Information Security Certification path

mithuuu85

Hello


I hope you are doing good. I have good experience with security products and routing, switching as well. I am JNCIE-SEC.


i need to go ahead further on security domain , but confused on deciding which course to take ,i have interest on information security on the technical field more than management


I really would appreciate if you could give me your expert inputs what would be the good path to start with.
Really appreciate and thanks


Regards,
Midhun P.K

jamesleecoleman

Well...

What exactly would you like to do or what do you think you would like to do within InfoSec?

CryptoQue

If you're looking to further your security experience and not get into management then the CISSP would be the best overall certification to pursue. It touches on the administrative, technical, and physical aspects of information security without being vendor specific. Since you've already mastered being an expert in one vendor's technology (Juniper) then it makes sense to compliment it with the CISSP.

cyberguypr

Step 1: not posting the same thing a thousand times. Also, you have the same question you posted back in December 2015?

ITSec14

Read about different areas of security and see what interests you. We can't answer that question for you. If you have questions about a specific cert, book, etc., then we can certainly help.

whitehorse2017

I don't know if this is the right forum to post in, but here goes... I'm looking at changing careers in to Information Security. I know I need CISM, CISA and CISSP qualifications to make the chang easier, but is there a best route to follow, i.e. CISM, CISA then CISSP etc.?

Also, although I'm looking for a stratetic or management role, I dont have an IT background, so will these courses be overwhelming for a newbie? Is ComptiA+, Network+ a better place to start?

ITSec14

whitehorse2017 wrote: »

I don't know if this is the right forum to post in, but here goes... I'm looking at changing careers in to Information Security. I know I need CISM, CISA and CISSP qualifications to make the chang easier, but is there a best route to follow, i.e. CISM, CISA then CISSP etc.?

Also, although I'm looking for a stratetic or management role, I dont have an IT background, so will these courses be overwhelming for a newbie? Is ComptiA+, Network+ a better place to start?

What is driving you to get into InfoSec? And please don't say money...

Also, what is your current background?

whitehorse2017

I have a background in law enforcement. As crime is moving more and more online, I feel like we're being left behind. If I could get sufficient training inhouse I would do, but it's so poor I'm looking to do it off of my own back. And if I need to leave, or leave and come back then so be it. Ideally I'd like to be an ethical hacker after what has happened with the latest ransomware attack.

Plus, at 35, I dont have the time to try and muddle my way along, which is why I'm trying to get as many sources of opinion around, to see my best and most streamlined route. I also realise that at 35 there are 16 year olds who can code etc. a million times better, which is why I'm probably aiming towards the management/strategic side.

ITSec14

whitehorse2017 wrote: »

I have a background in law enforcement. As crime is moving more and more online, I feel like we're being left behind. If I could get sufficient training inhouse I would do, but it's so poor I'm looking to do it off of my own back. And if I need to leave, or leave and come back then so be it. Ideally I'd like to be an ethical hacker after what has happened with the latest ransomware attack.

Plus, at 35, I dont have the time to try and muddle my way along, which is why I'm trying to get as many sources of opinion around, to see my best and most streamlined route. I also realise that at 35 there are 16 year olds who can code etc. a million times better, which is why I'm probably aiming towards the management/strategic side.

So you're looking into becoming a penetration tester? I hate to be the bearer of bad news, but that often takes years of technical experience. Of course you could always look into the physical security side of things. I met a guy who helped design the physical security of data centers and he has been wildly successful. Your law enforcement background would be great for that. Another field you could look into that's more technical is forensics, which goes hand in hand with law enforcement. You could always study for and take the CISSP and gain a broad but not so deep knowledge of InfoSec. The only issue would be having the necessary experience in two or more of the domains to actually obtain the credential (you could probably satisfy the physical security domain, but not 100% on that).

If I were you, I would look into the following for sure:

1. Studying for and taking the CISSP. There is lots of non-technical material on that exam which you would probably excel at. The technical stuff isn't TOO bad, but since you don't have experience in that realm it may take a little time to absorb. Also, meeting the 5 year experience requirement in 2 or more domains could be difficult. Check out (ISC)2's site for more details.

2. Since you work in law enforcement, check and see what digital forensics opportunities are out there. These jobs are in huge demand and already being in law enforcement could give you a leg up. There are lots of certs out there as well that can give you understanding of concepts which you can practice at home in a lab environment.

3. If you believe you REALLY want to pursue a pentesting career (ethical hacker), I would probably recommend trying the eJPT cert. It's fairly basic, but gives you a lot of great fundamentals and the labs and exam are all hands on which is excellent for learning. I'm looking to get this cert later this year as well.

It can be difficult to make a jump into the technical realm, especially in InfoSec, but we all started somewhere! It's never too late to pursue this stuff so don't discount yourself based on age.

Best of luck!

mithuuu85

jamesleecoleman wrote: »

Well...

What exactly would you like to do or what do you think you would like to do within InfoSec?

am interested in ethical hacking(CEH & OSCP) , its mainly related to technical , now am having 10 years of experience in network security managing vendor devices,but now am looking for a change, at the age of 32 is it good to divert my career to complete infosec by doing CEH & OSCP or go for CISSP level, Kindly advice

mithuuu85

HI,

Thanks for reply, How about going for CEH & OSCP, its more related to technical compare to CISSP, and am now having 10 years of experience in network security managing vendor devices,but now am looking for a change, at the age of 32 is it good to divert my career to complete infosec by doing CEH & OSCP or go for CISSP level.

mithuuu85

cyberguypr wrote: »

Step 1: not posting the same thing a thousand times. Also, you have the same question you posted back in December 2015?

Hi,

I couldn't do the follow-up on my previous post , I will make sure not to post the same thing again .

mithuuu85

ITSec14 wrote: »

Read about different areas of security and see what interests you. We can't answer that question for you. If you have questions about a specific cert, book, etc., then we can certainly help.

I read about CISSP, CEH & OSCP , am interested in ethical hacking(CEH & OSCP) , and CISSP i feel its more related to management than technical , having 10 years of experience in network security managing vendor devices, at the age of 32 is it good to divert my career to complete infosec by doing CEH & OSCP or go for CISSP level, or any other certificate which is good for my career Kindly advice.

whitehorse2017

Thank you for that, it's very much appreciated

nnethi

Thank you for sharing your views

Sarelpoy

Hey there!
this information can help you,
Offensive Security are the creators of Kali Linux, also have online courses for security certification and penetration testing

If you like to learn from the source it self,
Check out the website
https://www.offensive-security.com

laurieH

Seeing as you've mentioned that you want to do something technical and not management/leadership then the CISSP is probably not best suited to you as it's primarily aimed at the latter.