Next Security Certification?

Justin- · November 2014

Hello all,

My Sec+ exam is coming soon and I must say I am very interested with the material I learned/am learning at the moment from this and from external resources.

I was wondering what would be the next step after the Sec+? I have 0 IT experience at the current moment, but I want to know if there are any other 'noticeable' security certifications out there that don't require IT experience or any of that, besides ISC2 & CASP.

Thanks guys.

vasyvasy · November 2014

How about CCNA Security or CEH?
They are fairly easy ones and can get you more into security...

Master Of Puppets · November 2014

Security has its prerequisites. Maybe now is the time to learn the technologies you want to secure rather than go directly into another security cert without having the background.

Personally, I wouldn't go for the CEH right now at all. And you will need at least a CCNT for starting CCNA Security.

JoJoCal19 · November 2014

I would follow Master of Puppets' advice. I'm 8 years into my InfoSec career and I wish I had really solidified my knowledge in networking and Linux much earlier. Not doing so had relegated me to doing IAM and GRC work. On Monday I start a new job where I will be immersed into the technical side of InfoSec and I am no having to go for my CCENT and also get better with Linux.

aftereffector · November 2014

Justin- wrote: »

I want to know if there are any other 'noticeable' security certifications out there that don't require IT experience or any of that, besides ISC2 & CASP.

I used to feel the same way about IT experience, but after some time in the industry, I am thankful for every scrap of networking and systems administration knowledge I managed to learn along the way. Not a single day goes by that I don't wish I knew more about the underpinnings of Windows (Server technologies, administering GPOs, scripting, and so on), SQL, networking, Linux... you can't attempt to secure a system if you don't know how the system works.

My recommendation is that you pick an IT subject area and start familiarizing yourself with at least the basics, whether it be Microsoft, Linux, Cisco, databases, or any other fundamental skill set. Higher level security training can always come later but you will always need to know the basics.

5502george · November 2014

Depends on what you want to do in security. If you want a tech sec job go tech certs, If you want a GRC role than go Asc. CISSP.

This is a dilemma that many security professionals get caught in (If not all). You either are a full GRC role with a little bit of tech work or you are a full tech work with a little GRC work. All in all I think either route will land you some great pay. I personally see a brighter future in GRC, but I am in GRC so my perspective is a convoluted.

I know tech guys that wish they were in GRC and I know GRC guys that wish they were in tech. I agree it does not hurt to know the network and the services you are defending, but that is not always appropriate for many GRC/PM security roles.

I find myself wanting to know more about networking and penetration testing from personal curiosity, but my job only really requires a very general knowledge of networking and a very technical understating of the C&A, ATO, CTO, CTF, SDLC etc...

The grass usually seems greener on the other side

Justin- · November 2014

Thanks for all the replies. I don't want to take the CEH, simply because I would have to pay for the classes and the prices are outrageous.

I'm trying to look for self-study ones. The CASP doesn't require any prereqs, but I don't feel it would be a good idea especially since I have no real world experience just yet.

Any other answers? I am taking CCENT/CCNA later this year, but during my internship, I want to continue the Security path if possible.

markulous · November 2014

I have to agree with the other statements. Going into the security field and grabbing security certs, you need a good foundation of knowledge in whatever it is you're trying to secure. With 0 IT experience, a CCENT is a good place to start after getting the N+. I'd recommend grabbing some systems certs too like some MTA certs, then move on to some MSCE for Windows 7 and Server 2008. Going this route will give you a broad understanding in both networking and systems, which is important in security. Even if you are strictly working on network equipment, you still want to know how operating systems work as well as Active Directory, GPOs, etc.

Remedymp · November 2014

N10-005 is the next logical step with zero experience.

Check out the Comptia flow chart here.

Justin- · November 2014

I already have that. Check my certifications. Thanks

BlackBeret · November 2014

I know this isn't the usual route, but I managed to get a really good job with the base requirements of Sec+ and CEH. I didn't want to pay for it or do it at first either, but with the same resume I had about 0 call backs before CEH, and several call backs after adding it. A large part is due to the federal contract world and DoD requirements for IAT, IAM, CND, etc. Also, for all the hype about CEH and it's downsides, the classes are not bad if you're just entering the security side. Everyone's experience varies, but it got me a job so I'm happy.

Cyberscum · November 2014

^^^If you want DOD work go sec+>CEH>CISSP and you will be well on your way to a 100k career. Aside from a clean record that is

Remedymp · November 2014

Justin- wrote: »

I already have that. Check my certifications. Thanks

Well, have you thought about the RHCSA or the LFCS?

Next Security Certification?

Comments