A career change

[jwdcfdeveloper]

I have been a web developer for the past seven years. Though I enjoy it, I want to branch out into security. I want to move away from web development more into application and network security. I am currently taking classes at DePaul University focused on network security, e-commerce security (e.g. public and private keys, security certificates, etc.), network programming, etc. I notice that alot of security jobs are looking for years of experience. I want to know the best way to (no pun intended) break into the Application/Network Security field. I am especially interested if anyome has done it, or knows of someone who has done it.

Thanks,

JW

 

[bol05]

I am in your shoes now, but converting over to CCIE from MCSE. Sick and tired of those damn blue screens. My best advice is to listen to people's opinions, but go with what your gut is telling you. Have respect for certification and education and it will later pay off. Invest in yourself!

 

[mmorancbt]

There are a couple of ideas I'll throw out.

First, don't wait for permission. What I mean is that any classes you take won't make the transition for you. They will provide some of the information.

Second, think small. The small-business market, companies between 30-200 employees, are generally underserviced in IT in general and are much more willing to let an ambitious and intelligent individual learn new skills and apply them at their location.

It is important to note that when polled approximately 17 in 20 IT professionals (higher with new technologist) indicate a desire to work in a large corporate IT department. However, the huge number of jobs in our country rest in the small business market.

Before I hear the cries of, unstable, no benefits, and similar ideas, I want to clarify. I am not talking about working with a Mom & Pop startup that uses 4 computers. There are amazing growth companies in this market segment. Companies with benefits, greater opportunity for responsibility and advancement, greater exposure to management and a thriving professional network, and generally more dynamic and fun environments.

As I stated earlier, in the technical realm they are underserviced and may provide a great place for you to create a more well-rounded and versatile skill-set.

To make the situation successful you need to develop peer resources to bump ideas off of. Tek-tips is one such place and then there are probably local user groups that you can take part in and meet other professionals. This will become your knowledge network - a place you can go to have questions answered and answer questions yourself.

This is an idea that I have seen many technology professionals use to their success.

Matthew Moran
Read my career blog at:

http://www.cbtoolkit.com

Musings:

http://matthewmoran.blogspot.com

Todo esta bien.. Todo esta divertido (it's all good, it's all fun)

 

[tazuk]

Just a quick note to endorse mmorancbt's views:

Second, think small.

Having been an application developer for 7 years, I have moved to a small company where I am the sole developer. As part of this move I have been given a free hand to work in whatever areas I see need / opportunity for improvement. This will (given the modern networked environment) naturally include security.

As a sub-note, it does help to move to a smaller company where the the boss has a technical background

TazUk

Blue-screening PCs since 1998

 

[kHz]

The best chance of doing "security-only" is with a very large company, because they have the money to pay specialists, like Unix sys admin, firewall analyst, data comm, ID, etc.

A small company generally cannot and will not employ someone to do one specific task, but wants a generalist to do many things.

A small company probably isn't going to care about security either. My former small/med company ($100+ million/year revenue) I used to work for didn't and doesn't care about security. I would tend to think this is the norm. However, a large company with billions in revenu, like I used to work for does take security seriously, and thus, does hire specialists in the field. Currently I work government and they also take security seriously.

 

[jwdcfdeveloper]

The best chance of doing "security-only" is with a very large company, because they have the money to pay specialists, like Unix sys admin, firewall analyst, data comm, ID, etc."

I hear what you are saying kHz, but isn't the problem there that the big companies want tons of experience? I know small companies tend not to think about security as much until something goes terribly wrong (and believe me, I know from experience), but it seems to me that you have to at least earn your stripes working as a part-time security person in a small company, be willing to start your own consulting business, or perhaps a combination of the two. I'd love to work for a company where security is all I did, but my question is how do you get in if you have a degree, but not a lot of experience?