Complete Newb - But ultimately want to go into Security career

murrayjmurrayj Posts: 5Member ■□□□□□□□□□
Hi - just joined the forum so a bit mind-boggled at this stage looking through some of it. Anyway, I ultimately want to go into a Info Security career - i used to be an accountant (not a qualified one tho). I've been looking to move to an IT career for some time now and my current thinking on a study path is to take the CompTia exams (A+, Network+, Security+), but after that I'm not sure - some say to take the CCNA exams, then the OSCP (not even sure what that is right now). Then there are other options like CEH, SSCP and CISSP. What would you suggest for someone like me starting from scratch?

Then once I've decided on my path above I need to find out how best to go about my studies - where do you suggest I get the training/books from that will give me the best or most comprehensive knowledge possible? Is it possible to study for these exams for free? I've had a look at organisations like computeach and the learning people but a bit iffy about them. I see this forum seems to have some notes sections but I'm not sure how comprehensive these are. Some pointers would be useful if anyone has suggestions. (I'm based in the UK btw).

Comments

  • Params7Params7 Posts: 254Member
    Welcome! Most people here self study for certs. The only cost is for books, equipment (if needed) and the exam registration itself. I usually get my books from Amazon. The Comptia Trio will give you a base enough to get hired for entry level IT jobs, which will most likely be helpdesk/IT Support. Generally people figure out from there if they want to specialize in networking (Cisco certs), Servers (Microsoft/Linux tech) as they seek to climb the ladder in their organizations. Of if you know what you like beforehands, you can start studying for those certs after the trio. OSCP is an info security cert - something for folks with some experience in the field.
  • JasminLandryJasminLandry Posts: 601Member
    If you're just starting off, forget about all those security certs for now, start off by landing a job as this is the most important step. You'll probably never get an info sec job if you don't have an IT related experience. Since you also don't have any IT experience, I would also start off with the CompTIA trio. Once you get your foot in the door and have a couple of years of experience, then you can start looking more into those security certs. Also, some certs like CEH, SSCP & CISSP require experience so you absolutely need to get experience first.

  • xdfeverxdfever Posts: 14Member ■□□□□□□□□□
    yea id start the TRIO first. that's what im doing. then move on from there.
  • Kinet1cKinet1c Posts: 604Member ■■■□□□□□□□
    You're making the same move now that I took about 6/7 years ago, part qual accountant to IT. :) Best of luck. I've found IT to be more pleasant environment for me personally to work in. The most difficult task you're going to face is landing your first job. Don't be picky with your first job, get in and get experience on your CV. From day 1 in your first job, start (or continue) to read about subject matter which interests you.


    IT is not like finance, where they tend to look for "5yrs post qual experience", if you have knowledge and can apply it, you will get hired. You will still come across those few people who will look down on your for not having a degree in IT (or anything) but they tend to be with the larger consulting firms whom you probably won't have the experience to join for a few years anyway.


    IT is a vast industry with many many routes to take. Even info security has many options so make sure you know which route you want to take why. You could end up as a security auditor, which is no different to an accountant/auditor in your previous career... ticking boxes. If you end up in a SOC, you could be monitoring for malware/intrusions or perhaps doing pen tests or similar work. I was sure networking was my thing but when I got in to studying it and applying it, I just didn't enjoy it whereas now I'm playing with linux most of the day which is fun for me.


    IT certifications are a great way to gain knowledge and get noticed by recruiters. You will inevitably come across future colleagues who will say stuff like "oh, they're a waste of time" like most people on here have. Those colleagues are probably still in the same job while the rest of us are moving on up.


    Get your A+ and Network+ and then progress to CCNA. Even if you never go on to work with cisco equipment, the knowledge within the CCNA will be invaluable throughout your career. Just pick up the books and check out Professor Messer IT Certification Training Courses . Don't rush in to the exam too quick, make sure you know the material and try some practice exams.


    Always ask questions and as you progress you'll get better at asking the right questions.
    2018 Goals - Learn all the Hashicorp products

    Luck is what happens when preparation meets opportunity
  • the_Grinchthe_Grinch Posts: 4,158Member ■■■■■■■■■■
    A strong foundation is what I would focus on right now. Since you are completely new, I would focus on A+ and Network+ and then find a job. Once you have about a year on a help desk begin to review to see where you'd like your career to go. While I understand that your aim is security it is a very broad field and you will need to consider what you'd like to specialize in. Want to do network security? Build a foundation in networking (Cisco, Juniper, etc). Want to work in server security? Build a foundation in system administration (Windows, Linux, etc). After a solid two years or so I would then start looking into security certifications.

    Without a foundation in some form of technology you cannot hope to secure that technology nor will you know how to respond in the event of an incident. I had a solid foundation in system administration, excellence troubleshooting skills (it's interesting how troubleshooting skills go hand in hand with incident investigations) and decent networking experience. All that combined with security coursework added up to being able to prevent, detect and respond to incidents as they arise. Without knowing how various operating systems act, are administered and how to troubleshoot (looking at logs) I would have never been effective in my current position.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • murrayjmurrayj Posts: 5Member ■□□□□□□□□□
    thanks for the replies guys - i've started to look for some junior helpdesk positions, so in the meantime i'm going to study for the A+ and Network+ exams.

    yeah kinet1c, i always just drifted before with my accounting career - actually accounting was never really a career to me, just something that i fell into and kept doing for 15 years and never became qualified. I said goodbye to accounting about 5 or 6 years ago when i decided to work for myself in an online marketing capacity - it was working for myself online that rejuvenated my interest in IT (and particularly in data security) which I always had way back in college days - so now I'm finally doing something about it. Right now, I think i would like to work for a SOC eventually but i guess i'll figure that out along the way.

    Thanks again for the replies.
Sign In or Register to comment.