Certificates after Cyber Security Degree

Hi all,

In May, 2017 I will be graduating from a Bachelor of Science in Cyber Security (4 years) degree. I want to get some certificates straight out of university.

I want my career to be focussed on Networks, Infrastructures and Information Security.

In the end I would like to own my own Information Security consulting business (In 10 years, maybe?).
I am British and I am studying in the UK, but I have been raised in Spain and the whole province(county) where I am from has a lot of small/medium sized businesses but there isn't a Security business. The closest one would be like a 2 hour drive. I would like to open my own company there, when I have the experience.

Originally I thought about getting the CompTIA N+ straight out of university, then the CompTIA Security+ afterwards. However, due to the fact I will be doing a lot of Security during final year of university, i thought maybe I should do Security+ whilst it is all fresh, then do Network+ after that.

I would also like to get the CCENT and CEH, and eventually CISSP.

What do you guys think? Should I do anything else? Any tips on progressing towards CISSP and owning my own company?

If you have any questions, please don't hesitate to ask.

Thanks,
Curtis.

Find more posts tagged with

Comments

OctalDump

InfoSec is a broad field. Sec+ is a good start, since it covers a broad sweep.

A few of the areas of InfoSec are:
Security Administration
Management
Network Defence
Auditing
Incident Handling
Forensics
Penetration Testing
Secure programming

With an interest in infrastructure, probably the Enterprise Defence is the better fit. For this you can take the various vendor certifications eg MCSA Server 2012 (or 2016), CCNA R+S or CCNA Security, Red Hat, VMware, AWS, Checkpoint etc etc etc (it's a long list).

I'd strongly suggest going further than CCENT if you want to get some depth of understanding. There's a whole career just in network defence, and a CCNP level certification (or two or three) could be the longer term aim.

In all likelihood you will probably end up with a few different infrastructure certifications and at least one area in depth, along with your security certifications (and CISSP is a good thing to aim for). Cisco, Microsoft, and VMware are safe bets today, but possibly in 12 months AWS will be a better option.

So, get your base level certifications as soon as you can (Net+ or CCENT, Sec+, maybe an MTA or MCP). Aim to have something solid like an MCSA or CCNA about 12 months out, a 'professional' level at about 3 years out, and 'expert' at about 5 years out. Just things to aim for, your career might take a few turns and things take longer than that (or shorter, if you're lucky). By about the 3 year mark, you should be transitioning into a "security focussed" role. So that might mean lots of time with network firewalls, or doing vulnerability audits, or trawling through logs or configuring Group Policy to harden machines or whatever. To get CISSP you need that security experience.

For an IT career, you have to make a balance between staying focussed on a plan and being flexible and open to opportunity: getting fixated on the latest and greatest tech now to become expert in 5 years might be a mistake if that tech is gone in 3 years. It's entirely possible to build a nice niche for yourself that can disappear when a vendor says that they are no longer supporting x product.

BlackBeret

Actually your plan seems fairly spot on. One thing that I see often with consulting and contracting companies for security is that they want you to have a base in everything, and in depth knowledge of security. A basic Windows cert, a basic Linux cert, a basic Networking cert, a database cert for some positions, and then as many security related certs as you can manage. Just remember, certifications are barely worth the paper they're printed on. It's the knowledge and experience to back them up that really matters.

The most important thing you can do while still in school is to try and find an internship or part-time job. There are plenty of new grads out there with no experience and can't get a job. Getting the experience is exponentially more important than getting certs. If you can find a security focused internship that would put you years ahead of others who will end up in other positions and trying to figure out how to move over to security.

ITSpectre

I would say based on the threads here.... to skip the CEH and either get a eJPT or get your OSCP. The CEH really is looked down upon by many in the Infosec field.

ITSpectre

Also learn a programming Language (python, java, C++) and also learn Linux... and powershell. If you want to go into infosec they are skills you need especially for Penetration testing.

OctalDump

BlackBeret wrote: »

The most important thing you can do while still in school is to try and find an internship or part-time job. There are plenty of new grads out there with no experience and can't get a job. Getting the experience is exponentially more important than getting certs.

Yes to this x100. Work experience! It will allow you much more easily to transition to fulltime work after university if you have already some part time work happening. Actually working is also really useful for just figuring out what you might want to do. You might discover that once you are working with something, that you hate it, or that the fringe thing that you weren't really aware existed is really interesting.

cwelber

Congrats! I'm 1 1/4 courses away from my Cyber masters with a 4.0 GPA (fall 2016 graduation estimated). I think education plus certs make for a good career path. Cert's are great too, but especially in Infosec these days you need to be able to write a good academic level paper which is one reason I think education is good.

beads

Since you have no practical experience with actual security outside of the scholastic setting you might want to pursue a year or so doing audit where you can learn the real basics of security: controls, counter controls, interviewing, vulnerability management and in general learn just how quickly your end users will lie to you about whether their shoes are tied or not. Really, you will learn more in your first six months of audit than your think you learned getting a degree in "security".

- b/eads

CurtisCurtis

Hi all,

Thank you for the responses. It is greatly appreciated.

I think whatever happens I need to start with the ompTIA N+ and S+. Which one should I do first? I understand some of the N+ is on the S+ therefore N+ first would be the normal route, but as I am going to be fresh out of university, I think a lot of the S+ stuff will be fresh in my mind. Would anyone recommend doing the Security+ before the Network+

Relating to the experience, you guys are right. Experience is just as essential as the certificates. I am currently completing a one year industrial placement at Experian as a Business Support analyst. It's mainly SQL, Data Anlysis and Fraud Prevention, but I have had basic exposure to PCI DSS, FCA Regulation, Information Security training and other topics which I am sure will help my career. I am looking forward to graduating and getting a Network Engineer, Information Security (SOC) Analyst, or Infrastructure Analyst position to get some experience in an IT area that I am focussed on turning into a career.

After reading the comments I think after S+/N+ I should get a basic Windows certificate, then a Linux certificate, maybe even the CCENT, too.

Thanks for the advice guys.

But don't stop there, haha. Any more advice is greatly welcomed.

Curtis