Silicon Shecky

Infosec Practitioner

Connect

Welcome to 2019, please hold on

By Leave a Comment

So here we are, the start of a new year. Over 2018, I tried to write a post every week, and was mostly successful. I intend to try to do the same in 2019. Besides the normal ramblings I tend to post, I also am going ot try to post some more technical stuff. One of the projects I will be blogging about is building a multi-node Graylog setup.

Graylog is a nice, inexpensive log collector. You can do searches with it, and use it potentially as a SIEM, in case you have not heard of it. There is a good community around it, and has plug ins to parse out many different types of logs. These posts should be starting in the next few weeks, and will go until I have the new setup completed.

If you went on a twitter hiatus over the last couple weeks, another huge tweet thread(s) started on the state of hiring in the world of Cyber Security. This one got into the idea of people just getting into Cyber Security because of the pay scale, and not because of an actual interest in the field itself (sometimes called passion). Many of us remember the late 90’s/early 2000’s when this happened to the IT field in general before the tech bubble burst. The idea that we wind up over-saturated with people uninterested in the actual field itself, but got a degree in, to do the lower paying jobs that people do not want would not bother me, if I didn’t know so many people who do not have that piece of paper either in the field, or at all, who would be willing to take those positions. The other issue comes in if these people in it for the money only, get positions higher up the chain, again due to that piece of paper from a college, that prevents people who have been working their asses off because they want to grow with the industry, but will not get the time of day even with work experience. Now to be fair, sometimes someone who goes into a field for the money and winds up in love with what they do, has that passion. The big deal about passion really is a desire to learn and improve on one’s own and that can come in many ways. It is an interesting situation to think about, as we should want to be inclusive, but there is something to be said for wanting people who have a love/experience of our field in better positions first.

As a reminder, check your favorite conference for their CFP schedule, as it is CFP season. Submit early, submit often, and don’t take rejection personally.

-Shecky


The Catch 22: Certifications vs. Experience

By Leave a Comment

I read a fantastic article on Tech Republic about the CCIE certification and was it losing its value. There were points in the article brought up about getting the certification and getting experience.I wanted to touch on this a bit overall as it relates to many jobs and certifications in the IT world.

Its the age old catch 22. The IT professional studies for a certification, hoping he can move up in the field to a better paying job, or a section of the field she is more interested in, and has little experience in. Then they apply for the positions and get turned down due to lack of experience in that area. Next person comes in with experience in the area, but no certification, and they get turned down for the position also. Eventually the position goes to someone who has just a little bit of experience and a college degree, and that person proceeds to prove they have no clue what they are doing.

The world of IT jobs is a tough world to live in. You need the experience and the certifications, and the college degree to become close to being wanted. Most companies force us to go through HR departments which have no clue about the actual position, and go by pieces of paper. If you can get around that, then you have to deal with the real tech interview by someone in the department you are applying.

It sucks, and it makes life difficult. Those of us in lower paying jobs can’t afford to get equipment to practice on, and practicing on a client is frowned upon. So we study for the exams, we use the virtual labs, we do whatever we can to get the knowledge. Its too bad that the experience factor is so much more difficult. If you want a job you need the experience, but how do you get the experience without a job? I know I am still searching for an answer.