Slashdot Mirror
Finding Student IT Security Placements in the Industry?
CABAN writes "I am a third year computer security and investigations student. My program requires a three month placement in the IT security and forensics industry. Finding an appropriate learning environment seems to be harder than I expected. Lack of security clearance, no real world experience and many companies, who just don't see a need for ITS, are the critical shortfalls right now. What tips does Slashdot have for finding organizations who are willing to let students get involved with sensitive security procedures and cases?"
At my university, they helped with leads for positions related to majors.
And posting on slashdot won't help you attain a higher clearance.
if you want to come manage security patches for a few thousand windows, aix, solaris, and linux machines for me, let me know.
MORTAR COMBAT!
Unfortunately, if you're in the states it probably depends a lot on what country you're from
"What tips does Slashdot have for finding organizations who are willing to let students get involved with sensitive security procedures and cases?"
I know of one position where you can get involved with the sensitive security procedures of making sure no young punks steal any Hickory Farms Cheese gift packs.
How are you going to keep them down on the farm once they've seen Karl Hungus?
My program requires a three month placement in the IT security and forensics industry.
Your program should then have some mechanism to facilitate such placement. Most programs that require intenships provide assistance in placement. If yours doesn't, then you are being shorted. This isn't a DJB class is it?
How about working for your school's IT department helping to clean and/or investigate compromised machines. They could probably use the help. Is .edu not real-world enough?
a program that requires an internship that it is unable to provide support for? you might want to talk to the career center of your school....
BP http://www.card-central.com
It appears they are in need of a good security consultant.
Then they will definitely give you a job. =)
I almost always have one Co-Op (paid) on staff at all times. Being in a large city might help.
These companies are both expanding their security apparatus and also are both industries known to be in love with the college intern concept. I interviewed for several security positions at insurance firms (specifically car insurance) who were hiring something like 5 or 6 security architects in one shot. Try to apply to intern programs there or at big Financial.
Do what everyone else did.
Hack into a bank and get caught.
You'll get a few years in the state pen, but then you'll be a hot commodity.
(P.S. This is one fucked-up world.)
1.You need a job but the companies only want people with security clearances.
:)
2.You can only get a security clearance if you work for a company that will pay for it (and justify it).
Rinse and repeat.
My suggestion would be to get a position which doesn't require a security clearance with a company that has security positions available. The company is more likely to hire you into one of those positions and pay for your security clearance, if you already work for them. That's what I'm doing (sorta).
Course, I don't have a clearance yet so maybe it's not the best idea
-Teiresias
I hate to say it, but this is a difficult thing to get into. The problem is getting your foot in the door, just as you are trying to do. Offer your services to some companies for free if you have to. That may be all you can do to get any experience in the field. It's good that you are in a program that specializes in security though, because it's harder to make the leap from a degree like Computer Science straight into IT security. Once you meet the requirements though, you absolutely must go get your CISSP (certification, you probably know of it) if you want to advance very far. It can be a lucrative field, but experience and certifications, rather than traditional education, are the biggest factors in being successful at it.
You should hack into high-profile website. That way, when you get got, the government will offer you a job... :)
But seriously, what are the requirements that your placement must meet? I wouldn't think it'd be too hard to get a placement in an IT Dept. somewhere, anywhere, it may not be glamourous, but I would imagine it would fulfill your requirement.
-Phixxr
ungggghhhh
Look at his email address.
Without them it is difficult to find that "first job" or great internship. I managed to find mine without assistance from other but I had people helping try to find me one.
you need to make those critical connections in college or atleast your parents need to know people. people who say academics get you everywhere are idiots, it is all who you know and who you know knows.
Most people hate the security people, because in most Companies that need security, its typically run by PHBs who hire, you guessed it, Accreditted Security People. People who know that "SNMP is bad" because its cleartext, or that "best practices" dictate that you have 8 letter, "strong" passwords that change daily with no repeats for 90 days, and generally stick their nose in, offer their opinion on, and fsck up every project that anyone tries to do.
Good luck. I hope that you like being reviled.
I want to delete my account but Slashdot doesn't allow it.
Since when did Slashdot become a job posting site? OTOH-I could use a job ;)
I would be looking at smaller companies and offering what you have to them. Most cannot afford security consultants and would probably welcome your expertise perhaps on a intern or consultant basis. The other obvious option is to talk to those companies that build security software for a living.
.02
My
Yeah? Well I think you're overrated too.
Given all the young H-1bs that were used by Enron corporation's IT department, it appears one of the best ways to get your hands on sensitive data is to become an Indian.
Seastead this.
Focus on infrastructure, especially hospitals. Hospitals are used to the idea of intern types, and they usually have contract deals set it up with recruiters. Standard Job location procedures apply here... your average job sites apply, and they are chock full of openings. Don't expect to get into forensics right away... It's not an easy job, and if a particular shop is doing it, its going to be for a legal case. There is hope for you however: alot of places do train, because forensics procedures vary shop to shop. Everyone has their own way to doing it... and that is fine as long as the documentation is rock solid and you can provide a good chain of custody process. In this arena, its not just good technical skill that is the issue, but also how well you can document things. We, as technocrats, seem to have a disdain for writing things down, and documentation is paramount to forensics. Bottom line: you are new, and there is nothing wrong with that. Put together a resume, and get it out there. Draw on your personal experience, because thats all you have to work with at this stage in the game. Good luck.
3 months isn't a very long time. Its going to be hard for a company to justify taking you on for such a short period of time. It takes about a month on average to get to know how things work at a new company (not just computer sytems, but administration etc). They also need to have someone train/supervise you for that time, when you're not producing at the level of everyone else. Its an investment companies are willing to make for long term work, but for the short term, they might see it as a loss.
You may find it easier to get a position as an unpaid intern. Not many companies will turn down free help and three months isn't too long to go with out getting paid.
I'd assume that the university has an IT department and often uses students to help administrate the network. See if you can get a job there. The pay will most likely suck but the location is hard to beat in terms of distance. Also look at small companies in the area and instead of offering yourself as an IT security person, offer to do the WHOLE IT thing. Another option would be non-profits. A lot of Boys and Girls Clubs have computer networks that were donated in the late 90's that are in desperate need of help. They don't pay too bad and while it will be mostly grunt IT work you will have to deal with security too. Good luck and keep your options open.
Join the FBI,CIA or Military.
There you will get real world experience and they will also do your security clearance.
They will get you the security clearance and it will get you on a path for all those cushy Gub-mint jobs after you get out.
Cos this guy could probably use, and I do mean use, a cellmate, sorry, I mean some company right about now. Still you should get some useful security insights from him, esp on where it all went wrong.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Its a 12-week program following the student's third year.
As a participant in the Summer Network Evaluation Intern Program (SNEIP) you will acquire an appreciation of the challenges our Nation faces in network security as it relates to real-world work experiences. You will experience first-hand some of the critical work done at NSA as well as have the opportunity to apply your skills on hardware and software systems to enhance network security and contribute to the security of U.S. information systems.
Sadly, this wont benefit you since the application deadline has passed.
I guess you need some value proposition. Remember that most companies are in the business of making money, and it needs to be the case that you can give more than it takes to employ you in terms of usage of staff time, resources, training, office space. Here are a few ways you can do this:
- Offer to help with more general systems development/support as well as the security element. You might have to spend a signficant percentage of your time acting as a cheap coding monkey in order to get exposure to the stuff of relevance to you.
- Offer to train other staff free or charge, or provide audit or documentation for systems.
- Highlight the risks of security problems in terms of real monetary costs to an organisation who don't invest in security.
- Sell yourself as an independant and pro-active potential employee who won't be a drain on resources.
- Be flexible in the work and projects that you can offer. Remember that you will only be hired for the work experience if you can fill a valid required business objective.
- Cast your net wide, and speak to people on the ground in an organisation. Contacting a small group of companies via HR departments is a guaranteed way for your e-mails to end up in a black hole.
- Get on the phone or right physical letters. They're emotionally harder to discard or ignore than an e-mail.
- Remember to contact non-obvious choices such as schools, charities, NGO's, open source projects?
- Above all, be enthusiasitc and state your willingness to learn!
Vacancy for signature. Apply within.
It's scary how true that seems to be today.
This is a highly-competitive program but they will hire college student who go through the standard battery of background checks (including polygraph). Details can be found here
My program requires a three month placement in the IT security and forensics industry.
University IT doesn't count? Usually, there's plenty work to do in the security and forensics area.
If I were a IT security company, I wouldn't hire someone with no previous experience for just three months. The risks are simply too high.
Although you might not like the prospect of it, ont of the easiest ways to get a security clearance and on the job ITS experience is to work for the Department of Defense, particularlly the Air Force.
Slash their tires, then try to sell them new tires.
[Whose tires?? theirs...]
Chris
"You can drive out Nature with a pitchfork, but It always comes roaring back again." - Tom Waits
Haven't you seen the Slashdot - HotJobs ads? What about the Tech Jobs link under Slashdot's Services menu?
Try your state Public Defender's Office IT department. Having worked in one, we got involved in some computer forensics and analysis of machines belonging to the clients. They might be able to offer a place doing this type of work.
I have a few friends in CS who got CO-OP jobs with the Communications Security Establishment in Ottawa. No pre-existing security clearance was needed. You might also try the RCMP.
We are always looking for talent. Or interns. Hope you like snow, HQ is in Pittsburgh.
trustedworlds.net - gaming, security, and the gunk that lives in between
Assuming that you're in the US, try the Federal government. They're always hiring interns. Just focus your search on civilian agencies, and you shouldn't have to worry about needing to get a clearance.
They only hire smart university students. It sounds like this guy is in some trade school.
Look to security and forensic technologies vendors for you first iternship.
Your best bet is probably a Computing Resources department at a local University. You won't get paid much considering it would be a state job, but you will definitely get experience.
This is a test. This is a test of the emergency sig system. This has been only a test.
Sure, no problem, you're hired! Your first mission, if you accept it, is to find the kitty porn I hidden someplace on your harddrive. The FBI are on their way with a warrant, you have exaclty 15 minutes to locate the compromising material and destroy it. Do you really like forensics, only you can tell, otherwise you'll have plenty of time to think about a new carrer path in jail. GO!
Three months is very short. Companies would be more willing to hire you, and more willing to get you a security clearance if necessary, if they can get a better return on their investment.
to get a clearance is through the military.
;)
Join the reserves (not the Army reserves, lol).
Of course, if you have a shady past, it won't help you.
All your base are belong to Google.
Okay, I don't want to be Mr. Cassandra here, but after having been going with the punches in this industry for the last decade or so I need to tell you that this is a first taste of what's to come. Obviously, there have been many threads on ./ about how the IT market has fallen apart and that many of us having a hard time finding a job (and keeping it!). I myself was let go again last week and I can tell you, it's ugly out there.
;-)
Before you go out there trying to get your 'career' in gear and finding a company you're loyal to for a good part of your life, I would recommend you read a book called 'Poor Dad, Rich Dad' (or the other way around). It basically teaches you to create value for yourself and not to focus on a particular skill set. This will not only help you prepare to structure your ambitions and your career but will also leave you with a more sane prospective regarding the current job market. Bottomline is: we are all cogs in a big machine and we are replacable (as you soon will find out) - only by creating value for yourself and by seeing work as an 'opportunity to learn and to get one step closer to your own plans' will you be able to deal properly with the frustrations of finding a gig (or internship) in the IT industry. Don't trust any promises made by any corporation out there - you are selling them time of your life and nothing else - they will treat you like a spare part that can easily be substitured for a newer, cheaper one. BTW, no - I am not depressed about all this - once you see the light and accept reality for what it is, it's actually a healthy prospective (and it's kind of Darwinian
I know this is a bit offtopic, but I wanted to chime in here to pass along a philosophy that's been keeping me going since the market fell apart.
Hack into Valve's e-mail system. Then, tell them that you did it. They'll make you an awesome job offer--take it!! It worked out great for the last guy!
I know if I was in the position to have someone check security, I would want a trusted person to do it. The problem is your not really trusted anywhere yet.
I would probably make up a really professional looking resume and a cover letter explaining your school and your situation. Offer to write a comprehensive report on the security situation in a business and send them out to every business you can think of that uses a computer. Maybe use the angle that a company could check on their current security company by having a different party do the testing.
The trick will be getting someone to let you do this when they don't really know you or what you would do with the information you get. Most security people aren't too happy about someone else coming in to check thier work, as that is insecure in itself. Best bet is to just ask as many places as you can think of and hope that one will let you do it.
Depending on your focus and your location, I'd suggest looking at any law firms in your area that specialize in cyberlaw. There's a definite shortage of people in that field with a knowlege of digital forensic procedure.
As a plus, they're typically not so concerned with security clearances, so it should be easier to get your foot in the door.
The only way to get that security clearance is to start the process, and start it early. I notice that you are from Canada, so I can't give any advice specific to your situation, but I am sure that the Canadian government has cybersecurity internship slots.
/. commenters, find it odd that your program has a service component involved and no contact network or career advising attached to it. Frankly, if you're early in your studies, I would consider going elsewhere. Most programs that have service components have professors or advisors with vast social networks that can place you in a good position. I would certainly check with your professors and make sure that there isn't an unofficial social network there that they can get you hooked into.
Apply to one of those and the government will usually pay for the security clearance. A lot of times, government positions rotate their interns into many security positions and place them with a mentor, so you get the benefit of varied experience. Even better, these are most often available during the summer (three month vacation to a security position works) and since most places start processing in December/January, you're right on that edge for applying.
I suggest you check out your own various government agencies and send your resume out. Processing time for young people usually borders about four or five months (although it can take over a year), which would put you, if all goes well, at the perfect timing to get one of these positions. And, better, agencies often hire their interns for full time positions when the students graduate, and you will already have your clearance.
I, however, like many
But if you are planning on going into the security profession, that security clearance is something you will want/need anyways, so if you can get it now, all the better!
*-*-*-*-*-*-*-*
"We are Linux. Resistance is measured in Ohms."
What tips does Slashdot have for finding organizations who are willing to let students get involved with sensitive security procedures and cases?
In this economy? The closest you'll ever get to hardening a security system is when the assistant manager at McDonald's lets you lock up for the night.
I would aim for small to medium businesses. Many of them have data that isn't so sensitive that you would need a security clearance - yet if they lost it, their business would be ruined. Any business with web accessible data storage is a good candidate. And perhaps they'll need a little convincing. I vaguely remember some statistic of the the percentage of small businesses that never reopen after a data loss (fire, computer failure, etc.) This is a data backup issue, but also a security issue.
Of course, you'll already need to know most of what you'll be doing, as these sorts of businesses will not have a security employee to learn from. But if nothing else works out, at least its real-world experience.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
To get some real-world experience, try getting a job in a department with those kinds of needs - but not explicit in your job description. That is, try being a sysadmin or network support guy somewhere. A larger company, a University, etc. The company I'm leaving is a small business with three dedicated web and database servers. This has allowed me to play the role of web and network security administrator, even though my job was originally completely unrelated to that. With a small business, you get to wear a lot of hats - giving you a chance to learn alot and get some real world experience.
After you get some of that experience, you'll have a better feel of where you want to go with it (and an easier time getting there).
I was a gaming agent for the Tulalip Casino up in Marysville, WA. I was responsible for inspecting the slot machines, which in Washington state are basically networked computers. (They have no internet connection if you were wondering.)
These places are always looking for good, qualified people and seem to have trouble getting them. I was one of two people in the whole agency with a CS degree, making me uniquely qualified. Generally, they have to take people with a criminal justice degree and teach them the ins and outs of the computer system. They would love someone already trained in computer security.
Besides looking at your local casinos, you can also check out the slot machine manufacturers. Sierra Design Group, located in Reno, is a group I highly recommend. They have an awesome, stable product, that the industry loves and runs on Unix. They're a subsidiary of Bally Games, so you can find their job page here.
Another computer, located in Austin, is Multimedia Games. They pretty much have the lock on the class 2 games. Here is their jobs page.
But keep writing to any company you think may fit. A lot of the bigger firms do placements. I'm sure IBM or MS could accomodate you. BTW if you do get to an interview they're not like they used to be, every company is obsessed with you being a team player to the degree that they turn down perfectly able interviewees, in your CV interview cover sheet everything stress you love teams and are a team player. I have who worked for IBM on a placement for a year did a fantastic job running grids AIX servers and all sorts of stuff, must have saved them a fortune - he single handedly ported one of their products to Linux from windows and was then told in the interview for a graduate place that he wasn't enough of a team player, i'm not talking about being socially inept - which he totally isn't, he just didn't shout team team team for 30 minutes.
"all through my house i set up traps, it seems like the rats have a map, so now i feed the rats crack" - Donald D
Hack in and place your resume....you'll get hired or goto jail. But the good news if you goto jail someone will hire you.
Danger Will Robinson! You are now entering a condescending Unix user zone!
Almost all of the computer security professionals I know, with the exception of some lucky ones who happened to get trained in the military, have had to do grunt IT work of one sort or another before moving into the field of IT security.
Don't expect to get involved in computer forensics straight off the blocks. As a previous poster mentioned in a roundabout way, look for a security position that's more closely affiliated with a traditional IT role (patch management is a good example).
Though I don't want to take the wind out of your sails entirely, I think that you shouldn't expect to get into the glamorous side of IT security without demonstrating that you have a thorough grounding in IT by doing some sort of sysadm/networkadmin work, or even (gasp) phone support work first.
Of course, if you're willing to work for free, there are quite literally dozens of sites and groups out there who would probably benefit from some sort of IT security assistance, even in your field. Things that come to mind immediately are the EFF, blackboxvoting.org, or any of hundreds of different nonprofits that have a web presence and probably don't have 3rd party audits of their site. If you or any of your friends volunteer for a nonprofit already, why not check and see if they'd like you to set up a computer security program for them?
Finding an appropriate learning environment seems to be harder than I expected.
Now, I want you to really stop and consider this for a moment...
You can't find work as slave labor in your chosen field, and you think you'll do a whole lot better once you graduate?
Switch to a business or marketing major now. If you can handle IT, a quick lobotomy aught to get you through such a degree in no time at all.
You could consider a law enforcement career.
There's bound to be opportunities there as long as you pass the entrance requirements ie: physical condition, psychological state and criminal history.
Lots of students from my University ended up working for the US government at the National Laboratories. I don't know if that's a viable path where you're located, but they have a number of IT Security related positions, of course. The best I know about is Sandia National Labs, which has a specific group of student interns in ITS training. (Called, unfortunately, "Junior Cybercorps" or something).
The government always needs security, and they're often willing to accept and train student interns.
I yearn for you tragically. A. T. Tappman, Chaplain, U.S. Army.
As you approach companies, don't ask for a job. Unfortunately, you describe the situation many of us have fallen into with jobs that we don't have the past 10 years experience in...
The best way to approach it is to go to companies that HAVE what you are looking for, ask them about an Apprentis or Intern program, apply with them for that program and work from that POV.
OR, if they don't have these programs, then you could ask to start one.
If you get your security clearance, you may find that companies are not unwilling to NOT pay you to come in and work...sure, you work for free, but you CAN put the experience on your resume!
--E--
Hi - I teach programming here in CANADA at the post-secondary and continuing education level (so I am aware of your situation as a Canadian student) - my practice was based on all things practical, and a little bit of opportune timing. You could for example, go back to your high school (if you had good relations with them) and demonstrate vulnerabilities in their network security, fix it, and demonstrate this as a case study of your work. It would be nice to get some money for it, but you may have do things like this for little or pro bono until your resume clearly demonstrates your experience. Stress how it can relate to corporate and enterprise level security (if that is what you are aiming for)...Technology has come down to a level such that a large amount of the general population is aware of security measures for computers and networks - demonstrate that you can do more. On the other hand, you can always hack a website LOL.
just a web application developer and instructor in Toronto, ON Canada
Perhaps you could volunteer your time on a large FOSS project doing security audits, patches, testing, coordination, analysis, etc.
For example, the BSD projects have dedicated security officers. Other projects could probably use help. Pick large ones that have some substance (legal corporate/non-profit structure, etc) to them: Mozilla, the Apache Software Foundation, etc.
move to India
FYI. This is the program he's in.
http://admsol02.mcs.muohio.edu:11180/apps/miamijob s/jobsOnLine/positonDetail.cfm?positionNumber=1965
We're offering two of such positions - perhaps you'd find something like this on an intern basis - we have a rather robust security department as it is, so I'd venture to say other Universities would as well.
I haven't posted in so long, my sig is out of date.
You might be forced to start your career by running laps in Quantico, VA.
Check out the Extreme Blue Co-Op program with IBM. I am sure they would have Project positions somewhere in the company for this skill set.
http://www-913.ibm.com/employment/us/extremeblue/
My brother-out-law (read S/O's brother, we aren't married...) is in a co-op program as an engineer, which at least gives him the benefit of a well established field with lots of choices. So much for the plusses.
What precisely are you going to learn in three months? For my BOL, physics is physics, and electrons are electrons, doesn't matter where you work. Not so in IT. Even where "experts" agree on a result, they rarely will agree on the method of achieving it. You'll spend that three months learning really nothing more than how to be an employee, and almost nothing relevant to your program.
Where I work tried getting interns to work in my dept. I finally asked them to stop, I was doing nothing more than training a new intern every three months. Of course the majority of those interns make no significant contribution to the department, they spend most of their time learning how to be an employee in the department. Those few who actually tried to make meaningful contributions, well, that work went to /dev/null as soon as the intern went back to school. Great, we had a guy at a real cheap wage for three months, and he/she accomplished nothing of consequence, and this is a cost savings how? Three months just isn't enough time to make a decent IT employee in more places than I suspect the Curriculum Design moron at your institution realizes.
Real world experience is a valuable part of the educational process. In the case of your school, I would suggest starting with the Curriculum Design Moron. Get that individual out of their ivory tower, and out there talking to the people who do the work. Not only should they be helping you to find such a placement, maybe if they were they'd get some feedback from guys like me, and make some changes that would make interns an attractive option in IT.
"Talk minus action equals nothing" - Joey Shithead, D.O.A.
"Talk minus action equals
I know that many of my fellow classmates were actively recruited by the CIA, FBI, and other agencies that were looking for students with an interest in computer security. After their stint as a fed intern, most of my friends also landed jobs in government or were at least offered.
Many companies consider contractors and temps a security risk are unlikely to have anything available. I know my company (a small one in financial services) would be highly unlikely to hire anyone to the security team that was not full-time and permanent.
If your program has that as a requirement, perhaps ask them how previous students satisfied it and network that way.
The NSA's stated requirements...
Must be a U.S. citizen
Must be a college student majoring in Construction Management, Supply Line Management, or related Facilities/Logistics field
Have a minimum cumulative grade point average of 3.0 on a 4.0 scale
Must possess strong written and oral communication skills
Eligible to obtain a high-level security clearance
Must have reliable transportation to and from work
As noted, this year is out-- they take applications from August 1 through November 15 for the following summer. However, the first requirement is likely to be the deal-breaker. The student states they are in a "computer security and investigations" program-- this strongly suggests the querent is in the Fleming College program, in Ontario, Canada.
If so, inquiring whether the Communications Security Establishment has a comparable program; however, their student/coop page doesn't seem overly promising.
//Information does not want to be free; it wants to breed.
Hi! I'd like to come into your company, spend 3 months with you training me on all the ins-and-outs of your corporate security architecture, and then leave, not having been around long enough to have contributed significant value but taking with me a lot of information that you probably don't want anyone knowing.
No, I don't see why you're having a problem getting a job....
A bit less tongue in cheek: Wouldn't one of your FIRST recommendations as a security consultant be "hey, you need to restrict detailed information about security to those who NEED to know." And the second might be "You need to make sure the people who are working in security are comitted to the company for the long term."
I'm surprised you would be having any trouble at all, seeing as how there is such a "MASSIVE IT LABOR SHORTAGE"(tm).
Assistance has been limited because the program was originally developed for an applied project. Placements were last minute options. This is a Canadian program. http://www.flemingc.on.ca/Full-time/ProgramDisplay .cfm?ProgramCode=CSI
It is difficult to imagine becoming a jet fighter pilot without ever having first flown a light aircraft. It is unlikely that an individual can be successful in the IT Security industry without first having a solid grounding in the IT industry. Sorry, but that's just the way it is. There are no shortcuts to becoming an expert.
More than likely no money in it for you since they are all under funded, but I am guessing that they have a wealth of work that could be handled with people of your skill set. Even if you are only doing and indepth security audit and then making recommendations. Run a few interviews, bill your self as a consultant if you need more hours do in in more than one school or school district!
I've been encouraged by my family to get a job in tech because "it pays well and everybody's going to need it." I've decided to go with Education instead. Doesn't pay well at all, but I know it is in demand, unlike tech skills. It seems everybody's family in the 90s was telling their kids to get into tech. Not all of them have foresight of prophetic measure, so they paid for college for that crap. Now everybody, even Indians, has these skills. Supply is up, demand is down. The tech job market is saturated. I apologize for your plight.
Moreover, how many are at Canadian colleges with a "computer security and investigations" program?
//Information does not want to be free; it wants to breed.
...but I really think anyone involved in IT security should have at least 3-5 years in the trenches first. If you *really* want to know your stuff this is simply a requirement. Finance or Medical is a good proving ground, but infrastructure (power companies, etc) is starting to be a good one too.
My advice would be to get a sysadmin or operational job first, and spend every second of free time addressing the security aspects in that environment. Then when you move into a security specific job you have some meat to talk about: "well at company X we implemented Plan Y to address this issue", and "I found that we consistently had problem Y". I personally would be very skeptical of a security pro right out of school.
I am sorry that you are having such a hugh problem getting a job. The other that I have read are correct, the schools Job Placement should be able to help. If not, it depends on where you live. I live in Central Florida and here there are many jobs from Lockheed Martin Corp which is a Gov job but will help you get Security Clearance for you and they have plenty of job openings. Go to Career Builder and look for yourself. Hope this info is helpful.
The clearance aspect will always be a huge barrier to entry. By all means, try to find placement that will grant you a clearance because you will be much better posititioned to find employment after college if you have it.
Then there's plan 'B'. What do you do when there's a piece of commercial hardware or software that you can't get your hands on? You probably find an OSS variant or you figure out how to make your own with the materials on hand! Such can be the case when seeking real-world experience in the IT/ITSEC universe. Seek out non-profit organizations or even local area elementary/high schools that might benefit from someone with your book learning. Create a proposal in which you offer to use what you've learned to evalulate and repair any security holes you can find in their infrastructure and practices...for free of course! Non-profits rarely have any operating budget for these type of things, so they might be willing to take you up on the offer. There is the downside in that you will probably not be receiving any mentorship going this route. On upside, you will be receiving more hands on experience then you might have otherwise AND you will not be asked to get coffee for anyone! If you are truly feeling the DIY spirit, you may be able to find ITSEC professionals/corporations who are willing to provide mentorship for your non-profit endeavors as a way to give back to the community (and possible tax write offs).
Being part of the critical infrastructure, utility companies are taking security much more seriously.
Hot Damn! It's the Soggy Bottom Boys!
I'm an IT Manager and the last thing I'm going to do is let an Intern anywhere near equipment relating to security at my site. I use Interns to setup PC's and help with the IT grunt-work around the office but giving access to the routers, firewalls and IDS systems to a newbie...sorry. It's like handing over the keys to your Ferrari to someone with a learners permit. I can appreciate the situation, you gotta start somewhere. My suggestion would be to Intern in a plain vanilla IT role and after graduation become a Systems Admin somewhere for a while. Then work up to the Security side of the house. The school that set up this program should re-evaluate this requirement.
Public libraries have the interesting conundrum of letting people just walk in and use our computers while keeping them out of our major systems. "Yes, you may use our computer. No, you may not change anything." We're certainly short of people with security experience and I'm sure many would appreciate the help.
You really should read over your whole post once more.
You would like to be involved with "sensitive security procedures & cases" but can't provide a level of assurance about yourself to potential employers & their customers ?
You should be in your Deans office pushing him to get the school the ability to request a clearance for students in your program prior to finding placements for there to be any real hope.
Security clearances to the level required for 'ITS' (usually at least secret in Canada, US & NATO may differ) will take 6-12 months without a government priority, thus your chances of landing an applicable placement where you will be able to be involved are slim to none without having it ahead of time.
You situation, based on your schools requirements, is solely their fault for not thinking through what might be required for students to participate in such a placement.
The Air Force offers a cyber security boot camp. It looks like a great learning experience and work experiance. It consists both of classes and hands on projects. I looks like you get assigned one main project you are to complete on a current real world secruity problem. I don't know if this would count towards the three months placement but it looks like it could really open the doors.
The application is due January 1 and they are planning on 50 students total.
Here is the webpage: http://ace.syr.edu/
Getting your security clearance in Canada is a real pain and I'm not sure if it's possible for an individual to do this. The best way is to either get hired through a temp agency as they will sponsor you, or list on your resume that you would have no obstacles acquiring clearance if needed for the position (assuming it's true that you have no obstacles. If you do, then you're pretty much screwed.)
That said, once you do have your security clearance, it's a _huge_ asset to finding any kind of job in the IT field in Canada, security related or not.
I had an interview with CSE (http://www.cse-cst.gc.ca/) 2 years ago (didn't make the cut). I was at the University of Guelph, and their co-op program had ties with CSE, allowing for co-op/internship programs.
There's lots of cyber security going on with CSE, and I've heard they prefer the public doesn't know they exist. I'm sure they appreciate this post.
Maybe your school's co-op program has similar ties?
Just to note, your application usually has to be in 4 months before you plan on doing your placement.
Collective Type Project
Spam your resume out on job sites. You'll probably have a response rate of 1 in 300 resumes sent out. If you have friends, see if they can pull strings for you. This is the easiest way to get a job. Keep studying in stuff you're interested. You may not find a job out of college anymore, but you can become an intellectual who's still productive to society. Press the boundries of what's known and advance upon them. Theres so much in computers that hasn't been touched. Of course you don't often make money doing this, so its not for everyone.
God spoke to me.
Instant security clearance and IT job.
1. Go war driving, stop by the companies, and SHOW them how insecure they are.
2. Have them hire you to fix it.
3. PROFIT! I mean GRADUATE! no wait...
Seriously, at the very least you could earn some extra cash until you find a position.
hack a day
Sandia National Labs hosts a program for students that are interested in ITS. The program is sponsoreed by the National Lab in both New Mexico and California. I am curently involved with the program and I love working here. http://education.ca.sandia.gov/internships/institu tes/ccd/index.lhtml
I was one of two people in the whole agency with a CS degree, making me uniquely qualified.
Since you were one of TWO people, you were not uniquely qualified. If you had been the only one, then yes that would have been a true statement. Unique means "the only one of its kind", not 'special' or its synonyms.
Moose and Rocco will be by shortly to discuss your severance...uh, pay that is.
slashdot: A failed experiment.
It is very unlikly that any forien citizens will be able to get a clearence quickly(even Canada). Just having regular contact with forieners causes a big problem for a clearence.
You only need clearance for govt jobs...which represents only a fraction of the available infosec paths.
I agree with the post that your school should help facilitate this. If they aren't...then you should raise that issue.
At best your chances in the private sector might be as a 'junior' role...maybe with a consulting firm. You could help out writing policies or helping to write up SOWs...and other admin type duties. Basically providing support to the more senior consultants. I would offer up those services to any local small to medium sized consutlting firm.
As an individual in the field. You may want to start in other areas of IT, but make an emphasis on Security. I started out as a System Admin on NT4 boxes, then moved to Networking, which led me down the path to Firewalls, VPNS, and IDS. Because I have such a wide area of knowledge, I am usually the go to person in the department I currently work for, and thus in front of management quite often as well...
-- NeonRonin
Talk to companies who make money by providing Security Services. The best example of this would be the many Certification Labs that specialize in things like Common Criteria, FIPS, Visa PED & EMV. These companies charge product vendors for verifying security functionality. Hiring Interns/Co-Ops allows them to increase their profit margins by utilizing lower cost testing resources.
You sly dog: you got me monologuing! - Syndrome
The Security Jobs mailing list is a good place to start. When my company was looking for an intern for our incident response and audit team, we turned to that list. There was a standout resume and post from one student in particular... we hired him on. If we have a fulltime professional slot that opens, we'll likely reach out to him first.
What tips does Slashdot have for finding organizations who are willing to let students get involved with sensitive security procedures and cases?
:(
In this market you might try the nearest mall - everyone underestimates the danger and security issues involved in being a mall cop. Plus, who wouldn't want to drive around a parking lot in a geo with yellow lights...
Yeah, neither would I
The US Air Force accepts Canadians (I have the impression that you are Canandian). They also are the most tech savy of all of the military, and are the least "military" of them all. You will learn and see things that even some of the best private companies don't get to touch -- regardless of what type of business they're in. It would only be 4 years, pay is reasonable, and you'll be surrounded by others with the same interest as you, and you'll get to use some very interesting equipment -- as well as get more than just a TS clearance. A lot of Air Force IT get TS-SCI, which is very sought after in private industry. It would also open you up to being able to almost walk in the door to an IT job in DOD or equivalent jobs.
Not to mention that one of the other less talked about agencies in the DOD is at an Air Force base -- DIA (Defense Intelligence Agency).
Look at it like this: You've got to give a little to get a little. Give four years, to get a worthwhile career that you obviously want.
As an alternative, if this is required as part of course work, maybe you can get the school to pay you through work study, and setup something with a local company that you can work for for no money out of their pocket. The key is that real world experience is great experience, beg borrow and steal the opportunity. To work, even if they give you the drudge work, you should be able to learn the nifty thing watching others work, and then volunteer to help with the fun stuff.
A career in CS is no career. This episode should serve as a major clue. Try something else.
We don't let most of our security team be involved in investigations. In factr, its only the one or two people needed to deal with the issue that know anything about it.
If you're an intern here, you 'might' get to monitor spam, logs or the IDS. Involvment in investigations is not something we hand out as an entry level option.
Get a life, not a lifestyle. - Hikem Bey
Contrary to popular belief where you live, the world doesn't end at some United States controlled border.
:-) Some countries, like Spain, are pretty cheap in terms of living expenses (despite the current exchange rate).
Check out Canada, or, if you really want to have fun, Europe. They even speak English there
I guess I can sing the security clearance blues myself. American research labs (MERL, AT&T, I assume even the IBM ones) expect candidates to obtain a clearance -- which I, as a foreign national, can't get. My clean record, my good karma at Slashdot, and my heavy American accent won't do anything for me.
So, I'm sticking around Europe. And hey... IT'S GREAT HERE!
Look for work/internships as a systems auditor with a consulting firm.
Every publicly traded company in the US (and many have operations in Canada) is looking for Sarbox help. Look for a consulting firm that is willing to take you on for a few months. Dealing with Sarbox, you'll get a good real-world understanding of security. Though not glamorous, the experience identifying security opportunities and proposing changes will be invaluable later.
Though 2004 is the first year many companies will have to certify for Sarbox, the work for international compliance is still going strong. Look outside North America, you'll get international exposure and security experience.
Maybe there is an open source project you could volunteer for on an extended basis? I would consider a year or two on an open source project equivalent to 3 mo in the field, and you could even keep you day job or stay in classes.
I agree with parent - I wouldn't want an intern working for me for a 3 mo term. A year is reasonable, if I had a certain project lined up. For 3mo, you're just going to be a galley slave editing (or worse documenting) IOS ACLs or some similar, about as exciting as flipping burgers.
#---------- quote from web page ---------o m/discuss/msgReader$8650 ?mode=day
You really can't? What better way to understand how malware works than by writing it? It's common in the techical community to not respect the programming opinions of those who have never written a program; wouldn't you similarly question the security suggestions of those who had never written any malware?
If people get upset about this, I can't wait until DJB's class where the homework for students is apparently to find new security holes in popular programs, write software to exploit them, and then publish that software.
#------------ end quote ----------------------
http://wmf.editthispage.c
Is this what you refer to? My experience is that people who hire security people take the same view of 'hackers' as the cops do to hiring murderers. Sounds like career poison to me.
You should contact security/IT departments in Universities surrounding your university. Depending on the number of students your organization servers, getting a student assistant position created that rotates out a new project to whatever student's term wouldn't take a lot of effort.
Hospitals may also provide that same amount of communication if your faculty/staff can help explain the program to someone in the office of IT/CSO @ the hospital. Many of those organizations are bogged down with HIPAA implementation right now and are looking to address these security issues.
The trick to getting an early post on an ask-slashdot question is to give no useful advice.
.\.\att Clare
How about your university? Back in the day the IT for our computer science department was totaly student run. Drake University probably still has one of the best Linux labs/ beowulf clusters for students at a small liberal arts institution. Check with the guys in your campus IT department and see if they want a free security intern.
Just make sure you stick to security and don't try to automate their jobs away. From my expirence most professional univerity IT departments go out of their way to "create" jobs.
bash-2.04$
bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
I am only going to say this once. If you are in school with an CS/IS&T major you MUST have real world experience to make it. Graduates with degrees but now real world experience are worthless. So, for all you rich geeks out there that have mommy and daddy paying your tuition, get a job in the computer field! Here is how it works: Real World/No Degree = Good/Okay Real World/Degree = Very Good No Real World/Degree = Worthless No Real World/No Degree = Suicidal
One way that really does the trick is bringing the guy who you want to sell security to and show him, with his consent, how you are entering its network. A listing of the files in some servers will most probably do.
Also, some examples of a social engineering work on their company might amaze those skeptics who think it's just about investing big money on firewalls.
A few things...
1) The security consulting industry is larger then a lot of people realize. This would be one of the first places to look for beginner level positions.
2) Not all security jobs require security clearance, only government jobs (or jobs that are in some way related to government work) do. There are several industries that require the services of a security consulting company. For example, Financial intuitions are *required* to have independent security audits performed of their IT environment. There are various regulations out that motivate companies to hire security people (GLBA for financial institutions, HIPAA for healthcare, etc.)
3) Security professionals are in more places then you might realize. Any one of the top 15 accounting firms in the nation will most likely have a security consulting practice. There are countless managed security solution providers. There are companies (many of them!) that do nothing but provide real time 24x7 monitoring to their clients. Any one of these companies can usually find use for an intern, especially one that has the information security mindset, and most of these will not require a security clearance.
4) Contrary to what some may have you believe, certifications aren't everything. You can not get your CISSP until you have 3 years of experience (assuming you graduate) or 2 years of experience (assuming you graduate with a Masters). No company that is looking to hire an intern will be looking for that intern to have their CISSP or CISA.
5) Good news, the security industry is booming and everyone is hiring. The company I work for has consistently hired more people every year since I started. Three years ago there were 30 professionals dedicated to information security consulting, now there are about 85, a large portion of which were hired straight from college.
So, in summary, I would focus your efforts on companies that perform security services such as consulting companies (read: accounting firms, and specialty firms like the foundstones of the world), managed service providers, datacenters and various niche services such as real time intrusion detection shops. Start making phone calls, asking if they have a security practice, and who you could talk to about a job. These places are hiring, if you aren't on their radar already, it's up to you to put yourself on their radar.
"My program requires a three month placement in the IT security and forensics industry."
Personally I would think it would be a bigger security risk to have an intern for 3 months then it would be without one.
When it comes to business and security, if they take security serious, I would be very suprised if they would ever let someone outside of the company will little expierence, for only 3 months come near their sensitive data.
TruePunk | Games
Do you have to have a placement in the IT Security Industry or just a placement in a IT Security position? The former will be much more difficult than the latter.
check their network vulnerability from the outside then give them a list of some (but not all) of the security exploits you found that you could have used against them had you have been a hacker.
Tell them you will help secure their network and also that you will tell them the other places that their network is wide-open if they hire you.
Alot of new business concepts are forming up out of
need...I pay for lawyers on a prepay plan. Doctors
are forming up 'Boutique Clinics" where you pay up
front a chunk of money and they will take care of
all your outpatient needs by agreement, kind of like
a buffet. I'll bet a huge amount of small business's would be tickled to death to get access
to Computer Security Consultant skills on a prepay
concept...Damn did i think of this....hehehe..
Go For It...
> This isn't a DJB class is it?
DJB would make them find 10 jobs...
First of all, I'm sorry you go to Fleming College. Your program looks interesting, but I've heard the horror stories of their butchered placement system. A good friend of mine began placement for the their Criminal Justice program in September, where she hoped to gain experience as a correctional worker. They put her in an elementary school helping handicapped students (????), and about 2 weeks ago the school dropped her from the placement for some reason. Luckily, they're still going to give her the credit.
I'm in Peterborough too (I go to Trent University) and will be going into security after graduation. I think you most important thing you need to do is to get the hell out of Peterborough. This is a small somewhat rural city and there won't be anything worthwhile around.
You may also be able to work from home, although you're kind of limited. I do work for a national bank doing penetration testing. It's one of the only things I can do from home, since I can't exactly go to the office and develop security policies. I found the job by finding a security hole on their website and then by carefully talking to the senior IT manager to allow me to look for further problems. If you're going to try the same thing I did you need to be very, very, careful; the toughest part is proving to a company that you're not going to break stuff. You also don't want to be overconfident and have a typical l33t h4x0r attitude. Even if you actually ARE good, don't let them believe it.
Overall, I think the best thing would be to create some customized "cover letters" for an unpaid volunteer security position and give it companies in Toronto that you may be interested in. Stay away from Peterborough. If you ever want to chat, I can be reached at lysdexic[atatat]softhome.net.
Good luck!
I have no real qualifications to speak of except to say that I could probably obtain today the majority of certs my company could throw at me from learning on my own.
Which isn't saying too much. What kind of company needs security the most? The company with the most computers to secure? Thats how I found my job. I sat back and thought about it one night, and it just clicked.
So Im being a bit vauge, but I'm trying to get you to think about it a little bit. School, internship, cubicle, blah. Jump out there and show someone that you are a bad ass and you will get noticed.
What kind of companies have the most computers connected to the web? The answer is at your fingertips and in front of your nose if you are reading this.
I mean geez - I hear so much about how hard it is to find a job in the IT field that is rewardingly educational and secure. My job didnt exactly fall into my lap, but it might as well have. There is a link right on the slashdot main page where you can find tech jobs in your area. My employer was actually listed there. The jobs are out there and they arent hard to find if you just sign up and cruise around the job networks like monster and yahoo. Hell, a search on google for "tech jobs" yields over ten million results.
Besides. Youre young, you got your health, what in the hell do you want with a job?
You are about to give someone a piece of your mind, something which you can ill afford...
I would recommend you look at simple facets of cyber-security. While being well versed about http://nist.gov/ NIST and http://www.netip.com/links/nsa_guides.htm NSA and related guidance is helpful when speaking about cyber-security... you may want to consider more common security problems for your internship.
...As for industries - well, I would strongly suggest banking, insurance, securities, and healthcare...
For example, many companies have identity management problems - particularly in industries with largescale mergers. Just documenting the variety of identities each employee has on different systems and blueprinting recommendations for consolidation can be a considerable task. Even on a small scale - lashing an identity scheme together for operators in a data center - this can be worthwhile and involved work that may get into topics like logging, auditing, provisioning, policy, identity consolidation, integration...
Likewise, most companies have security policy problems - either they implemented overly restrictive policies and have rapidly bypassed them (using local admin accounts or promoting people to domain admin levels of access), or they implemented piecemeal policies project by project resulting in no consistency and no centralized manner to audit and manage the policies in place.
You may also want to consider application integration security. E.g. web applications that authenticate locally but then redirect the internal user to an external site. The token handling and identity exposure of both the company and the user to the third party site (an outsourced customer service application for instance) is handled differently with each implementation - and consolidation would provide many benefits for businesses varying from retail to financial.
While doing core philosophical cyber-security work may be out of your reach due to the limit of your current credentials - documenting and/or implementing simpler aspects of cyber-security may be an avenue leading to greater opportunities.
I am an entry level IT security professional (IDS analyst) working for a highly prestigious US federal government agency. It wasnt easy to get here. Im at the bottom of the ladder but its a good ladder to be at the bottom of.
Coming out of college, you are about to find out one of lifes great truths and perhaps greatest injustices. It doesnt matter what you know, what matters is who you know. If you are like me, then you currently dont know anyone. So, get yourself whatever technical job you can and begin to establish contacts. Network with people, join professional IT Security related organizations (yes, there are some that are open to the public). Start meeting people in the industry. Eventually one of your contacts will come through. Once your foot is in the door, you'll have the experience you need to continue to advance within your chosen field.
Heres a tip, some temp agencies that deal with the government alot require security clearances and will get you one before they even find you a job, just so that you will be ready.
Best of luck....
1) Hack into a corporate server
2) Fax sensitive stolen data to the same company
3) Offer to become their security guru to prevent other people from stealing their data
4) Proffit!!
//Information does not want to be free; it wants to breed.
and many companies, who just don't see a need for ITS,
:-)
Become a virus writer and a hacker for a while. Not only do you learn more about security, but also CREATE a need
Table-ized A.I.
Then "reform". They tend to get very good security positions.
The IEEE has several resources that might help, go to https://www.ieeecommunities.org/securityandprivacy . Its free to join and the ed board is made up of security folks from all over that might provide insight, there are also about 300 people from the industry there. Can't hurt and I promise you won't get smartass remarks, just helpful advice, unlike this forum.
They're headquartered in Chicago (Riverwoods).
Many companies now outsource their security
to what is perceived to be lower cost places
around the world: eg: India and Argentina
Now that's what you call trust.
--
cheers
me
Blessed are the geeks for they shall inherit
the old re-cycled 'puters.
I don't know if it would qualify, but I would look into Voulnteer work at charitable organization of some kind. Also, you might get lucky with public schools that have no IT budget.
In a perfect world I would say your correct. But the past speaks for itself. Who better to catch the bad hackers, then someone with experience. Take the case of Frank W. Abagnale jr. I'm not saying that doing the wrong thing is ok, I'm saying knowing how to do the wrong thing is of great benefit.And the government will and does hire those with that expertise.
Danger Will Robinson! You are now entering a condescending Unix user zone!
While I don't agree with blind corporate loyalty (I'm self-employed), I thought I'd point out that the Rich Dad, Poor Dad book by Richard Kiyosaki has been subject to criticism. (That's just one of the many sites, but it's the most thorough, IMHO.)
-- SYS 64738 --
I'm saying knowing how to do the wrong thing is of great benefit.And the government will and does hire those with that expertise.
I can't disagree with you about that.
That is why a lot of these forensics/computer security programs are actually taught by reformed blackhats. One is taught to "think like a crimminal," but generally under the protection of proper permission, and signed papers.
They actually "unleash" these students on systems as part of red or blue teams, but always with prior permission.
That is how they get a lot of the expertise of how to go about doing the wrong thing, while still not technically maliciously hacking, making them AOK in the government's eyes.
It seems that a lot of the strictness in hiring (being concerned with hacking pasts and such) is fairly new. I suppose that I should check out your case study, but I was under the impression that the three-letter agencies had tightened up on things like that.
*-*-*-*-*-*-*-*
"We are Linux. Resistance is measured in Ohms."
The best way to get an internship is to start about a year earlier. With my students I start posting and discussing internship opportunities with my sophomore classes. This gives them time to apply. Since regional Universities don't have the clout for big name contracts it can be harder to find placements. I average 7 to 10 direct requests a semester for my best brightest students. Our security program is in its infancy so I expect that to grow. I also for a limited amount of students accept undergraduates into research billets where they get to hack on grid computers and forensically analyze all those trivial traces we do (grunt work). This is also a growing area and usually is going to the student who has already identified they are going to graduate school. During Christmas break three students and I are setting up a 100 node Beowulf cluster to build signatures and traffic analysis models for a research project. For a real select few starting this year I've started taking star students and we are beginning to publish their independent projects at conferences. The first one should be in April. I expect that will draw demand both for our program and the students. Getting the students work out in the open I'm hoping will make internships easier. Since our program is just getting off the ground we are pushing the students work to show what they can do. I think next semester we are going to build some portfolios of students work and that may help the process too. For the student doing it on their own I would likely start by preparing a portfolio of projects, papers, and laboratory assignments. That is your school work or thinking work to prove you're smart. I would then take my best projects and build upon them to show that you have skills. Build a resume or vita around those items and be prepared to show case what you can do and what you think you can do.
--- Location Unknown
if the companies don't see a need for ITS now who do you think is going to hire you after you graduate?
my karma will be here long after I'm gone
Student placement help at least here in california is in the shitters. I know my career center is basicly a advert for craig's list, and monster track.
The pay's not as good as in outside industry, but the job security is far better: once you're hired you can stay as long as you wish. They'll check your background, so it's important that you have no felony record and aren't a gambling or drug addict.
Get a job, dig into whatever work they give you and ask them for training (they'll usually comply). In the current environment (terror alerts every 16 minutes) police departments are getting so much $$ they don't know what to do with it.
If the work doesn't have to be paid-for, or paid-work at a high rate, could you work for / volunteer for a variety of computer-security publications and conferences that you may be able to support. Go to their web sites and inquire.
:
c urityAssociates.com
You could be exposed to a variety of topics and subjects relating to information security, and deal with balancing issues related to what subjects are pivital in different infosec themes:
There are some academic venues
National Information Systems Security Conference (NISSC) - don't know that this is still running. Perhaps it is, or there is something similar.
http://www.ncisse.org/
Colloquium for Information Security Education
"Hacker Magazines":
2600: The Hacker Quarterly
http://www.2600.com
Blacklisted 411:
http://www.blacklisted411.net
Binary Revolution
http://www.binrev.com
Anyway, I'm not saying that anything would come from it, but these are a few organizations that you might want to contact.
- Sam
http://www.iamsam.com
http://www.NitzbergSe
F!@# thoes companies that won't higher you! Start your own security firm and fulfill your school's requirement by employing yourself. I think it looks better on a resume that you had a sucessful small business than an internship.
If there is any military/gov't contractor companies near you apply like hell with them. My school www.unomaha.edu has a direct relationship with Offutt Air force base in Bellevue, NE. Every year the defense contractors hire on many students for internships. I got on with a local contractor and now have security clearances. Now i can pretty much go wherever i want. Even if your not working directly with security you still have your clearance and that will get you a hell of a lot closer to getting into a security position.
Try a Big 4 accounting firm, or one of their (formerly related) consulting wings. These organizations often have a large IT Security practice, and are experienced in hiring co-op students (accounting students for financial audits). I'm working for one of the big 4, in a security-related job, and I came in with very little relevant experience. I've found it to be challenging, but ultimately rewarding.
I teach CS at a community college, and I have to say that I am horrified at the response of academia to the need for security professionals. Jump on Monster sometime and search on "Computer Security". 90% of the jobs out there require at least 2-5 years beyond a BS, and a quarter require closer to 10. Security, done right, is very difficult work, and not something that can be simply taught to people in an academic setting. At least in the poster's case it's a four year program, and not one of the plethora of "here's how you set up this router" 2-year degrees popping up all over the place.
You're not going to find that security related job (without an extreme amount of luck), because you don't know security. In my opinion, any claims by your school that they are teaching you security in such a way that you will be qualified to work in it are fraud. The problem is, if you're being short-changed the rest of a general CS curriculum, they're not going to send you out qualified for anything else either.
As a recent graduate in CS I'd say interning or a COOP placement is necessary for the average college student. Getting your foot in the door with some experience is often the hardest step. Second hardest step is finding a good door to step in.
My advice is go to any career fairs and try to make contacts. Don't be afraid of going to local businesses and seeing if they would consider an internship position. This is your chance to find a real job before you are the only one paying the bills.
This college is trying to do you a favor.
Such opportunities do exist at some companies. If any readers are located in the Dallas area, you are welcome to submit your resumes to Melior, Inc. CyberWarfare Defense. A leading edge security development and research environment interesting enough for IT students with a security focus can be found here. I do not believe keeping students occupied with menial grunt work (patching systems, etc) is helpful to further their education.
Note: extensive prior background checks are required.
More at http://www.ddos.com/
Thomas J. Ackermann
CEO & Founder
Melior, Inc.
As a person who graduated this past April, I luckily was able to get a position as an information security analyst I.
. htm
There are a few different things you can do help you get in on a IT security job. First, and most important intern in security. I know it sounds stupid, but I believe a big portion of my having gotten a job is due to my Cyber-Security internship. One such regular internship is the REU (research experience for undergrads) sponsered by the DOD and NSF. It is a really under marketed program and can get you really good experience that will stand out on your resume.
Heres the link:
http://www.nsf.gov/home/crssprgm/reu/start
Secondly you have to find companies hiring for security (surprisingly hard sometimes), and then you must find out if they are even looking at college new hires. This is done by going to all the career expos and mixers you can. I found my company at a career expo day before mixer where i asked every company i talked to if they were looking for people interested in information security. I found 2 companies the whole night. one was not hiring fresh out of college people like me. The other, is where i am today and loving it.
Well thats all i got, but hopefully i was at least a little helpful. I've heard of guys sliding into positions being co-ops.