IT Security Career Change Mid-Career?

[TrailRunr]

Why not CIS? You are making it harder on yourself. The GM is a mistake if you are going to IT.

[bjcheung77]

He could consider an undergraduate certificate in IT.

I will still recommend a MSCIA over a Certificate or a Second Bachelors of IT (even though I am going for a second bachelors of IT)
But if I am going to skip the second bachelors of IT and go straight into the Masters Degree program, my steps will be as follows:

For someone who has zero IT experience and isn't even sure if they want to get into that industry, this is what they should do??? Yikes!

To Recap: Entry Requirements for MSCIA
Applicants must hold a bachelor’s degree from a regionally or nationally accredited college or university, and must also demonstrate
IT security experience through at least one of the following three methods:

A) Have earned a bachelor’s degree in IT security or IT networking that covers at least two CISSP CBK domains.
B) Hold a CISSP, CCIE, CCNP, CCNA, CCNA Security, CEH, CHFI, GIAC 2700 or GCWN certification that is valid and earned within the last five years.
C) Submit a resume for review showing recent significant IT security experience, of at least three years, which demonstrates at least two CISSP CBK domains.

There's two ways of getting this done, the crazy part of me will go for the quicker route, the cautious side of me, the longer.
There's also the cost and time involved to get things done; to pay more to get it done faster, or to learn more and do so slowly.

Recommended - Cautious/Longer: Chose B) From looking at the certifications, the CCNA will be easiest (no prerequisites).
Depending on your study habits, some have completed an exam by reviewing/studying a month, I'll be safe and do so for two.
There are two options to the CCNA, either 1 exam or 2 exam - take your pick.

Cisco Certs: Certifications - Training & Certifications - Cisco
Pearson Vue: Certifications :: Cisco
Cost $250 - Cisco :: Voucher prices & order forms :: Pearson VUE


In order to get the certification, I will probably recommend at least a month or two studying and doing practice exams.
There are tonnes of free exams, study guides, online videos, etc in regards to getting the CCNA, or take a course.
Side Note: For the MSCIA you will be getting the CEH and CHFI certifications paid for with your degree tuition

Not Recommended - Crazy/Quick options: Chose B) Take the CEH or CHFI, if you are doing the online 5 day course, you can take the exam after those 5 days.
I understand this is a very lengthy 4 hour exam, but that bypasses the two year IT experience needed for self study. The online course is $2495.
CEH or CHFI: https://cert.eccouncil.org/application-p...ility.html

And I don't recommend this one as you're going to be getting the CEH and CHFI certs from taking the MSCIA, it will only save you time.
I will only recommend this as a last resort or if you're going to take more than 1 term to complete the MSCIA, as each term is $2950.
There are so many different options, but my recommendation is to get your CCNA as it's the cheapest and easiest way to get in.

MSCIA Syllabus - MS Cybersecurity & Info Assurance Courses
Cyberwarfare 3
Risk Management 2
Cyberlaw, Regulations, and Compliance 3
Secure Network Design 3
Security Policies and Standards - Best Practices 3
Secure Software Design 2
Ethical Hacking 4 - (This should be the CEH certification)
Forensics and Network Intrusion 4 - (This should be the CHFI certification)
Disaster Recovery Planning, Prevention and Response 2
Information Security and Assurance Capstone Project 4

[bjcheung77]

There are a lot of different roles within Info Sec. Go to https://www.cybrary.it/ and watch some videos to see if it is something that really interests you.

Security+ - Intro to Info Sec
HIPAA - Healthcare related but all companies have to deal with it.
CISA - auditing
CISM - management
CISSP - management
CASP - advanced general, technical

and more.

Your advice is awesome, I read your info on the other technical forum for certification exams.... been lurking here and there for a while.
With the exception of Security+, I think all of them require prerequisites for those Certifications. But yes OP, get your feet wet!
Anyways, to add to this OP, since you want to start investigating into IT Security, why not take the free CyberSecurity courses from TEEX.
There are 3, for Everyone, IT Pros and Business Pros. Even though you don't need credit for them, it's free and gives you some insight.

[DBRENNAN118]

Why not CIS? You are making it harder on yourself. The GM is a mistake if you are going to IT.

Already have the GM - it's mailing out to me next week. Also, not 100% sure I will go into IT, just looking at options right now - not making decisions.

[dfrecore]

Already have the GM - it's mailing out to me next week. Also, not 100% sure I will go into IT, just looking at options right now - not making decisions.

It wasn't a mistake to get this, don't listen to that kind of negativity.

Go out there and do your research, it's a great idea to look more closely at your career as you begin to notice that the industry is not a good one. And you have a lot more years to work, so it's definitely not too late to make a change.

[bjcheung77]

Already have the GM - it's mailing out to me next week. Also, not 100% sure I will go into IT, just looking at options right now - not making decisions.

+1, it's not that hard to just get certifications either, as upper management actually don't get their "hands and feet" wet too much in any industry. When you're GM or higher, it's all on moving the company vision forward, not to look at the simplest individual issues. That's my perception anyways, others think diff.
GM/VP are the brains in the company, delegating tasks to managers/subordinates - individuals who are probably more qualified in programming/development, or IT Security for that matter.

[Outis]

I highly advise you to find an INFOSEC forum or two and post your question there. Do not take advice from folks who have no experience in the industry. Consider the occupation of folks before giving their opinions equal weight. In this case, TrailRunr's advice is probably best.

FWIW, I'd be very curious what type of company would hire someone as a mid-level security engineer with no previous infosec experience. For a position like this, you do need technical chops, not just general managerial experience.

[ajs1976]

I highly advise you to find an INFOSEC forum or two and post your question there. Do not take advice from folks who have no experience in the industry. Consider the occupation of folks before giving their opinions equal weight. In this case, TrailRunr's advice is probably best.

FWIW, I'd be very curious what type of company would hire someone as a mid-level security engineer with no previous infosec experience. For a position like this, you do need technical chops, not just general managerial experience.

I would agree with reading some Info Sec forums, but be careful because OP will also have evaluate the experience of the people there. I have seen to many help desk people whose only security function is resetting passwords give others advice on how to become architects and CISOs.

TrailRunr's advice is good, but unfortunately the question should have been asked and the advice given six months ago. Probably to late for OP now, but good advice for others who may read this thread.

The OP has years of experience in security and there is a demand to fill Info Sec positions. Add some knowledge, credibility, and networking and I think there is a pretty good chance of getting a shot at a Info Sec manager position. Best chance might be at a large retailer, that will value the industry experience.

[Outis]

The OP has years of experience in security and there is a demand to fill Info Sec positions. Add some knowledge, credibility, and networking and I think there is a pretty good chance of getting a shot at a Info Sec manager position. Best chance might be at a large retailer, that will value the industry experience.

Information security is not the same thing as retail security. The only similarity is in the name "security". The OP has 0 years of experience as an information security professional.

Do you expect a company to hire someone as a "senior software developer" to oversee other developers, with no software development experience? I hope not. In the same way, I wouldn't expect a company to hire a "information security manager" to oversee infosec operations with no experience. Then again, there are a lot of data breaches lately, so maybe...

That being said, entry level infosec jobs (good ones, not help desk password reset monkeys) probably pay more than most retail security management jobs, so you aren't putting yourself behind IMO.

[DBRENNAN118]

Appreciate all the feedback. To be more clear - I have 20+ years retail security/risk mgmt. and at a senior level...I am not naive to think I would waltz into a senior IT Security role with 0 experience. My original post was about a potential career change, and eventual climb back to a senior level. It seems like IT security is the (near to mid) future and a relatively more secure job field. I admit I know little to nothing about it and would need to start from zero.

Also, there are some companies that are looking for someone to oversee both IT and traditional security to save money - they have strong mid-managers to do the expert level stuff and need an administrative/strategic leader. I was thinking that with the IT credentials and some experience I could better compete for those types of roles. I wouldn't be the guru, but may not need to be as long as I could talk the talk. Developer is a bit beyond my bandwidth...

Thanks again all - valuable advice!