Advice on Career/Cert Path for InfoSec

Hey, all! Long-time lurker, first-time poster. I was hoping I could get some advice on a career in infosec from those based in it. I realize this is a broad topic, but I'd appreciate any and all input.

My background: Bachelors in History (don't laugh) - 28 years old. Played around with computers as a teenager, but no serious experience. Spent my last year of college trying to get into law enforcement, but it didn't work out. Back-doored into IT field as a help-desk tech 14 months ago, now working desktop support in the same company. I realized I wanted to make this a career 12 months ago, and have since gotten my A+, Net+, and am scheduled for Sec+ this week.

My goal: I am fascinated by infosec, especially in light of all of the data breaches highlighted in the news lately. I want to work either as an ethical hacker or in some sort of upper-echelon security role eventually.

My question(s): What cert/job search track should I go on after Sec+?
Should I broaden my base of knowledge with some MS certs such as Server 2012, Win7, etc before I continue with security?
Should I broaden my networking knowledge with Cisco certs?
Should I divert over to Linux+ (have very little Linux experience, but want to learn)?
Or should I go straight on through the Sec track with SSCP?
And last of all, which jobs could/should I apply for who would hire me with my little experience, but a desire to learn and the drive to keep certifying, and an ultimate goal of infosec?

Thank you in advance for taking the time to help out a newb who's not sure which way to go. I hope that by answering me, you may also provide a base for other newbies who want to make it in infosec.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

JDMurray

The common advice I recommend is to look at job posting for positions that interest you and check what education, certification, and experience the hiring managers are asking for. After looking at a few hundred postings, you will get an idea of the clustering of certs that are beneficial to getting the type of work you are looking for.

Getting the opinions of job recruiters is also worthwhile, but don't believe the opinions of only a few recruiters or you will find yourself getting conflicting information (e.g., ""Lots of employers are asking for people with the Security+ cert!" versus "No one is getting a job with only a Security+ cert!"). You need more than a few opinions to see the true shape of the bell curve.

juster5 wrote: »

Bachelors in History (don't laugh)

Hey, my undergrad is in Anthropology with many semesters spent as a Music major. Years later--when I grew up--I got an MSIT in InfoSec to make up for it.

ramrunner800

I'm also 28, with a degree in Political Science. After Sec+ I did CCENT and CEH, and started work on OSCP. CCENT didn't do much for my resume, but the networking skills are absolutely necessary. After adding CEH to my resume I started getting calls for infosec jobs in the government sector. I got a great job working in an incredibly interesting SOC with lots of freedom to learn new skills, making great money. I work with incredibly smart and skilled individuals, and it's a perfect first infosec job. That is all to say, in my personal experience, that path worked well for me.

I think CEH caused my resume to pop for HR types. Talking to actual hiring managers, it was all about enthusiasm for learning, and some hard security skills that I learned through labbing. Good luck!

reubs6

I am in the same boat, though I am in school now and my degree will be in InfoSec. I just got my Security+ this past Saturday, and I just inquired about a job on the security team at my job. I was thinking about going for GIAC next, but I keep hearing that CEH really pops. So I am going to go for one of those two. In the meantime, I try to just read up in blogs and have joined ISSA. I also am working on getting some labs together at home.