience on your own. This approach is only limited by your imagination, but here are some suggestions. Build a lab network at home and figure out how to secure it. While this will require an investment in equipment and software, much of what you need can be found through inexpensive sources like Ebay. Go to vulnhub.com and practice finding application vulnerabilities. Go to capture the flag sites and practice hacking and penetration testing, safely and legally; and take online security courses.
If they provide a certificate of completion at the end, make sure to print it out and keep it for your records. When it comes to adding DIY experience to your resume, make sure you frame it as specific security goals you accomplished. Built and secured a Windows active directory network is better than built a lab network at home. The second way to get experience is as an intern. The demand for IT security help is so high that many organizations would love to have an intern to help out.
Interns are often college students with little or no actual IT security experience. Internships are usually short term and low pay, but they're a great way to get valuable real world experience. You can find internships through search engine queries or job listing sites like Indeed.com. A third way to get experience is by volunteering your time and skills. Many charitable and nonprofit organizations have computer networks and websites, but they can't afford to hire a security professional to help keep them secure.
This is where you can step in to help the organization while at the same time giving yourself real world experience perfect to put on a resume. Think of local nonprofit organizations like churches, animal shelters and community centers, which could use your help securing their computer networks or websites. Contact the organization that appeals to you and offer to help. Chances are good they'll be more than happy to have you help them out. Finally, another way to get IT security experience is to find ways to get the experience in the job you already have.
This is especially easy if you're already in an IT job. Then it's just a matter of identifying the parts of your job that relate to security. For instance, if you're an IT help desk technician perhaps you've added and removed users; changed user privileges and troubleshot anti malware or other security systems. All these count as security experience, even if security isn't in your job title. In the handout for this video, you'll find links to many resources that will help you get valuable IT security experience.
If you're creative, you shouldn't have any problem finding ways to get the experience you need to qualify for the job you want. With a little creativity, you shouldn't have any problem finding ways to get the experience you need to qualify for the job you want.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- The job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself