My Path to become a Security Analyst
dhruvjain
Registered Users Posts: 4 ■□□□□□□□□□
Hi,
I am all confused and messed up for sometime regarding what should i do. I have a Bachelors Degree in Computer Science and did my eJPT. But for the past 1 year I have been working as a sharepoint developer and studied about security in between. Now i am planning to change my focus to become a security analyst and i see my path a bit unclear. There are too many certifications and too many reviews. My Plan as far as I think is Sec+ -> GSEC. After that i think, i can become an analyst. Am i good to go? And what certification can i do after it?
Thanks for your help.
I am all confused and messed up for sometime regarding what should i do. I have a Bachelors Degree in Computer Science and did my eJPT. But for the past 1 year I have been working as a sharepoint developer and studied about security in between. Now i am planning to change my focus to become a security analyst and i see my path a bit unclear. There are too many certifications and too many reviews. My Plan as far as I think is Sec+ -> GSEC. After that i think, i can become an analyst. Am i good to go? And what certification can i do after it?
Thanks for your help.
Comments
Best way to do GSEC is the work study route. Unless you have spare change.
You have 2 general paths/strategies regarding training and certifications these days. First is the objective ROI (return on investment) cert path, aka the fastest path from point A to point B. Second is the "learn how to do the job correctly" path, a comprehensive training path where you focus mainly on learning the functions rather than how HR likes your certifications.
The first is Net+ (maybe skippable) > Sec+ > CEH > CISSP
The second is less linear, but it's a mashup of SANS courses, cheaper but very good options such as eLearnSecurity's penetration testing courses and securitytube's python classes, as well as spending hours watching talks (AdrianCrenshaw/Irongeek youtube channel) of leveraging free good resources (e.g. LiveOverflow on youtube).
I did, and suggest, a mix of both, going Sec+ > SOC Monkey job > CEH > IR/CyberThreatIntel job > GMON > SOC Manager > eWPT & GWAPT > Penetration Tester
This brought me in at a decent SOC salary and then allowed me to triple that salary in ~1.5 years. YMMV, but it's definitely worth it to get your foot in, get a decent salary position, keep eating Ramen and invest your salary into your training, play the game a bit, and voila.
WGU, BS-IT, Security: C178, C255, C100, C132, C164, C173, C172, C480, C455, ORA1, C182, C168, C394, C393, C451, C698, C697, C176, C456, C483, C170, C175, C169, C299, C246, C247, C376, C179, C278, C459, C463, C435, C436.
Legend: Completed, In-Progress, Next
Thanks for your detailed reply. I was looking for a little guidance like you mentioned.
I prefer going down the second path. I loved eJPT and cracked some VulnHub machines just for fun. So i think this would be the right path for me. Any reasons why you didn't include OSCP in your certification list?
That said, the OSCP isn't a "get you in a SOC" cert. It's a get you into pen testing cert, best done after having some demonstrable security related experience. Pen testing is usually done by a team outside the SOC or in a consulting role, also outside the SOC. Very good money and fun work, relatively.
For both those reasons I didn't include it. However it's a fantastic cert, if for nothing else for the experience of it.
WGU, BS-IT, Security: C178, C255, C100, C132, C164, C173, C172, C480, C455, ORA1, C182, C168, C394, C393, C451, C698, C697, C176, C456, C483, C170, C175, C169, C299, C246, C247, C376, C179, C278, C459, C463, C435, C436.
Legend: Completed, In-Progress, Next
You may want to consider a Linux certification. You don't need to be at the engineer level, just someone who is competent on Linux in the command line.
Does the eJPT teach you things like XSS and SQL injection? If not, I would recommend some courses on that even if they don't offer a certification. I would become proficient in common "hacking" tools like Wireshark, Nessus, Metasploit, etc before pursuing higher level courses.
My opinion is that a good security practitioner is really just a generalist that specializes in security. Having a conceptual understanding of technical of all types is a positive. I maintain that being a great security practitioner is more than just getting your CISSP. It's understanding the technology & just as importantly; understanding hacker culture & the hacker mindset. You'll find it's more of a lifestyle than a job.
Offensive Security has some great online courses if you have a budget. They are recognized by the industry and will be by your peers.
You do need to be pretty resilient with this one though, many have tried and only a few Try Harder.
The free metasploit course by Offensive Security is a great place to start and one thing I wish I would have done earlier is capture my traffic when playing around with vulnhub machines and the such (to really understand networking). Nessus is pretty easy. Also, something like the Hackers Playbook 2 is recommended for anyone doing the course.
But, should you start with your basics to get a foot in a soc... I think the Sec + should not take much time to get out of the way. Just curious, where are you located?
- learn how networks operate TCP/IP packets and other famous protocols
- see puzzles and challenges from CTF games on Network Forensics where the objective is to learn what happend, digging up Indicators of compromise (IOCs).
- I also like reversing stuff like the small binaries offered on crackmes.de (I feel that an analyst should know how to analyze any foreign looking program and figure out what it does)
- I'm going after Security+ and CCNA Cyber ops (hopefully).
and I posted asking some questions about the job and received good answers you might wanna check them out:
http://www.techexams.net/forums/jobs-degrees/122179-questions-people-who-work-infosec-cyber-operations-analyst-w-blue-teams.html
wish you the best of luck.
Cyber Security Jobs | Requirements and Salaries