Thread: Should I go for Carrier in Infosec ?

I strongly dis-agree, I have seen allot of morons in the info-sec, they are there either by there degree or a Luck.
Degree/Certifications creates more oppourtinuties. As, you might have seen in Job portals, for the people who have degree/certification have more oppertunities then the person who does not. However, the topic, "Degree/Cert vs Utimate Knowledge" have done to death million times, but, It should be note that, it play a critical role in the career oppertunities.

But These people wont excel in the carrier as they dont have the inner will to go forward in infosec they are just here for the money of it.

The point is not against doing Certifications but the point is Who should do it, people who dont have any interest in Hacking just doing some certification or courses for getting into the Infosec Field becuase it pays good. This is the basic problem. The companys need to change the point of view that only certifications bring knowedge. In my last company I had actually gone beyond the line (and had fight with my bosses) to get freshers who had the hacker mind but didnt had the certifications. I always belive that it is the way people think that is important.

I would suggest myself for the doing the certifications but for those who already have good interest in the infosec field and not to people who are just looking at this field as just a field of IT which is giving good salary.

When ever I hear a fresher asking me question about Carrier in infosec, first question I ask to them is tell me what have you done untill now ?, what have you read ? If you have done nothing then on what basis I should aggree that you have interest in infosec and not just looking out to it as yet unother job.


I ask them forget about tools and methods of hacking tell me how well you have learned the networking which is in your sylabus. When I was giving a guest lecture at Bharati Vidyapeeth. I asked any student should raise their hand if they think they have understood the networking throughly. Not a SINGLE hand was raised. I felt bad. I asked them you have learned tcpip can some one explain be veryfirst basic - The TCP-IP handshake but no one was confident enough to explain it. If one has the will to become hacker he would have learned TCPIP completely atleast.

Originally Posted by neo

In my last company I had actually gone beyond the line (and had fight with my bosses) to get freshers who had the hacker mind but didnt had the certifications. I always belive that it is the way people think that is important.

All i can say is they were lucky that they got someone like you to back them up. but its not general case.

HR's scrutinize resume using certification keywords. you know or not, you will not reach the interview stage till you have the keyword in resume. that's something i have faced and has been a pain point for me since then.

@anant
Again I would say that you are missing the point. I am not saying we should not have cerifications. I am saying the people who have real interest in this field should do certifications.

I personally feel that certifications doesn't prove that you know the things, specially in security. Your skills & knowledge will be tested in Interview only. Interviews can only differentiate between a person having hands-on experience on VA/PT/WebApp than a person who passed, let's say CEH, by reading dumps.
Again that's individual company policy to get certified professionals on the board and interview's view to judging the right candidate for the right role.
Certs like OSCP are worthy cause these are based on practical experience, not on dumps.
So if u thinking to enter into security just by doing lot of certs, you won't be able to impress interviewer who seeking true knowledge.

AMol NAik

This is an age old debate still more prevalent and more relevant for the Indian Information Security market.I am sure each of us who replied here spoke from their experience in finding a job. Unfortunately the verdict is always going to be 50:50 considering the way recruitment's happen in India

Certifications.

HR's scrutinize resume using certification keywords. you know or not, you will not reach the interview stage till you have the keyword in resume. that's something i have faced and has been a pain point for me since then

Its a fact that 70-80% of the Information Security Jobs go down by the process of HR recruitment and all they do is get the specs from the Security Dept and look for keywords in job portals i.e CISSP,CCNA,CEH. Now the next stage when it lands up with the manager again another 50-60% of them go for ppl with reputation of certifications....now the problem is down to the reason that our country/industry is yet to reach the maturity or cant afford to have HR specializing on specific domain recruitment unlike Europe or US.

There are only handful of companies go for the other trusted and successful mode of referral recruitment,I have seen it work very effectively and practically seen excellent resources coming this way.I had always looked to my G4H friends to refer for any of my recruitment.

Our Information Security industry still runs with the faith that a CEH & CISSP resource is the ideal person for them to have.And its sad that mid level managers & senior management dont even know what is OSCP or a SANS.I think it will be a gradual change over time core techies will move into these roles and talented ppl will get recruited.

What I feel is Certifications doesnt guarantee you knowledge,skills but at the same time certifications helps your chances of getting shortlisted.So the foremost thing is developing skills and knowledge and supplement it with relevant certifications.

What i meant to say was following


1) Certifications -> required to clear the first round of interview.

2) Good skill set on paper -> required to reach the face to face interview level

3) skills and actually real time experiance -> required to get the job and / or to survive the job

So all i can say is skill needed to survive and excel. certs needed to sail past the not so knowledgeable screening process.

however if we look at certifications also.
ideally speaking they have some bases.

CEH says you should have 5 yrs of experiance or you should attend training. (bold part is problem here)
OSCP names says it all.
RHCE and above certs : i don't need to tell.
CISSP : ask's for 5+ yrs of relevent work ex.

problem is HR's asking freshers to have CEH to move in the job.

so certs are good in a way that you use to prove the skill that you posses and not to compensate on lack of skills.

besides that as always repeated its age old debate and will keep going on and on.

Damm , nice Write ups . I thing person who came in the Info Security . He is came his mind (Automatically) not forced by parents and teacher . I came in this field due one error In Cyber cafe (When i was in 10th ).

hi am doin my final yr engg in CompScience.. and am very much mad on being an Proff.Ethical Hacker n also my aim is to get into Cyber Forensics.. i haven't done any certification till now.. and am now in position to decide my path and am very much confused in tat.. so do help me in deciding it.. whether i should take
1)MS in Cyber Security/Forensics, Which is the best course which will make me Employable too.. which university is best in that..
ELSE
2)Can i do certification n wat r all the certification i must do? and please do provide me the Centers which make my more expertise in that? (bcoz am in trichy,TN,India) here i dont find any one..inside TamilNadu will be an preferable one..

whenever am in net,i'll always keep on searching abt these above stuffs..bt till nw i dint get it...So pls GIUDE me..
Thanks in regards...

Originally Posted by Hackuin

Fore mostly, I thank, neo for starting a good topic, which will lead people who are about to begin in info-sec may get points from this trend. And, to vinnu for sharing his experience in info-sec, which in turn will/may lead to a healthy debate.



I do not agree completely, I understood the topic very well, but, late choosing/training for selecting a career field most usually resembles/reflects the oppertunities.




I did not get it. How will you get a feeling from your birth? Practically, its not.


I strongly dis-agree, I have seen allot of morons in the info-sec, they are there either by there degree or a Luck.
Degree/Certifications creates more oppourtinuties. As, you might have seen in Job portals, for the people who have degree/certification have more oppertunities then the person who does not. However, the topic, "Degree/Cert vs Utimate Knowledge" have done to death million times, but, It should be note that, it play a critical role in the career oppertunities.



Dude, If anyone need to be in to info-sec, does it mean he/she should be a hacktivist? or If I understood it correctly, a person who isn't a hacktivist, cannot be a hacker or something?



Everyone have there feelings, honestly, I don't even remember, for what reason, I had touched my first PC, but, I loved playing games, started cheating in games, and then got cheated with someone else, and started defending the usual cheats etc., I stated learing C and C++ at my 8th standard, what I did learn was nothing more then a byhards to complete exams, thats becusae, at that age, boys doesn't think much about the career/sattlement and all, instead they think about the next level of studies. Most usually, the whole scanerio of info-sec "ACTUALLY" started with the "INTERNET". After spending more then a decade, I can honestly understood one thing, that, a proper planning/guideness is alway a helping hand for shaping your career not just limited to info-sec.

I agree to the point of doing some courses or training will not make you anything, the interest and enthusisum is always required, but, these training and courses 'WILL' give a standing/starting point.

I statrted as "Tech Support Executive", then did some Certifications, while doing soo, I had to change the city, and for the living I did completely non technical job, IT-Recruiter, completed certification, joing a small organization as IT-service team, then changed to another company as Network engineer, and then changed again, worked as Network support for another company, then again worked as production support engineer over VMWare ESX server(Network supports for clients), I did learned from experiences, like got fired by two companies in regular yearly audit by CISO's, but, again, at one company while leaving, showed them, dumbest security in palce to that CISO, he was actually amazed, but due to company norms and all, HR, who was again a dumb ass, fired me, I don't actually gave a flying f***, then again, got a chance a chance to work on a case of police, where actually, SAI SATISH introduced me, solved that case like piece of cake, where the actually technical involved was not with the hacking but of a Filesystem, where then, got involved with plenty of case, and department was impressed, still, working here, as Cyber Crime forensic Expert.

The thing what I have learned from my experiences is, its not about late starting, neither it is of training/courses, I strongly believe in few things like, "No education is useless", as amit kher said, "Successful people doesn't do things different, they do it differently", "Your mastery in a thing, will haunt you one day or the other", it little inclined with chances and most importantly, about three things, those are "INTEREST, INTEREST, and only INTEREST".



I agree to the point here, actually, the senses will always inclined towards interests again, simple, example in late, 2003, I was soo much desperate to read the book, "Uber-Hacker II" by carolyn meinel, I serched allmot 100 book stores but it wasn't availabe, but I was having no boundries, I ask my brother who is in different city and the result was same, then, again, I email my uncle who was in New Jercy, he orderd the book online and sended me. After reading that book, I was actually fasinated with the concept at those time, where I did test XSS sql-injection, these topics actually hit the internet security in 2005, but, after couple of years, I realised that book was nothing, just because, you alread had the knowledge, I have read more then thousand books, I don't like reading over computer, I like reading them before sleep at my bed. Books/videos actually teach how to do it in specific scenario, as great C.V.Raman said, "we are taught to learn, but we are not taught to think" which is absolutely amazing words, which is actually required.

-Hackuin

Originally Posted by Parthi

hi am doin my final yr engg in CompScience.. and am very much mad on being an Proff.Ethical Hacker n also my aim is to get into Cyber Forensics.. i haven't done any certification till now.. and am now in position to decide my path and am very much confused in tat.. so do help me in deciding it.. whether i should take
1)MS in Cyber Security/Forensics, Which is the best course which will make me Employable too.. which university is best in that..
ELSE
2)Can i do certification n wat r all the certification i must do? and please do provide me the Centers which make my more expertise in that? (bcoz am in trichy,TN,India) here i dont find any one..inside TamilNadu will be an preferable one..

whenever am in net,i'll always keep on searching abt these above stuffs..bt till nw i dint get it...So pls GIUDE me..
Thanks in regards...

My reply here -> How To: Jobs for freshers in IT Security might help you to get a better picture of industry.