(picking certifications) No experience. taking 3 months off to study

Im a recent business grad that is looking to go into infosec. After not getting accepted to the only job that would consider hiring someone with no technical experience, I have decided to take 3 months off (no work, just studying) to teach myself python and get some certifications under my belt before looking again.
With that in mind, what certificates would be the best use of my time.
These are the ones i had in mind, in order but obviously im open to suggestions
1. Comp TIA A+
2. GSEC: SANS GIAC Security Essentials
3. Comp TIA Network +
4. Comp TIA security +
5. CEH
6. CISSP

Not sure what I will be able to crank out in 3 months. I was hoping at least 2 as well as becoming proficient in python.
Any other advice in the info sec career path is also much appreciated.
Thanks

Find more posts tagged with

Comments

PC509

No technical experience? Take the entry level ones: CompTIA A+/Net+/Sec+. The trifecta. It's obtainable in 3 months (lots of studying with no experience).

Remember, though: you're starting from the bottom. It'll take a bit before you hit that infosec job. Look into helpdesk or something as a start. From there, it's fairly easy to move up to jr. sys admin and up if you have the determination and the will to succeed.

The others, especially the CISSP, would need some experience. The CISSP requires 5 years of infosec experience within 3 domains. CEH is easy, but I had experience and several other certs before I took it. I still feel it's an entry level infosec (but not entry level IT) cert.

Start from the bottom. Then work up. A+, Network+, Security+ will be a great foundation. Couple that with a year or two of helpdesk and you'll be ready to tackle the harder stuff.

hellar

Thank you for your comments, i really appreciate it.

tmtex

If you want to jump into InfoSec , Certs are not only going to get you a job. Get the A+ and get a helpdesk/desktop job. Do the Trifecta while trying to get a job

jcundiff

Definitely agree, A+>Net+>Sec+> GSEC and then the higher certs the CompTIA hat trick will build a solid base for the advanced certs

TechGuru80

Getting into InfoSec without any experience or at least a degree in the subject is going to be quite challenging. Honestly, I would not take time off, I would try to get a help desk job or any IT job you can....that way you are at least in technology....and get certifications while working and try to branch out. Nobody is going to want somebody securing their networks that has no time behind the wheel...it's just too much of a liability. Get the CompTIA trifecta (A+, Network+, Security+) and then reevaluate....probably C|EH or GSEC would be two good options to get you more into the Security mindset. More than likely the trifecta will take you at least 3 months but without work experience you are likely to be in the same boat you are in now.

Python is great to know....but it will not help you break into InfoSec because it is good for scripting/automating stuff you should know prior.

I repeat....get a job in IT...any job...work on certifications while gaining experience....and keep applying to InfoSec roles (possibly even wait until you complete the trifecta).

hellar

What type if entry level jobs could I get with no experience? Help desk, anything else?

TechGuru80

Help Desk....maybe a junior system administrator. Without debate your first job probably will not be amazing but you have to start somewhere. I would probably avoid something like Geek Squad unless you had to because they aren't really doing any enterprise stuff and that is what you need.

hellar

Thanks, ill have to see if my university will help me find some entry level IT job. It sucks most dont want to touch you with a 10ft poll unless you have a CS or MIS degree. I know im on the bottom of the totem poll which i feel makes it even more important that i dedicate my time in the proper direction if possible.

yoba222

I agree with TechGuru80. Definitely get a job in IT, even if it is less pay, not infosec, and not a dream job. Entry level help desk or something similar. It's not about the pay yet and it will be temporary anyways. Work experience will give you a taste of what you might not realize you like (or dislike). Technically on paper you'll have less study time towards certs. However, employees are often okay with studying on the job if you can pull it off gracefully--and this often complements progress towards certs instead of inhibiting progress.

The soft skill practice of landing the first entry IT jobs is valuable too. You'll only get better and better at interviewing, resume tweaking, landing the job, phone interviews, the feeling of getting a salary locked in without negotiating, etc., so get good in these skills using the entry level jobs you care less about as practice dummies so to speak, so when a dream job comes along you'll nail it and get a salary you want as well.

You're guaranteed to have zero gains in job-landing soft skills practice during those three months if you never try.

As far as not landing the so-called only job that would hire without experience--well-- if you don't have a spreadsheet or similar to keep track of all the jobs you are applying for you're not applying for enough jobs. And if you are really really not getting hired I'd suggest an A+ to get in the door.

hellar

Thanks, im surprised so many people value help desk jobs.I would have thought that would have been a waste of time / effort. I will definitely get the A+, network+, sec+ certs, they seems to be a overwhelming favorite to start out with

Danielm7

It's not that we value helpdesk all that much but you need a foundation, and you can't get that without work experience. It's highly unlikely anyone is going to hire you without an IT related education, certs or work experience so you have to start somewhere.

Why a business degree if you wanted to go into infosec? What is it about security that interests you? Have you done anything on your own? Virtual machines, building your own computers, etc?

80hr

I can honestly say that working my way up to helpdesk manager has worked well for me. I am not sure I would even be in the InfoSec field much less have CISSP if I didn't start from the bottom of level 1 helpdesk.

Don't write off helpdesk... start there and work your well up. Learn how to deal with people and problems as they come up and make a name for yourself.

PCTechLinc

I've never had a helpdesk job, but I have held a few customer-facing positions. CompUSA as a bench-tech WAY back in the day (late 90s), RadioShack for 7 years, Geek Squad for a few months... that experience taught me how to work with (and for) people that had varying levels of knowledge in computers. I hope I never have to go back to that, but I am infinitely grateful I went through those experiences.

kabooter

hellar wrote: »

Thanks, im surprised so many people value help desk jobs.I would have thought that would have been a waste of time / effort. I will definitely get the A+, network+, sec+ certs, they seems to be a overwhelming favorite to start out with

Regarding Helpdesk remember one thing - It is a job NOT a career. I made this huge blunder and am paid the price. My suggestion would be to go for MCSA and CCNA quickly. A+/N+ is too basic IMHO. Sec+ is doable in 3 months but get ccna security so as to not put all eggs in one basket. Get the certs, get a simple networking job, if not get helpdesk. After 6 months take another month or two off and study for cissp 15/16 hours a day - Yepp you read it right. Get the Associate of ISC and jump full time into infosec. if you want to stay on networking side don't waste time on security.

hellar

Danielm7 wrote: »

It's not that we value helpdesk all that much but you need a foundation, and you can't get that without work experience. It's highly unlikely anyone is going to hire you without an IT related education, certs or work experience so you have to start somewhere.

Why a business degree if you wanted to go into infosec? What is it about security that interests you? Have you done anything on your own? Virtual machines, building your own computers, etc?

Its the classic get 3 1/2 years into a degree take a required MIS class and fall in love with info sec but it being too late to get another degree. Ive been building computers for years, basic trouble shooting for everyone. Playing around with wireshark, SSL Shell on websites like overthewire.org, reading books on social engineering, stuxnet and staying up to date on article from kerbs, tripwire, ars technica. Any time i see a article on any type of breach and research more into it, just to get a better understanding. Have done non formal intro so cyber security courses giving me a general understanding of cryptography , malware, networking and communications, but all very basic stuff. But in the end, nothing of hard value to put on a resume.

hellar

I do appreciate all the advice yall have given, and look forward to more.

p@r0tuXus

kabooter wrote: »

Regarding Helpdesk remember one thing - It is a job NOT a career. I made this huge blunder and am paid the price. My suggestion would be to go for MCSA and CCNA quickly. A+/N+ is too basic IMHO. Sec+ is doable in 3 months but get ccna security so as to not put all eggs in one basket. Get the certs, get a simple networking job, if not get helpdesk. After 6 months take another month or two off and study for cissp 15/16 hours a day - Yepp you read it right. Get the Associate of ISC and jump full time into infosec. if you want to stay on networking side don't waste time on security.

I partially agree. I did the same thing with working one tech support call center job after another. Mobile Customer Support, ISP Residential Support, Various Tech Sales Gigs and Laptop Repair. All over the place but never the exact same job. Always expanding that broad knowledge-set. Eventually, without certs or a degree, I got onto a NOC. From there I started knocking out some certs. The hours overnight helped with access and learning materials. People to bounce things off of. Etc. It sounds like you're really into the field, just not formally - and I feel you there. I think CCNA R&S/-S would help you from a networking standpoint. MCSA for SysAdmin Experience. A+/N+ would help get onto a helpdesk and give you resume experience while you work on those things. If you interview well, you could probably get something basic in security with a Sec+ (depending on where you live). Best advice: Buy books & work on it with a solid game-plan in your own time. Stay on it. From my experience, falling away from the game makes it that much harder to catch up.

TechGromit

jcundiff wrote: »

Definitely agree, A+>Net+>Sec+> GSEC

You can pick up the first three of these certs about $1,200 for books, practice tests and exams costs, but the GSEC is a $6,650 investment, even if you obtain study material from other sources (Ebay, borrow, steal) you still looking at $1,000 for the exam alone. SANS certs are great, but they are something you should try to get your employer to pay for. For most people they are out of reach financially, my two GIAC certs cost my company around 20k when you consider course cost, exam voucher, hotel, meals and travel.

thatguy67

Somewhat agree with kabooter, but the MCSA and CCNA can't be done in 3 months.

I had that exact plan in September 2014 (my thread: http://www.techexams.net/forums/general-certification/104366-would-realistic-valuabe-focused-cert-path.html). I ended up getting those certs more than a year later.

If you have a 3 month timeline the CompTIA trifecta is the most ambitious combo you should attempt. For practicality I would focus just on Security+ because it's the most widely known jr. infosec cert, with the SSCP being a semi-distant second IMO. The CISSP can't be done because you need 5 years experience. The GSEC is brutally expensive and doesn't have too many benefits over the Security+ (the SANS certs for Pentesting and Malware Analysis are world-class however but that's not entry-level) and the CEH doesn't seem to be highly regarded. Any comments I said about name recognition should be read under the consideration that I'm in Southern California and those are the experiences/conversations I've had in regards to certs and what's in demand.

ypark

Given OP's hands on experience (building computers and etc), I would recommend skipping A+ and going for Net+ and Sec+. By the time these two are completed, and couple of months on the job, OP should have more of an idea of where to go from there. Long term goals are nice but when you are just starting out, plans change. Frequently.

I think the most important thing is to land an entry level position ASAP. Do not delay getting a job as certs cannot replace experience.

hellar

Thanks, Im having trouble even finding a helpdesk job with no experience, but I have a interview the a head hunter tuseday and i will see if the universities career center can find me something. maybe some tech work at the university.

GeekyChick

Hope you don't mind me jumping in on your thread. So, where would you recommend looking for an entry level job? Temp agencies, head hunters, LinkedIn, any other suggestions? I have 13 yrs in networking but have been out of industry 10+ years.

ps @hellar the university is a great place to work. I worked at one in IT department for years.

stryder144

If you are serious about IT, then you need to prove it before anyone is going to take a chance on you. If you have the time and resources to take three months off you will need to prove to a future employer that you weren't just slacking off. To that end, find a charitable organization that you can volunteer your time to and repair some computers, troubleshoot their network, etc. Depending on the charity, you could make some great contacts that may eventually land you an interview and a job.

While volunteering, make sure you are studying and labbing for a certification or three (the CompTIA trifecta would be a good foundational start). As you study and lab, make sure you document your progress. Get a free blogging account and put your progress on there. Then link to it on LinkedIn, Facebook, Twitter, etc. Be sure to refer to it in your resume and during interviews. That will give future employers a feel for who you are and what you know. Just be cautious, though. Too many people put together blogs that look childish or have far too many grammatical or spelling errors to be taken seriously. If your English skills need some help, consider using Grammarly.

Lastly, branding. Make sure your LinkedIn profile looks good. Get a professional looking photograph and post it. Do not, under any circumstances, post anything on LinkedIn that falls within the three deadly social sins: sex, politics, and religion...unless you happen to be targeting jobs within those three areas. Make sure that the message on your blog matches reality (nothing worse than seeing blog postings that are positive and uplifting then meeting the author who is nothing but negative). If you have a social media presence, make sure that you are not posting about how wasted you got last night...employers do conduct their due-diligence through open source intelligence gathering and you will be eliminated before the first contact from them.

Good luck and keep us posted as to your progress...we are here for you and want you to be successful.

*Iceweasel jacked up the formatting, had to correct it.

hellar

stryder144 wrote: »

If you are serious about IT, then you need to prove it before anyone is going to take a chance on you. If you have the time and resources to take three months off you will need to prove to a future employer that you weren't just slacking off. To that end, find a charitable organization that you can volunteer your time to and repair some computers, troubleshoot their network, etc. Depending on the charity, you could make some great contacts that may eventually land you an interview and a job.

While volunteering, make sure you are studying and labbing for a certification or three (the CompTIA trifecta would be a good foundational start). As you study and lab, make sure you document your progress. Get a free blogging account and put your progress on there. Then link to it on LinkedIn, Facebook, Twitter, etc. Be sure to refer to it in your resume and during interviews. That will give future employers a feel for who you are and what you know. Just be cautious, though. Too many people put together blogs that look childish or have far too many grammatical or spelling errors to be taken seriously. If your English skills need some help, consider using Grammarly.

Lastly, branding. Make sure your LinkedIn profile looks good. Get a professional looking photograph and post it. Do not, under any circumstances, post anything on LinkedIn that falls within the three deadly social sins: sex, politics, and religion...unless you happen to be targeting jobs within those three areas. Make sure that the message on your blog matches reality (nothing worse than seeing blog postings that are positive and uplifting then meeting the author who is nothing but negative). If you have a social media presence, make sure that you are not posting about how wasted you got last night...employers do conduct their due-diligence through open source intelligence gathering and you will be eliminated before the first contact from them.

Good luck and keep us posted as to your progress...we are here for you and want you to be successful.

*Iceweasel jacked up the formatting, had to correct it.

Thank you. Ill have to looks into charities. Would you happen to know a good place to start? Im not aware of charities that fix computers or let your troubleshoot their network.
I dont plan to slack off these 3 months. from experience i know just about 75% of the CompTIA A+ so I should be able to knock that one out soon. The network and sec+ will take more time.
I do need to work on my LinkedIn account , and im very good about keeping all my social media private/ non existent.
The blog is a great idea, I will defiantly get one once I have work.

stryder144

Most charities don't necessarily fix computers for people but there should be plenty of charities that could use general purpose IT skills. If there is a charity that you are interested in, contact them and ask if they need any help. If they don't, then ask if they know of any charities that could use some help. Working for a charity, even just occasionally, is something you can put on your resume.

Great places to look: churches, United Way, Boys and Girls Clubs, etc.

hellar

stryder144 wrote: »

Most charities don't necessarily fix computers for people but there should be plenty of charities that could use general purpose IT skills. If there is a charity that you are interested in, contact them and ask if they need any help. If they don't, then ask if they know of any charities that could use some help. Working for a charity, even just occasionally, is something you can put on your resume.

Great places to look: churches, United Way, Boys and Girls Clubs, etc.

Great, thank you.

hellar

Do you think it would be worth looking into going back to school (for around 2 years) to get some type of info sec degree? Do you think any school would accept someone into their program with no experience?