21 y/o Needs a little help
Hi TE, need a little help.
I really want to get into I.T security as the demand is high and I find it to be an extremely interesting,
I was told I should complete CISSP, learn Java, and Linux system administration (looking briefly at shell, pearl and phython) as well as the Microsoft cert MCITP.
Problem is I read that you need 5 years experience in 2 of the 10 domains to sit the CISSP exam, if this is true how do I go about completing the exam without experience, was told not to do the ccna course.
Really I just need advice on the best way to get into I.T Security, don't want to take courses which are not going to benefit my future career, I was just about to buy the CISSP all in one book off amazon, I am currently not employed so I would be able to study pretty much full time 7 days a week.
This is the career path I really want to pursue for the rest of my life, I am still young and want to be successful, so really, just need some help from those who are already in the position that I want to be in.
Thanks for taking the time to read, hope I made myself clear and welcome any replies,
Dan.
I really want to get into I.T security as the demand is high and I find it to be an extremely interesting,
I was told I should complete CISSP, learn Java, and Linux system administration (looking briefly at shell, pearl and phython) as well as the Microsoft cert MCITP.
Problem is I read that you need 5 years experience in 2 of the 10 domains to sit the CISSP exam, if this is true how do I go about completing the exam without experience, was told not to do the ccna course.
Really I just need advice on the best way to get into I.T Security, don't want to take courses which are not going to benefit my future career, I was just about to buy the CISSP all in one book off amazon, I am currently not employed so I would be able to study pretty much full time 7 days a week.
This is the career path I really want to pursue for the rest of my life, I am still young and want to be successful, so really, just need some help from those who are already in the position that I want to be in.
Thanks for taking the time to read, hope I made myself clear and welcome any replies,
Dan.
Comments
However, the certs themselves will not get you into an IT security job that I feel you have in mind. That takes time, experience, education, as well as the corresponding certs. It just doesn't happen overnight once you get the CISSP.
Thanks,
dan
Here's a good path:
- CompTIA A+
- CompTIA Network+
- CompTIA Linux+ (LPIC-1)
- CompTIA Security+
By the time you've finished the above, you'll hopefully have worked a couple of years in an IT job. Then, I'd try to get a job as a Linux Admin. The following certifications will help:- LPIC-2
- LPIC-3
- RHCE
At this point, you'll well prepared to study for and pass the CISSP, and will have much of the experience required.My question really is, are the compTIA really worth/necessary,
thanks once again
If the accosiate CISSP is passed, it states you require 5 years experience before you get the full qualification? I take it you don't have to resit if you pass within this 5 years?
I believe a career in information security is a process and not a destination. If you don't enjoy the process and want to take a shortcut to the destination, you probably won't enjoy it when you get there.
Nice one mate, Like i said, I know its not going to be a walk in the park/overnight thing, just want the best possible route to take in order to accomplish my goals.
Having been an Associate and later fully certified, I suggest you do not pursue this particular credential except under two separate conditions:
1) You work for the DoD. There, the Associate of ISC^2 toward CISSP holds *equal* weight to a bonafied CISSP as it relates to 8570.1 requirements.
2) You are currently in an infosec related capacity. As mentioned above, you have six years to get the required experience. If you pass no other certs, this effectively gives you one year to find a full time, security related job for which to gain the required experience, and this is slim odds. You can substitute one year of experience for having a college degree or certification (I highly suggest both).
The associate title really doesn't garner much respect because recruiters don't know what it is. The best mileage for CISSP holders are job postings that mention the CISSP as either preferred or required, hence CISSPs (who will oft have more experience) will apply for these positions and will generally be preferred over Associates. It is not enough to be an associate. Given the same resume, my response rate increased exponentially when I became fully credentialed.
So, are you in school or employed currently? I'd get both if possible. It's perfectly fine to start studying now and everything but you have to keep in mind that there's alot of variables that goes into the credentialing process and staying competitive. If you don't plan it out properly you will just end up wasting money on the test and never achieve it's full benefit.
School is not an option, I currently live in the UK but will be moving to Malta where my dad lives, so I am free of any distractions and can study my nuts off, I suppose the suggested route which seems fairly viable would be completing all the compTIA courses, including the linux stuff, playing about on vmware, finding a job relevant to the completed qualifications and then start working towards my CISSP.
Open to any suggestions really, I'm guessing the CompTIA qualifications are not very desirable, however do provide you with an introduction to the basics, in which you can find a job, gain the xp and start progressing?
Vice President | Citigroup, Inc.
President/CEO | Agility Fidelis, Inc.
SEC+, CEH, SSCP, GCIH, GISP, CISSP, CRISC, CISA, CISM.
I had listed the certs accordingly in terms of years of experience.
I would suggest having a decent understanding of Linux. For example, one of the hot tools in the field of security today is the Cisco FireSight IPS (Sourcefire, which is built on Snort re-branded). The management console (Defense Center) is built on Linux. Most of the Security tools in use today are built on some form of Linux. Even networking appliances are built on operating systems very similar Linux/Unix or Linux itself.
We have been doing some custom work with SIEM and Python is being used a great deal. We are writing a lot of simple programs to automate functions in Python. Python is a simple programming language for entry into the field.
CERT Wise- There is a lot of demand for SOC Analysts today. GCIH is like a roadmap into what you would be doing in a SOC. With a GCIH under your belt and an understanding of the attacks and process for handling the attacks you would be a good candidate for a SOC analyst Level 1 position. With some experience (put to work practically) you would be a good SOC Analyst Level 2 candidate.
BTW You mentioned Java, IMO there are a lot of security issues as well as performance issues with Java. A lot of companies are shying away from Java these days.