Cert/study path to Infosec Analyst?

Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
So I've been in IT for 10+ years now and been doing sysadmin / JOAT type stuff. I've wanted to focus on something more specific for awhile, I finished my BS in IT with the security concentration at WGU. I have the Security+ and CCNA Security, but for actual security positions they always want a lot more hands on than I've had. Sure, I've setup firewalls, user permissions, etc, but never a 100% specific security role. The few interviews I have had really focused on that too so I'd like to spend some time focusing my studies so I can move into infosec.

I'm not really very interested in strictly network security, so a job managing firewalls all day doesn't seem too exciting. Pen testing seems like it could be interesting, but I don't have any experience in it yet. I figured I'd probably be starting as an analyst, checking logs, looking into alerts and such.

What is a good path for that? Should I look into the CEH? How about the OSCP? I know the 2nd one would require a ton of hands on work, which would make me feel a lot more confident in selling myself as a security pro. I know I have the work history to qualify for the CISSP, but it doesn't seem like it would provide any actual hands on sort of study, so I'd know a lot of terms and business continuity type plans but still not have a lot to lean on for actual security specific experience. I'm employed in IT now but very underemployed compared to my past positions, so instead of looking for another sysadmin position and hoping to transition to security later I figured I could take a few more months now and really dig into something and try to make the move from my current job instead of having to jump twice quickly.

Any ideas?
Thanks.

Comments

  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    If you're looking at Pen testing, then you could possibly look at the GIAC Pen Test course and take that cert.

    If I was in your position, then I would look for small contracts to build up the experience from reputable firms like RHT,etc. There are plenty of opportunities if you're willing to move to places like Maryland for positions like this.

    I think far too many people focus on Cisco and not enough thorough understanding of the line of business. I was at a conference recently and several of the lead speakers spoke out about 'there is more to security than routers and switches'. They were referring to CCNA holders.

    Just my 2c.
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Well I'm still on the fence about pen testing, I've never done it, so I really don't know. I grabbed a book on the CEH and I'm looking into the details for the OSCP to see if it is something I really want to dig deep into.

    Moving isn't really an option right now with a family, but there are openings around here, I'm not out in the middle of nowhere either so that's OK.

    I agree with you on the Cisco stuff, I wouldn't even have taken the CCNA security if it wasn't part of the required curriculum for my degree, I would have focused on a different area.

    My issue is more that I've done some of the parts of the job, but since I haven't been a purely security role yet I seem to be getting passed by. Most of them list a whole pile of different logging, event tracking sort of software, which I'm sure I could learn quickly, but I haven't used. I should try to see if there is a way to set some of that up in a VM and simulate it so at least I can talk about it that way.
  • --chris----chris-- Member Posts: 1,518 ■■■■■□□□□□
    Danielm7 wrote: »
    Well I'm still on the fence about pen testing, I've never done it, so I really don't know. I grabbed a book on the CEH and I'm looking into the details for the OSCP to see if it is something I really want to dig deep into.

    Moving isn't really an option right now with a family, but there are openings around here, I'm not out in the middle of nowhere either so that's OK.

    I agree with you on the Cisco stuff, I wouldn't even have taken the CCNA security if it wasn't part of the required curriculum for my degree, I would have focused on a different area.

    My issue is more that I've done some of the parts of the job, but since I haven't been a purely security role yet I seem to be getting passed by. Most of them list a whole pile of different logging, event tracking sort of software, which I'm sure I could learn quickly, but I haven't used. I should try to see if there is a way to set some of that up in a VM and simulate it so at least I can talk about it that way.

    I would listed to a few episodes of Security Weekly. The host/co-hosts/guest are usually pen testers and can really shed some light on what the day to day work of pen testing consists of.
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    Danielm7 wrote: »
    My issue is more that I've done some of the parts of the job, but since I haven't been a purely security role yet I seem to be getting passed by. Most of them list a whole pile of different logging, event tracking sort of software, which I'm sure I could learn quickly, but I haven't used. I should try to see if there is a way to set some of that up in a VM and simulate it so at least I can talk about it that way.

    Yep, go grab security onion, start using snort, and all 10 of the SEIM's on that OS. Once you get comfortable you can add IDS analysis using XYZ to your resume. If its not a "insert specific tool administrator" position, you have a shot.
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    SephStorm wrote: »
    Yep, go grab security onion, start using snort, and all 10 of the SEIM's on that OS. Once you get comfortable you can add IDS analysis using XYZ to your resume. If its not a "insert specific tool administrator" position, you have a shot.

    Thank you, that looks like exactly what I'm looking for. I had used kali linux a bit but that was more for cracking from what I used than events and such. I'll download that and put it in a VM tonight.
Sign In or Register to comment.