What to do with a CISSP and little tech experience?
December 11, 2009 11:45 AM Subscribe
I have a CISSP and 6 years experience in the IT Security field. Problem is, most of my experience is with policy, not technology. Where can I go from here?
posted by zombieflanders to Work & Money (5 answers total) 3 users marked this as a favorite
I've been working in IT Security as a government contractor since 2003, and got my CISSP earlier this year. Most of my work has been on the policy side of things such as audit response/remediation, contingency planning, and certification & accreditation. Unfortunately, I've neglected to keep up with or even study a lot of the underlying technology supporting all of it. In other words, I could quote NIST or OMB regs all day long, but put me in front of a monitor with a bunch of logic statements or log extracts on the screen, and I probably couldn't say what I'm looking at. Even worse, my only degree is a bachelor's completely unrelated to any work I've done (thanks, liberal arts education!), and I had no prior experience in the field before this job. In terms of my career path, I'm kind of spinning my wheels, and despite the itch to move on to something and somewhere else, an informal browsing of job openings tells me many employers seem to place a high value on several year's worth of experience with the tech side of things, such as VPNs and firewalls or database management. This would seem to put a kibosh in my hopes of finding something within the next 9-12 months.
So, having belatedly realized that I've been an idiot and painted myself into a corner in the short term, education- and experience-wise, am I SOL in the job search given the timeframe above? Would moving into the auditor side of things be a viable alternative? And regardless of the job search itself it's clear I need to add a lot to my skill set, so where's a good place to start?