Taking my next steps into Information Security
During my time learning about cyber security, I have taken many different classes. My favorite courses thus far have been with John Strand from Black Hills Info Sec. In my past posts I have talked about some of the classes I have taken with him, he always has great stories and great advice.
I have been struggling finding a job even while holding two certifications. I was starting to get frustrated, but during a class John explained how he got started. He explained that he got started in Help Desk, and that one of the best places to start in cyber security is Help Desk at an MSP. He said that it really helped him develop as a professional and learn the ropes of IT, which helped him become an even better Cyber Security Professional.
I took his advice to heart and started applying to Help Desk roles at MSPs. I ended up finding a role at a small MSP near my new home. I started in mid-October, and have started to settle into my role. A lot of the work is typical help desk stuff; active directory management, setting up computers, troubleshooting. However due to the size of the MSP and the breadth of their clients, I am learning so many different systems in so many different industries. I also have the knowledge of the owner and the other employees who are very eager to help me learn on the topics I need brushing up on. For example, in preparation for my eJPT, I knew I needed to brush up on my networking, especially subnetting. While talking with the CEO, the topic came up and he spent about 45 minutes going through and teaching me so tricks. He even went through and helped me with binary.
Paving your own road
One of the things I see echoed throughout Cyber Security social media, is that young professionals such as myself are frustrated because we see the shortage of roles talent in cyber security, yet we aren’t even given the time of day in terms of interviews when we apply. I completely understand the frustration, as I felt it myself. Here I had six years in project management for a fortune 50 company along with 2 Industry certs, yet I would get rejection email after rejection email. Every Cyber Security role needs experience, yet very few are willing to give that experience (especially to someone who is 6 years removed from University). In response to this I decided I needed to find a way to make my own experience. This was something I looked at when interviewing for Help Desk roles. The tole I am in now doesn’t pay as well as some of the others, however while interviewing, the company was excited at my limited background in security. They even wanted me to be the go to for security when I started and felt comfortable. I knew this was the fit that would benefit me the most and give me the flexibility to grow as a cyber security professional.
I have been there for about a month now, and I can firmly say I have been able to start to pave my own way in security. I have been given the lead for multiple clients to handle their security operations. I am running vulnerability scans, testing web apps, and fielding and stopping phishing campaigns. Although its not the job that was advertised, nor was it the job I was brought on to do, I have supplemented my daily work with what interests me, and I am bringing a value to the company, and most importantly keeping our clients safe from the ever growing threats that lurk on the internet.
In the coming months, I plan on rolling out some more education for our clients, including their online presence. In my role, I see certain things correlate with an increase of phishing attempts, including more targeted phishing attempts that can trick even the more savvy employees. My reasoning for getting into cyber security was to protect others and make a difference in a field that many view as foreign, and intimidating. In my current role, I feel as though I am just starting to get my feet wet in cyber, however I can already see that I am starting to make a difference.
My advice to aspiring cyber security professionals
I really don’t feel like I should be in the position to be giving advice on breaking into the cyber security field, as I am not quite into it yet, however I feel as though I am starting to step foot into the battlefield of cyber space. However, I will give what I believe is working for me.
Go out and find your local MSP, I can guarantee there is a small MSP somewhere nearby that needs your help. We are living in a time where everyone is hiring, I am sure you can find someone.
Often times these MSPs are small shops that focus on small businesses, security is an afterthought to them. Be a trojan horse of security, come offering your knowledge of computer systems and when you get there start working in security.
As time goes on, start to work on the security field you want to be a part of. Want to be a SOC analyst, ask to start logging and integrate a SIEM. Want to do pen testing or red teaming, offer vuln scanning and management. Want to do GRC and policy, start creating and implementing policies to help harden your clients.
Cyber security is a young industry, however IT is slightly older. That means we have a lot of people who re not security minded. We can help change this and harden the Information Technology industry as a whole, while gaining the experience to take on the roles we want within the industry.
My Final thoughts on Help desk
When I was first starting my role, I saw a tweet about how Help Desk i the front lines of Cyber Security. I can’t remember who said it, but at the time I rolled my eyes. However with each passing day, I realize that Help desk is the people in the trenches on the cyber battlefield. We deal with the phishing emails, the social engineering attempts, the triaged incidents, the AV scans. Cyber is a team sport and teams need someone to sometimes do the dirty, unglamourous work. Think about it, before a general or admiral became who they are they had to start as a private, or a 2lt, or a ensign. Cyber is a war and we have to earn our stripes.