Finding a job or intern.

[seven]

Hello all.
I am currently an Info. Sec student in college. How would i go about finding a security audit firm internship or job? I look on monster.com but mostly they are position for network administration ( which i have no problem doing either, but i prefer auditing and pentesting. )
If i do see a position, they want atleast 3 years experience. How do i get this experience under my belt? How did you(if you are in a security audit firm or pentest for your company or others ) start your career?

[theprez98]

Quote:

Originally Posted by seven

Hello all.
I am currently an Info. Sec student in college. How would i go about finding a security audit firm internship or job? I look on monster.com but mostly they are position for network administration ( which i have no problem doing either, but i prefer auditing and pentesting. )
If i do see a position, they want atleast 3 years experience. How do i get this experience under my belt? How did you(if you are in a security audit firm or pentest for your company or others ) start your career?

You may have to find a general networking admin job for a few years just to get some experience under your belt.

[seven]

Quite a few of my friends who have graduated have gotten the internship at Cisco and have also been hired. I am next line to get an internship there as my friends will recommend me ( and i feel confident enough that i am able to qualify without help ) Would this be a step in the right direction? I would like to have a career in pentesting as this is what i have been interested in since freshman year of high school.
Sure making alot of money from Cisco is great, but i would also like to make alot of money from doing that i love to do aswell.

[theprez98]

Quote:

Originally Posted by seven

Quite a few of my friends who have graduated have gotten the internship at Cisco and have also been hired. I am next line to get an internship there as my friends will recommend me ( and i feel confident enough that i am able to qualify without help ) Would this be a step in the right direction? I would like to have a career in pentesting as this is what i have been interested in since freshman year of high school.
Sure making alot of money from Cisco is great, but i would also like to make alot of money from doing that i love to do aswell.

I wouldn't have any doubt that working at Cisco you will gain a lot of valuable experience. It will quite obviously be vendor-specific (what job isn't), but you'll get some experience under the belt and probably some certs to go with it.

[seven]

Ok, so i suppose the Cisco job will benefit me greatly. But how do i slowly branch into security auditing? Do i ask to do it ( after some years working that is )? Or would i have to learn how to be a pentester somewhere else after i have some certs and experience?

[thorin]

Have you done any personal/professoinal "networking"?

ie: Gone to local OWASP, ISACA, ISSA, etc... meetings?
Created a profile on linkedin.com?
Done any external training, ie: CISSP etc...?

Does your course include a co-op placement?

Instead of checking "official" job postings have you approached any local consulting shops or info sec. firms to see if they had any intern positions available?

Are any of your family (even extended family) in IT or other high tech careers? Have you talk to them about summer jobs or internships?

Does your program do any type of Security Paper (essay/research) competition that is judged by local sec firms? (One of the local community colleges here does that and our firm is amongst the judges....great way to get your name out there). This might be a great idea to bounce off some of your profs.

Additionally if you're profs. were once practicing Info Sec professionals (I really hope they were) then ask them about local User Groups or Professional Organizations (as mentioned earlier).

[seven]

no not yet. i am going into my third year of college but i will definitely be looking into to those things that you have mentioned. My last semester ( next year and a half. ) i have to do an internship which will most likely be at cisco if i cant find one in a sec. firm.

I have another question. After i graduate i only have a BA. If i get hired after my internship ( most of my friends were ) should i accept or go off to grads school and get my masters in info sec? Should i take schooling after i have a job? like night classes? My adulthood is just starting and i would really like to enter it on the right foot.

[EternalRampage]

Quote:

no not yet. i am going into my third year of college but i will definitely be looking into to those things that you have mentioned. My last semester ( next year and a half. ) i have to do an internship which will most likely be at cisco if i cant find one in a sec. firm.

I have another question. After i graduate i only have a BA. If i get hired after my internship ( most of my friends were ) should i accept or go off to grads school and get my masters in info sec? Should i take schooling after i have a job? like night classes? My adulthood is just starting and i would really like to enter it on the right foot.

After having just graduated with my Masters last wednesday I would suggest that you take the job if offered. While a Masters degree is great, it can never teach you the things that you will learn from actually doing some network admin, sys admin, or security admin work.

I agree with what the other users have said in that you need to ask around for companies that might offer internships.

I had a guy apply for a job we were advertising for, and in his cover letter mentioned that he'd be willing to do an internship, that caught my attention, and I offered him an internship.

[thorin]

I agree with EternalRampage, take the job. You can always decide to do your masters after you have some experience under your belt (which will only help). Plus, you might get lucky a find an employer that's willing to pay for some or all of it for you under their training budget.

[GMouse]

Quote:

Originally Posted by seven

Hello all.
I am currently an Info. Sec student in college. How would i go about finding a security audit firm internship or job? I look on monster.com but mostly they are position for network administration ( which i have no problem doing either, but i prefer auditing and pentesting. )
If i do see a position, they want atleast 3 years experience. How do i get this experience under my belt? How did you(if you are in a security audit firm or pentest for your company or others ) start your career?

Definitely look for Audit and Risk departments in firms. They'll have you evaluating systems, looking for any holes that could present ...well, risks. That could include pentesting, depending on the firm and on the client. Look into Deloitte & Touche, as well as Ernst & Young. I know they have such departments and that they do employ people in infosec roles.

Good luck!