Certifications for a path in IT Security

Currently I just finished studying for my A+ and passed it and now studying for my Net+ then Security+. I want to specialize in IT Security and wondering what certs would be right for this field.

Find more posts tagged with

Comments

E Double U

If you (or your employer) can pay for SANS training then GIAC is a good way to go. Lots of people start with GSEC.

Whiteout

I feel like I see this same post or something similar everyday. Not trying to be an ass, but did you try a search first? Maybe we need a flow chart for security certifications and sticky that thing.

markulous

Here's one that I found that is useful. Infosec is a big field so kinda depends on what you want to do. This gives you a decent idea: Career Certification Path ~ GravitySec[dot]com

renacido

It's rare for someone to start an IT career in security since it's really an advanced specialization of IT.

Certs don't "get you there" either. Look at a cert as having an access card that gets you past the minimum-wage security guard in the lobby of the high-rise where you want to work. The cert helps you get past the gatekeeper who doesn't know you or what you can contribute. They just know if you have that access card they can let you go inside. But just going inside the building doesn't mean you have a job. It just helps to show that you should be considered for the job.

Experience and work history trumps certs (also trumps degrees). The best thing about certs actually is they add some discipline and establish core knowledge for working in the field/specialty. The cert proves you've learned it to at least a certain level of depth or proficiency at one time. You at least comprehend the fundamental concepts.

Typically, one starts in some entry-level role in desktop support or service desk, from there moves into systems or networking, then becomes a network security or systems security specialist of some sort (with significant knowledge of both systems and networking), then after 10 years or so of IT security experience, goes toward security management, architect, engineer, or risk/compliance roles. Some start as software engineers or web devs and become pentesters. Likewise some in the earlier stages of their IT careers gravitate toward pentesting, usually coders, the occasional network or systems guy. Forensics sort of has its own path, though forensics specialists tend to have worked in a SOC for a while and really geek over doing the investigative/port mortem stuff in the incident response cycle. Auditors and compliance folks are a bit different as well, usually some experience it IT but some are just very process and data-oriented people who enjoy doing policy and metrics oriented stuff. Risk analysis folk usually have a business education and usually were either security managers or auditors.

The question is, what to you want to do within this range of security roles?

636-555-3226

My generic response:

http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html

Mike7

renacido wrote: »

It's rare for someone to start an IT career in security since it's really an advanced specialization of IT.

Typically, one starts in some entry-level role in desktop support or service desk, from there moves into systems or networking, then becomes a network security or systems security specialist of some sort (with significant knowledge of both systems and networking), then after 10 years or so of IT security experience, goes toward security management, architect, engineer, or risk/compliance roles.

This is why infosec jobs are in such high demand, the industry is unable to find people with the relevant experience.

Anyway, the 2 posts above plus
Starting an InfoSec Career and Starting an InfoSec Career