My Path to become a Security Analyst

dhruvjain · September 2016

Hi,
I am all confused and messed up for sometime regarding what should i do. I have a Bachelors Degree in Computer Science and did my eJPT. But for the past 1 year I have been working as a sharepoint developer and studied about security in between. Now i am planning to change my focus to become a security analyst and i see my path a bit unclear. There are too many certifications and too many reviews. My Plan as far as I think is Sec+ -> GSEC. After that i think, i can become an analyst. Am i good to go? And what certification can i do after it?

Thanks for your help.

nopx90 · September 2016

After you get your Sec+ start applying to entry level roles.

Best way to do GSEC is the work study route. Unless you have spare change.

NetworkNewb · September 2016

Look at open Security Analyst positions in your area and see what they are asking for. Specifically if you like a certain companies, look to see what they are looking for.

Madmd5 · September 2016

You mentioned you completed your eJPT. Did you enjoy the material? Do you see Pen Testing as something to work towards? If so, you can focus your certs/knowledge towards that route. If you want to work in "general" IT security, Sec+, GSEC, SSCP may be worth looking into. It all really depends where in security you'd like to go.

Kalabaster · September 2016

To get a job in a SOC (what most people mean when they say "Security Analyst" the Sec+ should be sufficient. That and the ability to demonstrate an interest in the subject matter in the interview. GSEC would definitely be nice to have, and if there's an organic way for you to get into any SANS courses they are excellent for your career, but even just the Sec+ should be enough. I wouldn't get the GSEC to get my foot in, get it to learn things.

You have 2 general paths/strategies regarding training and certifications these days. First is the objective ROI (return on investment) cert path, aka the fastest path from point A to point B. Second is the "learn how to do the job correctly" path, a comprehensive training path where you focus mainly on learning the functions rather than how HR likes your certifications.

The first is Net+ (maybe skippable) > Sec+ > CEH > CISSP

The second is less linear, but it's a mashup of SANS courses, cheaper but very good options such as eLearnSecurity's penetration testing courses and securitytube's python classes, as well as spending hours watching talks (AdrianCrenshaw/Irongeek youtube channel) of leveraging free good resources (e.g. LiveOverflow on youtube).

I did, and suggest, a mix of both, going Sec+ > SOC Monkey job > CEH > IR/CyberThreatIntel job > GMON > SOC Manager > eWPT & GWAPT > Penetration Tester

This brought me in at a decent SOC salary and then allowed me to triple that salary in ~1.5 years. YMMV, but it's definitely worth it to get your foot in, get a decent salary position, keep eating Ramen and invest your salary into your training, play the game a bit, and voila.

dhruvjain · September 2016

Thank you all for your suggestions. They have been really good. I appreciate it

Kalabaster wrote: »

To get a job in a SOC (what most people mean when they say "Security Analyst" the Sec+ should be sufficient. That and the ability to demonstrate an interest in the subject matter in the interview. GSEC would definitely be nice to have, and if there's an organic way for you to get into any SANS courses they are excellent for your career, but even just the Sec+ should be enough. I wouldn't get the GSEC to get my foot in, get it to learn things.

You have 2 general paths/strategies regarding training and certifications these days. First is the objective ROI (return on investment) cert path, aka the fastest path from point A to point B. Second is the "learn how to do the job correctly" path, a comprehensive training path where you focus mainly on learning the functions rather than how HR likes your certifications.

The first is Net+ (maybe skippable) > Sec+ > CEH > CISSP

The second is less linear, but it's a mashup of SANS courses, cheaper but very good options such as eLearnSecurity's penetration testing courses and securitytube's python classes, as well as spending hours watching talks (AdrianCrenshaw/Irongeek youtube channel) of leveraging free good resources (e.g. LiveOverflow on youtube).

I did, and suggest, a mix of both, going Sec+ > SOC Monkey job > CEH > IR/CyberThreatIntel job > GMON > SOC Manager > eWPT & GWAPT > Penetration Tester

This brought me in at a decent SOC salary and then allowed me to triple that salary in ~1.5 years. YMMV, but it's definitely worth it to get your foot in, get a decent salary position, keep eating Ramen and invest your salary into your training, play the game a bit, and voila.

Thanks for your detailed reply. I was looking for a little guidance like you mentioned.
I prefer going down the second path. I loved eJPT and cracked some VulnHub machines just for fun. So i think this would be the right path for me. Any reasons why you didn't include OSCP in your certification list?

Kalabaster · September 2016

Because it's a rough target to put in front of someone immediately. It requires a serious pair, drive, and discipline to consider that so early. As a result it's super rewarding both personally and professionally

That said, the OSCP isn't a "get you in a SOC" cert. It's a get you into pen testing cert, best done after having some demonstrable security related experience. Pen testing is usually done by a team outside the SOC or in a consulting role, also outside the SOC. Very good money and fun work, relatively.

For both those reasons I didn't include it. However it's a fantastic cert, if for nothing else for the experience of it.

Chinook · September 2016

@OP

You may want to consider a Linux certification. You don't need to be at the engineer level, just someone who is competent on Linux in the command line.

Does the eJPT teach you things like XSS and SQL injection? If not, I would recommend some courses on that even if they don't offer a certification. I would become proficient in common "hacking" tools like Wireshark, Nessus, Metasploit, etc before pursuing higher level courses.

My opinion is that a good security practitioner is really just a generalist that specializes in security. Having a conceptual understanding of technical of all types is a positive. I maintain that being a great security practitioner is more than just getting your CISSP. It's understanding the technology & just as importantly; understanding hacker culture & the hacker mindset. You'll find it's more of a lifestyle than a job.

Offensive Security has some great online courses if you have a budget. They are recognized by the industry and will be by your peers.

nopx90 · September 2016

In agreeance with Chinook.. OSCP will force you to get pretty crafty and develop Ninja like skills on the linux command line (and windows) pretty quickly! You'll also get to experience many different OS's in a short time (after pawning) and doing the all important looting.

You do need to be pretty resilient with this one though, many have tried and only a few Try Harder.

The free metasploit course by Offensive Security is a great place to start and one thing I wish I would have done earlier is capture my traffic when playing around with vulnhub machines and the such (to really understand networking). Nessus is pretty easy. Also, something like the Hackers Playbook 2 is recommended for anyone doing the course.

But, should you start with your basics to get a foot in a soc... I think the Sec + should not take much time to get out of the way. Just curious, where are you located?

Abdullah.AA · September 2016

I'm also interested in pursuing a career as a Security Analyst, and I'm going down the Network Security path:
- learn how networks operate TCP/IP packets and other famous protocols
- see puzzles and challenges from CTF games on Network Forensics where the objective is to learn what happend, digging up Indicators of compromise (IOCs).
- I also like reversing stuff like the small binaries offered on crackmes.de (I feel that an analyst should know how to analyze any foreign looking program and figure out what it does)
- I'm going after Security+ and CCNA Cyber ops (hopefully).

and I posted asking some questions about the job and received good answers you might wanna check them out:
http://www.techexams.net/forums/jobs-degrees/122179-questions-people-who-work-infosec-cyber-operations-analyst-w-blue-teams.html

wish you the best of luck.

cmztech · September 2016

I stumbled on this website which has some pretty cool information regarding security paths

Cyber Security Jobs | Requirements and Salaries

My Path to become a Security Analyst

Comments