Career Advice needed - Information Security

SherrySyed

Hello Everyone,

I am quite confused about my career path so i need proper guidance from you guys. I have completed my masters in computer networks and security from uni of waterloo but there i hardly took any security courses (except cryptography) and most of them were just networking. I am now working as a SOC analyst in one of the companies and would like to excel in my career of Information security. Currently, i dont have any ceritificaton except CCNA (R&S). I see so many colleagues around me who just have a diploma and they are pretty much smarter than me. Does this masters even worth it if i have to excel in Information security?. What track should i choose which would help me earn a lot of money and which is also inn these days?. I am confused because there are lots of security certifications to go for, but i wanna be the best guy of security one day. Please provide me some serious guidance. Thanks.

The Silent Assassin

Get your experience first then worry about certifications if you want something to hang on the wall. Experience will always trump certifications. There are many routes you can take for security such as firewalls, Auditing, Pen Testing, management... it all depends on your interests. There is no such thing as the all in one security guy because in large organizations they have teams that address each security area.

My suggestion is to look at one of these two sites GIAC Information Security Certifications | Cyber Certifications and https://www.isc2.org/ to see what you want. If your goal is to really become the all in one security guy then start with the ISC2 site and target the SSCP.

broli720

Also check the forums here. There are so many threads on this very topic that can point you in the right direction.

SherrySyed

Thanks guys,

I have just started with the security analyst position but most of the time i am just doing board monitoring and little bit of customer care. I want to enhance my domain and as far as my interest is concerned so i dont know yet about the security areas. If you guys can suggest me some area which could be the best in future since everything would eventually get connected and security would be a big thing. Most of them here is going for SSCP and then CSSIP. There are couple of them who are interested in CEH track. What certifications are in demand these days to grow in Security career and highly paid?. Also, if you could tell me some of the best information security organizations to work for.

IIIMaster

Why did you go after a master degree to learn security ? That is usually taught at the bachelors level or you could have earn a certificate or certification. Also there are plenty of post bachelorette certificates programs that are NSA and DOD accredited. The main security certifications are CCNA security, CEH, Comp-Tia Security +, and CISSP.

SherrySyed

Man actually i m from another country. I did my bachelors in telecom engineering but i didnt like it that much. I then came to canada and i did my masters in computer networks and security, thinking that would help me get a job here in networks / security in canada. I am 27 years old now and i have just started working as a SOC analyst. Here i see so many ppl working as an analyst with just a diploma and they are just 22 yrs old, that freak me out sometimes. I need advice from you guys what to do now?. Is this SOC analyst field worth giving a shot and for how long?. Which career path shall i take in security field that would help me become financially stable as well as knowledgable. I like information security but i m not sure about what path to take?. What certifications to do?. As a SOC analyst i m just monitoring threats and escalating and doing some customer care, but i dont want to do this forever. Guide me what to do?. These guys are pretty young like 22 but i m 27, i dont want to take risks in my career now.

JDMurray

Being a SOC analyst is a good way to get into an organization so you can move to another position along your career path. From there you can move into other departments, like pen testing (vulnerability assessment) or network operations. You could also move to risk management and planning. You may eventually find yourself interested in a management position in IT security. Nobody is expected to stay in an analyst position for their entire career.

A SOC analyst isn't an entry level position in most places, so I'm surprised to hear of junior-level people being hired. There might be a high level of burn out in that organization, or maybe the position isn't paid very well for the work involved, so junior people are all that are willing to accept.