Certifications for a path in IT Security

Benito9Benito9 Posts: 1Registered Users ■□□□□□□□□□
Currently I just finished studying for my A+ and passed it and now studying for my Net+ then Security+. I want to specialize in IT Security and wondering what certs would be right for this field.

Comments

  • E Double UE Double U Posts: 1,477Member ■■■■■■■■□□
    If you (or your employer) can pay for SANS training then GIAC is a good way to go. Lots of people start with GSEC.
    CISSP, CISM, CISA, GPEN, GCIA, GCIH, CEH, etc

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • WhiteoutWhiteout Posts: 248Member
    I feel like I see this same post or something similar everyday. Not trying to be an ass, but did you try a search first? Maybe we need a flow chart for security certifications and sticky that thing.
    Never stop learning.
  • markulousmarkulous Posts: 2,375Member ■■■■■■■■□□
    Here's one that I found that is useful. Infosec is a big field so kinda depends on what you want to do. This gives you a decent idea: Career Certification Path ~ GravitySec[dot]com
  • renacidorenacido Posts: 387Member
    It's rare for someone to start an IT career in security since it's really an advanced specialization of IT.

    Certs don't "get you there" either. Look at a cert as having an access card that gets you past the minimum-wage security guard in the lobby of the high-rise where you want to work. The cert helps you get past the gatekeeper who doesn't know you or what you can contribute. They just know if you have that access card they can let you go inside. But just going inside the building doesn't mean you have a job. It just helps to show that you should be considered for the job.

    Experience and work history trumps certs (also trumps degrees). The best thing about certs actually is they add some discipline and establish core knowledge for working in the field/specialty. The cert proves you've learned it to at least a certain level of depth or proficiency at one time. You at least comprehend the fundamental concepts.

    Typically, one starts in some entry-level role in desktop support or service desk, from there moves into systems or networking, then becomes a network security or systems security specialist of some sort (with significant knowledge of both systems and networking), then after 10 years or so of IT security experience, goes toward security management, architect, engineer, or risk/compliance roles. Some start as software engineers or web devs and become pentesters. Likewise some in the earlier stages of their IT careers gravitate toward pentesting, usually coders, the occasional network or systems guy. Forensics sort of has its own path, though forensics specialists tend to have worked in a SOC for a while and really geek over doing the investigative/port mortem stuff in the incident response cycle. Auditors and compliance folks are a bit different as well, usually some experience it IT but some are just very process and data-oriented people who enjoy doing policy and metrics oriented stuff. Risk analysis folk usually have a business education and usually were either security managers or auditors.

    The question is, what to you want to do within this range of security roles?
  • Mike7Mike7 Posts: 1,060Member ■■■■□□□□□□
    renacido wrote: »
    It's rare for someone to start an IT career in security since it's really an advanced specialization of IT.

    Typically, one starts in some entry-level role in desktop support or service desk, from there moves into systems or networking, then becomes a network security or systems security specialist of some sort (with significant knowledge of both systems and networking), then after 10 years or so of IT security experience, goes toward security management, architect, engineer, or risk/compliance roles.
    This is why infosec jobs are in such high demand, the industry is unable to find people with the relevant experience.

    Anyway, the 2 posts above plus
    Starting an InfoSec Career and Starting an InfoSec Career
Sign In or Register to comment.