For people who want to have a career in Information Security Consulting,it may not be a good choice to start fromn big4. I have been working with quite a number of big4 consultants and the general feeling is that those good ones all have some operational backgrounds such as security administrator, system analyst or developers before they join big4. In big4, those infosec projects involved are mostly security review and you don't usually touch clients' system, normally you just check system configurations with a set of so call industry best practice and compliance. Of course there are exceptions, such as those dedicated VA(vulnerability Assessment), PT(penetration testing) and Forensic teams in big4. It will be good if you can join these sepcial groups in big4 instead of the general IT security audit and audit support teams. Just my 2c