Any IT Security Experts? I want to up my company's Mustachian membership

[fumanchu282]

Whenever we do a demographics poll here, it seems like there's an overabundance of software/engineer/technical minds. Are there any IT security folks out there that are looking for a job change? I think it would be cool to have some more like-minded people in my division.

HR always encourages us to refer our friends, and I figured that I hang out on these forums a lot and feel like I know some of you all pretty well, so why not. So, sorry if this is against the rules here, Mods. I know we're trying to grow and we're always looking for people throughout the US in my division. And the pay is really great, so you can up your savings rate!

Send me a PM if you want, and I can pass your resume along, or if you have questions I'd be happy to chat!

[gimp]

You might want to mention what rough geographic area(s) and what sorts of jobs, but, cool post, hopefully someone takes you up on it.

[fumanchu282]

You might want to mention what rough geographic area(s) and what sorts of jobs, but, cool post, hopefully someone takes you up on it.

Good call! I'm based out of Chicago, and we have a big practice here. The other big locations for IT Security at our company are Minneapolis, Atlanta, and New York. I know for a fact we have open needs in St. Louis and San Francisco that they really want to fill, among a few others. If you kick ass at IT Security and you don't mind traveling, really the main rule is just that you live close to any major airport.

We do pretty much anything having to do with IT Security, with our main areas of work being Threat Management (think penetration tests, breach response, social engineering, etc.), Identity and Access Management (mostly implementations of vendor identity and access management solutions), and Security Program and Governance (security strategy, risk and compliance, etc.)

I am an IT SOX Auditor. I am not sure if that counts or not. It is nice to see other people on the website doing similar things.

I know we have a lot of folks like you, some of whom work in my practice and some of whom work in a different one called Assurance. I work for a large professional service firm, and we do a ton of stuff (not even related to technology necessarily). Heck, if you have experience (e.g. aren't a student still in school, because we have specialized recruiting channels for that) and have any interest in making a switch to professional services / client services / consulting, I'd be happy to pass a resume along to the right channels.

Send me a PM if this sounds like you!

[fumanchu282]

Can I ask a tangential question?  Are there ways for someone without a technical background to get into IT security work?  I'm contemplating different things I could do, preferably on a part-time or consultancy basis, if I leave my current position.  I have no technical/programming background at the moment, but am willing to learn -- would prefer not to have to go back for a full degree, though.  I am also fluent in Chinese.  I work in a sector that is highly vulnerable to cyberattacks/intelligence penetration, so there might be good potential for marketing my services to organizations that need better security controls.

Two part answer, in my experience.

On one hand, the technical security work we do is very horizontal and cuts across many industry and sector verticals. In large part, if you're an application security expert, you break into, say, bank apps the same way you do to aerospace and defense apps, etc. (of course industry specialization can come in handy, some colleagues just did an engagement where they were chosen to help test a lottery's security mechanisms because they had done similarly obscure tests for another lottery previously). If you implement single-sign-on systems at retail clients, you probably can do it at insurance clients.

The good news is though that in my experience no one cares if you have some piece of paper on it that claims you have a degree. That degree might help get you in the door, but it won't get you the job and won't deliver the work to the clients. But if you can break apps, or implement complex systems, etc., and you can prove it, then that's what you need to get the job. This means you need a portfolio of work that proves that you are a do-er and not just a talker. So if you teach yourself how to do it, you're in.

I know there's a lot out there on how to teach your self to program, how to get your first job as a programmer, etc. that I won't rehash here, but I do have a few good security-specific links for you:

https://news.ycombinator.com/item?id=4203610

https://news.ycombinator.com/item?id=3939642

http://programmers.stackexchange.com/questions/46716/what-technical-details-should-a-programmer-of-a-web-application-consider-before