Options
What networking do I need for Info Sec?
jerseytech
Member Posts: 59 ■■□□□□□□□□
Hello All,
Currently I'm running the VMWare AirWatch project at work. Because I'm getting into light security with AirWatch, I'm wondering if this is a good starting point to get security knowledge. With that being said, what's the level of networking you need for Info Sec?
Currently I'm running the VMWare AirWatch project at work. Because I'm getting into light security with AirWatch, I'm wondering if this is a good starting point to get security knowledge. With that being said, what's the level of networking you need for Info Sec?
Comments
-
Options
markulous
Member Posts: 2,394 ■■■■■■■■□□
What exactly do you want to do? Infosec is a broad field. If you're going to be doing networking security, then I'd say you'd probably want CCNP-level knowledge. If you're doing more malware remediation and systems security, then CCNA-level would likely suffice. Either way, you have to understand what you're protecting. -
Optionsjerseytech
Member Posts: 59 ■■□□□□□□□□
What exactly do you want to do? Infosec is a broad field. If you're going to be doing networking security, then I'd say you'd probably want CCNP-level knowledge. If you're doing more malware remediation and systems security, then CCNA-level would likely suffice. Either way, you have to understand what you're protecting.
May I ask your advice? I'm currently a Systems Administrator working mainly on Windows Servers. I do love it, but I'd also like to do some security. What security-field focus would be good for a Windows Sysadmin? -
Options
scaredoftests
Mod Posts: 2,780 Mod
In a way, aren't you dealing with SOME security on your servers? Monitoring to see if intruders are trying to get in, updates and such?Never let your fear decide your fate.... -
Optionsjerseytech
Member Posts: 59 ■■□□□□□□□□
scaredoftests wrote: »In a way, aren't you dealing with SOME security on your servers? Monitoring to see if intruders are trying to get in, updates and such?
Well yes, all of the basic stuff. Patching, monitoring, encryption, etc -
Optionsmarkulous
Member Posts: 2,394 ■■■■■■■■□□
jerseytech wrote: »May I ask your advice? I'm currently a Systems Administrator working mainly on Windows Servers. I do love it, but I'd also like to do some security. What security-field focus would be good for a Windows Sysadmin?
I wouldn't base it off of that. What do you WANT to do? -
Optionsjerseytech
Member Posts: 59 ■■□□□□□□□□
I wouldn't base it off of that. What do you WANT to do?
I don't think I fully know enough about all of the security specializations to answer that unfortunately. -
Options
cyberguypr
Mod Posts: 6,928 Mod
Well there's your answer. You need to narrow down what that next step is. Learning a bunch of networking to then realize you want a GRC or some other non-technical role would be wasting time. You REALLY need to put some effort getting to know what's out there and what you want to pursue. Time and money are usually limited, so you need to make an informed decision about how you will invest both. Go out there, check job titles, see what each one does and what skills are required.
Possible starting points:
Blue vs. Red Team careers: https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
SANS Career Roadmap: https://www.sans.org/media/security-training/roadmap.pdf
https://www.securitywizardry.com/index.php/home/cnd-ltd/recruitment/security-roles-defined.html
https://zeltser.com/information-security-job-titles-popularity/ -
Optionsjerseytech
Member Posts: 59 ■■□□□□□□□□
cyberguypr wrote: »Well there's your answer. You need to narrow down what that next step is. Learning a bunch of networking to then realize you want a GRC or some other non-technical role would be wasting time. You REALLY need to put some effort getting to know what's out there and what you want to pursue. Time and money are usually limited, so you need to make an informed decision about how you will invest both. Go out there, check job titles, see what each one does and what skills are required.
Possible starting points:
Blue vs. Red Team careers: https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
SANS Career Roadmap: https://www.sans.org/media/security-training/roadmap.pdf
https://www.securitywizardry.com/index.php/home/cnd-ltd/recruitment/security-roles-defined.html
https://zeltser.com/information-security-job-titles-popularity/
Well I DEFINITELY want to stay on the technical side. Let me ask you this. If I like Systems Administration and VMWare AirWatch, what's a few good options for me? -
Optionsmarkulous
Member Posts: 2,394 ■■■■■■■■□□
Maybe try getting into a security analyst role. Something where they're maybe a bit more of a generalist to give you a solid security foundation and see what you like. Cyberguy had some good links though to narrow it down.
-
Optionscyberguypr
Mod Posts: 6,928 Mod
OK, that helps. My advice to you is to forget AirWatch. As I've said before in your posts, this is a tool that is normally used outside of hardcore security specific teams. I doubt you will find it listed in many job posts. In fact, if you search Indeed you will see it 90%+ of the time it is listed for mobile or sysadmin roles. I work for a somewhat big well-known company and the guys who administer our AirWatch are mobility, not security. As Markulous said, Security Analyst or SOC sounds like your next logical step. Remember that the bigger the company, the more specific the role will be. Smaller/cheaper companies tend to blend roles (aka overwork you) so the potential for learning different tools/processes is bigger.
-
OptionsMadmd5
Member Posts: 83 ■■■□□□□□□□
cyberguypr wrote: »Well there's your answer. You need to narrow down what that next step is. Learning a bunch of networking to then realize you want a GRC or some other non-technical role would be wasting time. You REALLY need to put some effort getting to know what's out there and what you want to pursue. Time and money are usually limited, so you need to make an informed decision about how you will invest both. Go out there, check job titles, see what each one does and what skills are required.
Possible starting points:
Blue vs. Red Team careers: https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
SANS Career Roadmap: https://www.sans.org/media/security-training/roadmap.pdf
https://www.securitywizardry.com/index.php/home/cnd-ltd/recruitment/security-roles-defined.html
https://zeltser.com/information-security-job-titles-popularity/
+1 These sites are really helpful for those already in or looking to get into the Infosec world and what typical responsibilities may be like. Thanks for the links! -
OptionsDanielm7
Member Posts: 2,310 ■■■■■■■■□□
cyberguypr wrote: »I work for a somewhat big well-known company and the guys who administer our AirWatch are mobility, not security.
Completely agree, I'm in the same type of workplace, we also use AirWatch, our Security group doesn't really touch it. -
Options
UnixGuy
Mod Posts: 4,565 Mod
I feel like you've asked this question before, and you've mentioned AirWatch before. You've got the answers before; no one's going to tell you that Airwatch is a great tool to get your foot in security - It is simply not.
