Where to go from here?
Rewire
Member Posts: 12 ■□□□□□□□□□
So I've obtained A+, Network+, and Security+ and am interested in a career in Cyber Security or Security Auditing/Consulting. More specifically jobs that are either Remote Work or Site Travel oriented, because my wife and I live in a somewhat remote area and she refuses to move (which is fine for the most part).
I do NOT have a degree in IT (went to college for a different major) and I do NOT have any cyber security work experience. I DO have 7 years going on 8 of work IT experience. I am paying for everything myself.
So what's next? I have been looking at GIAC Security and possibly the CEH, but I am shying away from CEH due to the costs and researching it makes it seem like there's better certs that you can get. I would love to do the CISSP or CISA or CIA, but those seem to have work requirements and the fact that you can't even mention you have them unless you're fully certified makes them seem like a bit of a waste at this point in my career.
Any recommendations? There's so many certs out there and I want to get the most relevant ones for landing a high salary opportunity and forward positioned career.
I do NOT have a degree in IT (went to college for a different major) and I do NOT have any cyber security work experience. I DO have 7 years going on 8 of work IT experience. I am paying for everything myself.
So what's next? I have been looking at GIAC Security and possibly the CEH, but I am shying away from CEH due to the costs and researching it makes it seem like there's better certs that you can get. I would love to do the CISSP or CISA or CIA, but those seem to have work requirements and the fact that you can't even mention you have them unless you're fully certified makes them seem like a bit of a waste at this point in my career.
Any recommendations? There's so many certs out there and I want to get the most relevant ones for landing a high salary opportunity and forward positioned career.
Comments
-
636-555-3226 Member Posts: 975 ■■■■■□□□□□CEH is good for the resume but garbage in terms of take-away real life skills.
CISA is good if you want to be a manager or auditor, but those positions might be tough if you dont have much direct experience. what's CIA? CISSP is good for the resume & overall infosec knowledge (kind of like Security+ on steroids), but your experience (lack of) may disqualify you. SANS certs are very good for hands-on knowledge, but the cost blows if you're out of pocket (other than the tax write-off).
My advice is to start picking up all the free infosec tools you can get your hands on & watching all the youtube vids & reading all the internet articles on how to use them. nessus, splunk, security onion, linux command line (a must have), windows command line (a must have), powershell + powershell scripts, basic python skills (so you can fix tools that don't work after you've downloaded them from github). as a hiring manager for a large global company, i'd much prefer seeing a resume where you can use variants of the tools i already have versus having lots of infosec knowledge but little real-world hands-on experience.
install a linux variant via vmware or hyper-v (I prefer Linux Mint, but Ubuntu with the Cinnamon desktop is useable for novices). use that linux install as your primary OS so you start to live in that world.
i think i've been inspired to write a "start using these free tools" post for infosec wanna-be people. keep an eye out! -
Rewire Member Posts: 12 ■□□□□□□□□□I'll start working on learning more programs, about the most I've worked with is Nessus and nmap. I would love to get some experience with some SIEM programs, but just trials are a bit offputting in terms of actual usability.
I know I need to know at least python and maybe ruby, but god I ABHOR coding. It's what made me avoid a computer science degree in the first place, while I regret it, it was the deciding point. I just absolutely cannot extremely can't stand coding. -
kiki162 Member Posts: 635 ■■■■■□□□□□Right now you have entry level certs, which is great, but in order to move up the ladder, you'll need to invest more into you. On the plus side, you have almost 8 years in IT, and you have exp /w Nessus and nmap. Since GIAC/SANS stuff is super expensive, if you have time, you can look at Work Study options through SANS. Basically, you'll spend a week at a location assisting an instructor and help /w any class issues. I believe the price for that is $1100 not including travel/hotel costs. When compared to almost $6K, that's a great deal.
I would however invest the time into CISSP, or if you are not quite ready for that go for SSCP. Take a look at this book (http://amzn.to/2m2FZYJ), as this was enough for me to pass the exam on the first try. If you go for CISSP, figure with self-study, you could easily get it done in 4-6 months. Like 636 said, also get into kali, splunk, security onion, and heavy into Linux command line. Even if you don't have the real world experience, but do have an understanding of how they work, that will help give you the boost you need. -
infoscrub Users Awaiting Email Confirmation Posts: 14 ■□□□□□□□□□I'll start working on learning more programs, about the most I've worked with is Nessus and nmap. I would love to get some experience with some SIEM programs, but just trials are a bit offputting in terms of actual usability.
You should look into Bro and security onion for open source network security monitoring. These might not be the exact tools you use on a job but you should be able to get the concepts down and do everything. -
ande0255 Banned Posts: 1,178Yeah, to be a successful independent consultant, you will need a work history or portfolio of proven work to make any sort of a living. This to me is done to my knowledge by climbing to the ranks of network admin / network engineer / pre-sales engineer sort of career ladder.
I watched a manager from one of my jobs leave the company to do exactly what you describe with a CISSP and reasonable technical knowledge (and absolutely fantastic interpersonal skills) and he went straight under with his attempt to start independent contract / consulting.
Unless you have a very niche market with either a product or a huge rural type state, you will have to prove your credentials walking into a business interested in security audits (banks, hospitals, credit processors), and get their confidence that you will keep them compliant with whatever regulations they need to meet with privacy / data retention / etc. -
atlus Member Posts: 5 ■□□□□□□□□□I would love to get some experience with some SIEM programs, but just trials are a bit offputting in terms of actual usability.
Check out Splunk. They have a free license that's very capable. I think it caps at 500MB everyday, but for home use that should be plenty. -
DatabaseHead Member Posts: 2,754 ■■■■■■■■■■C|EH is one of the most sought after certifications for almost any security positions, by HR.
Most of the time, C|EH (then CISSP once you gain the experience) is a solid canned approach. Only exception I have found was the Pen Testing field, OSCP and CISSP are neck and neck, with that said C|EH is still requested for those positions.
From a pure numbers perspective the C|EH is a very smart certification to get if you want to get into the security field.