Security + Now lost....

gutsguts Registered Users Posts: 3 ■□□□□□□□□□
Hello,

Firstly I would like to thank you for taking the time to read my post, and any suggestions/opinions would be greatly appreciated.

I have just finished up with the A+, N+ Sec+ trio (passed sec+ with a 900 this week) and would like a little advice as to where to focus my time and limited resources. I have little to no real world hands on experience (2 years small company network management) bar my recently built home lab to play around with. I am desperately wanting to break into the Info sec world without getting sucked into the help desk trap if possible, but if that has to be done which path outside of work can help speed up the route to a security based role. I am not really sure which area I would like to specialize in, but would like to make efficient use of my time while building up to this decision. I currently seem quite interested in all areas and would love to try out everything, however time and resources are limited and of course you need to focus the beam to get any real results.

I am 33 and have no degree, a couple of entry level certs and a few years limited experience (as stated above). I am wondering what would be the most efficient direction to move at this current point in time. Should I say hit CCENT then CCNA: Security to cover the networking basics, then something like MCSA/MCITP to cover systems basics perhaps with something Linux orientated to cover another system. Then I could move on to something like CASP to further my security knowledge and follow this up with CISSP. Throwing in CEH just for an introduction to the pen side of things and if I like it I can always try OSCP etc.

I feel a little overwhelmed with all of these certs to cover, but I am pretty good with self study and find I can pour lots of structured time into certs especially with the free time I currently get at work. I am aware that certs are not everything hence my home lab to explore things hands on until I get work in the field. I have started learning Python as well for some scripting. I would love some advice as to whether I have the right idea, trying to cover all bases to begin with and see where it goes. Have I missed anything out? What do you think?

Many thanks

Dan

Comments

  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    1. Look for jobs you want on a job board
    2. see what knowledge/experience/certs they are asking for
    3. get those
    4. get job
    5. profit
  • soccarplayer29soccarplayer29 Member Posts: 230 ■■■□□□□□□□
    ^ Agreed. See what the requirements are and then you have your goals.

    Because you already have some certs and are looking to acquire more, I'd consider looking into a Bachelors degree from WGU (some WGU people can chime in on this) and maybe contact and advisor to see how many credits you'd transfer in based on certs and what certs you'd earn. Might be able to get your bachelors and all the same certs at the same time.
    Certs: CISSP, CISA, PMP
  • MowMow Member Posts: 445 ■■■■□□□□□□
    Talk to your boos to see if you can expand the company's current offerings to include security audits. If no, then maybe start selling them on your own. The nice thing about smaller companies is that they are a lot more flexible and may be interested in offering services based on your growing skills. Or they may allow you to work on your free time with customers as long as it doesn't interfere with their offerings.
  • swaingantswaingant Member Posts: 6 ■□□□□□□□□□
    guts wrote: »
    I have just finished up with the A+, N+ Sec+ trio (passed sec+ with a 900 this week)

    Hi Dan,
    You got a 900 out of 900 on the Security+??

    Are you sure that you have "no real world hands on experience"?
    lol

    If i may ask, what study material did you use to prepare for the exam??

    Thanks!
  • Dakinggamer87Dakinggamer87 Member Posts: 4,016 ■■■■■■■■□□
    1. Look for jobs you want on a job board
    2. see what knowledge/experience/certs they are asking for
    3. get those
    4. get job
    5. profit

    +1 Agree and I also have another vote for WGU!! It's a great way to earn your degree and gain certs at the same time. It is also very cost effective so I would highly recommend looking into it as an option. ;)
    *Associate's of Applied Sciences degree in Information Technology-Network Systems Administration
    *Bachelor's of Science: Information Technology - Security, Master's of Science: Information Technology - Management
    Matthew 6:33 - "Seek the Kingdom of God above all else, and live righteously, and he will give you everything you need."

    Certs/Business Licenses In Progress: AWS Solutions Architect, Series 6, Series 63
  • gutsguts Registered Users Posts: 3 ■□□□□□□□□□
    Thanks for all the replies, some good points. As it stands I am aiming towards the CISSP and security analyst avenue, however as I said I am not really sure and may end up in forensics or who knows what. If I do aim towards CISSP is my previously mentioned path of certs a good idea? Say do I go CCENT - CCNA: sec - MCSE - CASP/SSCP/CEH - CISSP, or do I just keep to the security certs and go CASP/SSCP/CEH - CISSP A cert is all well and good but surely filling out a more rounded understanding of technologies would be better in the long run, while getting in the 4/5 year requirement to become fully accredited.

    The WGU degree seems interesting, I wonder what its validity is across the water as I am in the UK. I guess its something viable to research, thanks!

    swaingant wrote: »
    Hi Dan,
    You got a 900 out of 900 on the Security+??

    Are you sure that you have "no real world hands on experience"?
    lol

    If i may ask, what study material did you use to prepare for the exam??

    Thanks!

    Hello swaingant!

    Yes I was quite surprised actually, I felt a little sweaty with the wording of some of the questions half way through, probably beta questions throwing me. I was well prepared for the sims too, putting those memorized port numbers to use! I used Darril Gibson's book 'Get certified, Get ahead' along with professor Messer's video's. I really enjoy Darril's books, used them to pass with 900 on A+ and Net+ too (at work the most I have to do is reset the router/server or add a new user so I still maintain no real experience), very informative and easily digestible. The website also has some sim advice which was helpfull in knowing what to expect. I also did a shed load of practice questions and understood the wrong answers as well as the correct ones. I hope this helps others as it was great for me.

    Mow, I would love to ask my boss or sell security audits to local businesses but I have no idea how to do that :) I guess spending time with my lab and working towards this is a good idea too!
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    guts wrote: »
    Hello,

    (passed sec+ with a 900 this week)

    Hahah that's funny I got the same score 900/900. The proctor was convinced I cheated.

    FYI: I went CISSP immediately after S+ and passed in about a months time. I over prepared for the S+, but was prepared for the CISSP at that point.
  • gutsguts Registered Users Posts: 3 ■□□□□□□□□□
    I see, however that would do me no good as you require 4/5 years security based experience to validate CISSP, and I have none.

    So currently I am thinking of going CCNA:sec then MCSA then CEH/CASP/CISSP. Although a WGU degree sounds interesting but I am from the UK and the closest thing I have found here is a 6 year part time open university course, which sounds horrible.

    Another thought is I can study for several hours a day where I currently work, however the pay is crap and I am not really getting any IT experience, I could move on to a proper IT roll and get paid more while gaining experience too, but have no time to study except outside of work. hmm
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    guts wrote: »
    I see, however that would do me no good as you require 4/5 years security based experience to validate CISSP, and I have none.

    What part of security interests you?
Sign In or Register to comment.