Education vs Experience?

March 6, 2009 – 4:58 PM

How do you transition from being a recent graduate from a Security degree to actually getting into the field to gain real-world experience?  I thought for sure this Bachelors in Information Systems Security would be my key and that I would be in high demand for any company.  Now, I am evaluating my options and seeing that I really don’t have too many more than I did 4 years and $97,000 ago.  Here’s the typical interview:

Interviewer: Tell me about yourself.
Me: <insert biography here>
Interviewer: Tell me about firewalls and IDS/IPS systems.
Me: <insert definitions and descriptions here to show complete understanding>
Interviewer: <nods with approval>
Interviewer: What port and protocol does DNS use?
Me: UDP on port 53, typically.
Interviewer: <nods with approval>
Interviewer: Do you know about system/network penetration and prevention methods?
Me: Yes, I’m currently studying for my CEH and hope to obtain that very soon.
Interviewer:  Very good.  <more nodding of course>
Interviewer: How many years of professional security related experience do you have?
Me: Currently, none.  I just graduated and am looking to jump into the field.
Interviewer: Sorry, we require at least 2-3 years of professional experience for this position.
Me: <blank stare>

Nice.  My question to existing security professionals and employers:  How does one obtain this *required* professional experience when companies will not give you the opportunity to get any?

  1. 2 Responses to “Education vs Experience?”

  2. Please, Come on — Just pay your dues and move on. I understand you want to get into security but with only a degree. You can’t just come out of school and expect to make decent money with no experience..Are you willing to travel ? Consider becoming a consultant at an entry level. You may not make much money but the experience will be 100 fold over what you were (mis)taught in school. How about doing break-fix work ?, how about helpdesk work ? Consider working at a retail electronics store ? A decent engineer understands every aspect of the companies they long to work for. The certifications are an excellent start..As for the interview…

    Interviewer: Sorry, we require at least 2-3 years of professional experience for this position.
    Me: …..Any company who says they require 2-3 years of professional experience usually has only a few decent engineers and the rest are low hanging fruit with little to now real knowledge or experience…That is why the company has that opinion.

    I can tell you that you are above the curve..Most security people don’t have a degree, many also don’t have certifications…Most just have experience which counts for a lot but in my opinion but only 50% at best.

    I can always find good monkey engineers who can work in a back room and do firewalls, IDS, IPS Routers etc…. but to find someone with very good writing skills and interpersonal skills is my single largest challenge everyday.

    Let me ask you a question,,,Who do you think has long career potential..A person who write a popular P2P sharing app that becomes very well known and eventually sells for a lot of money or a person with an education, interpersonal skills, can express thoughts clearly in speech and in writing, can grasp abstract concepts and theories, and will have an understanding of the world and your community.

    Sorry me rambling, just one of those days.

    Good Luck

    By Reginald on Mar 9, 2009

  3. This whole post was a ramble. I had the voice of Artie Lange in the back of my mind going “Oh Waaaaahhhhhhhh…” 🙂

    Good information though, Reginald. Thank you. I’m actually in the IT field now, and have been for about 6 years, but nothing with a title relating to Security that would catch their eyes when they are spending that quality 30 seconds looking at me while scanning the piles of resumes on their desk.

    By manunkind on Mar 9, 2009

You must be logged in to post a comment.