0

Is there any program out there (from the government or the private sector) where you can learn IT Security (from senior workers) while getting paid (to do the basics as you are learning)?

To make things a bit clearer: I would like to go in to pentesting, and I'm wondering if there is a place (or organization) that will hire newbies and pay them while they intern (possibly in return for a few year contract etc.)

Community
  • 1
pzirkind
  • 707
  • 6
  • 12
  • Your question is very broad and lacking things that M15K points out. You should edit it to tell us more so we can provide a good answer for you and others who may read it in the future. On the face of it, this sounds like a junior position or a paid internship... but I don't know where you stand – Jeff Ferland Aug 28 '12 at 04:09
  • Agree with Jeff here. This question borders on too localised already, though, which is often the case with career advice. – Polynomial Aug 28 '12 at 06:00
  • I would hope you are able to learn on every job. So the program you are looking for would simply be a starting position in the field. – Ramhound Aug 28 '12 at 13:23

2 Answers2

2

What is your experience level thus far? What sort of IT Security role are you looking to get into? Generally, you're going to have some level of expertise in one or more of the common domains. System Administration and Network Administration are probably two of the most common entry routes.

That said, you shouldn't be looking to shortcut the game. If you're going to keep your credibility while talking security principles and best practices with your peers, you definitely have to know what you are talking about.

If you don't have any experience, then I would say if you could get a junior network or system admin job straight out of the gate, you are probably doing VERY well and/or know someone. And you can start to pickup what you need to move forward. A lot of the folks I know, myself included had to start out in desktop support or helpdesk, that's not bad either.

M15K
  • 1,182
  • 6
  • 7
  • Certs can be useful, too. Shell out a few hundred bucks for a CompTIA Security+ to get the absolute basics, then move onto CEH or similar. Just remember that they're only absolute minimums in the security industry, and won't often be taken seriously by employers. – Polynomial Aug 28 '12 at 06:01
  • @Polynomial What would a good way to learn security ( Sever based linux ubuntu etc. ) be? I guess some requirements would be learn C/C++? – Kao Aug 28 '12 at 07:55
  • 1
    @Kao It's difficult to give you one-size-fits-all advice. My suggestion would be to learn a programming language, but not C and certainly not C++. Start with a language like Python. Learn to write decent code in it. Then move onto PHP, and write some horribly insecure webapps! From there you'll start to understand security principles. I'd also suggest reading [OWASP](https://www.owasp.org/) for general reference, and [CoreLAN](https://www.corelan.be/) for more in-depth native exploit information later. – Polynomial Aug 28 '12 at 08:14
  • @Polynomial I'm already a fairly good PHP programmer, and on application level, I know how to protect myself. I'm concerned about the Server level. We have no clue how to protect us on the server level, other than removing ftp/phpmyadmin and making sure only the ports we need are open. Thanks for the links though! – Kao Aug 28 '12 at 08:21
  • I have some basic networking skills (I am now a php developer specializing in Magento, but learned for the ccna test), how do I go about getting in to the field of pentesting (I don't have a lot of money to spend on education right now and have bills that I need to pay on a regular basis) – pzirkind Aug 28 '12 at 14:20
1

Certainly - in my teams there tend to be a couple of entry points - the experienced hires, with specific role expertise, and the juniors/graduates with very little expertise.

At the junior levels, some IT experience definitely helps, and this could be in support, IT, an IT degree, or similar. Some experience with IT audit or IT general controls work would also help, but they aren't absolutely essential.

Then I tend to make sure that in addition to formal classroom-based learning, there is on-the-job training, shadowing, self-tuition and web-based learning.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • That sounds really good, I have php experience and basic (level 2) desktop support experience. How do I go about getting in to a security team. – pzirkind Aug 28 '12 at 14:18