Oh, and I'd also suggest Googling yourself and seeing what's out there for you. If there's not much, start commenting on other blogs, posting on yours, contributing to security mailing lists, forums, and so on. I often Google security guys who touch my enterprise and I truly do make judgements quite quickly (and I'm sure every hiring manager does the same and more). No security-related posts at all? Probably not a geek and I admit I'll not expect much from them. Lots of involvement? Well shit then we can geek out together and have a smashing good time! The stuff found doesn't have to be amazingly deep and badass, but just seeing involvement in things like security-basics mailing list, twitter security groups, and an exotic liability forum presence says enough to me.
If your name isn't very uncommon enough to be searchable, find a decently unique screenname to go by! (Or if you're like me, you have an old one you can't drop because it *is* too unique to just let go!) On Wed, Sep 8, 2010 at 6:55 PM, Michael Dickey <[email protected]> wrote: > I'll probably say the obvious that you already know, but... > > With your experience, picking up a Security+ cert should be easy. Likewise, > I doubt you'll have too much trouble with a CISSP, given purchasing a book > and getting signed up to take the test. People who geek out about security > and are surrounded by it either at work or at play should not have much > trouble. OSCP is very cool, but don't fall into the unanticipated trap I > fell into: clear off a month of time so you can get your cost out of it. > > Certs can really only help in the job search, and shouldn't hurt you. > > I'll second the items about being involved either in local security groups > or in the greater online locations, like Twitter, blogging, and so on. > > Honestly, we need more people like you (and in a self-serving sort of way > me, since we're in similar boats!) who have solid backgrounds in enterprise > operations. Not only does that knowledge help in knowing the common trouble > spots, but also to give real-world tips on Getting Things Done, instead of > the often-times unrealistic expectations some may give who've never had to > live with those recommendations themselves. Besides...being in ops means > you've probably been in higher-pressure situations than any security-only > people have ever been in. ;) > > The best part, though, and it applies to most any career: The first "real" > job in that field is by far the hardest one to land. >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
