Security question and certs.
triplea
Member Posts: 190 ■■■■□□□□□□
Hi.
I'm looking to move over to a security based role for my next employment as its an area I'm more and more interested in
Currently I do things like user access control,Symantec end point installations and monitoring ,wsus patching, email filtering etc and that sort of thing as well as system admin.
I did the sec+ ages ago and then let that expire as I decided I was happy where I was and just assisting the InfoSec team where needed as they handle things more from a management position. This year I decided I was going to go for the comptia csa+ but the InfoSec manager suggested I do the SSCP instead ( plus there doesn't seem to be much study material yet for the CSA+ ). Whilst its an interesting subject it all seems more of a general overview rather than how to technically set various controls like IPS/IDS's up. Maybe I'm missing the point here? The UTM, Nessus were setup by the previous InfoSec manager ( who was an ex production guy who knows loads to be fair ) So for instance Nessus is me basically running vulnerability scans and ensuring we patch them. Never involved with setting up the VPN access for my site etc.
I will complete this now as I'm over half way through but whats expected of an InfoSec/security role? Hands on? Our current InfoSec team have very little technical knowledge and are not even admins. Not quite sure what I'm expecting? Maybe the overview is literally what you should know not necessarily how its implemented?
Does the CSA+ teach you how to read and understand software like wireshark or again are you expected to know it and its more overview?
All comments welcome please.
Triplea
I'm looking to move over to a security based role for my next employment as its an area I'm more and more interested in
Currently I do things like user access control,Symantec end point installations and monitoring ,wsus patching, email filtering etc and that sort of thing as well as system admin.
I did the sec+ ages ago and then let that expire as I decided I was happy where I was and just assisting the InfoSec team where needed as they handle things more from a management position. This year I decided I was going to go for the comptia csa+ but the InfoSec manager suggested I do the SSCP instead ( plus there doesn't seem to be much study material yet for the CSA+ ). Whilst its an interesting subject it all seems more of a general overview rather than how to technically set various controls like IPS/IDS's up. Maybe I'm missing the point here? The UTM, Nessus were setup by the previous InfoSec manager ( who was an ex production guy who knows loads to be fair ) So for instance Nessus is me basically running vulnerability scans and ensuring we patch them. Never involved with setting up the VPN access for my site etc.
I will complete this now as I'm over half way through but whats expected of an InfoSec/security role? Hands on? Our current InfoSec team have very little technical knowledge and are not even admins. Not quite sure what I'm expecting? Maybe the overview is literally what you should know not necessarily how its implemented?
Does the CSA+ teach you how to read and understand software like wireshark or again are you expected to know it and its more overview?
All comments welcome please.
Triplea
Comments
-
Danielm7 Member Posts: 2,310 ■■■■■■■■□□"Security" is a very wide area, ranging from people writing policy to others reverse engineering code. Check here https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
for some general ideas of different areas and titles. See what interests you the most then go from there. What your company calls a security role might be drastically different from what the next company does. -
ITSec14 Member Posts: 398 ■■■□□□□□□□I guess it all depends on the company...sounds like you currently perform administrative duties in a security function which is a good way to start IMO. Because Security is such a broad area, it's hard to really say EXACTLY what you would be doing.
If I were you, I would be learning everything I could and then figure out what exactly interests you the most. Some folks like the audit side of security, some like policy writing and others like the engineering.
Don't rely on a cert to teach you how to do the job. Certs are merely just to demonstrate an understanding of the concepts. Experience is the only way you will master those concepts. That being said, a combination of experience, certs and higher ed is a great combo to have to ensure your career growth. -
triplea Member Posts: 190 ■■■■□□□□□□Thanks for reply.
I suppose what Im getting at it, apart from ITIL, in all of my exams you learned up to that point via a course/hands on then the exam tested your knowledge. So you learned ‘how to’.
Is there training that expands on what I already do perhaps?
-
kiki162 Member Posts: 635 ■■■■■□□□□□The SSCP exam is easy to get through, and you should have no trouble passing. Infosec covers a wide range and having that key skills set as an admin will certainly help you in the long run. Since you are looking to get some certs and experience to get you into that next job role, you first need to answer yourself what type of role do you really want to get into? Remember you don't want to over extend yourself and think you have to learn all of these different areas to get yourself a job. As an admin myself, I can tell you that a lot of the experience comes from OTJ training or through college. Your not expected to be an expert, but have a basic idea on how some of these things work, and be able to pick it up quickly if needed.
Since you already have vulnerability management experience, you can use that to transition into a vulnerability engineer role where your doing some pentesting work. That type of stuff can work well if you like CTF's and bug bounties. Knowing how to use Wireshark is also essential in this type of role.
Cloud security is another good area to get into that would go well with your admin experience. You can start looking at AWS, Docker, containers, etc. There are also plenty of cloud-based certifications, such as CCSP (ISC2), AWS and more. And yes, there is a Wireshark certification. Start with SSCP first, then if you have enough experience, go for CISSP. -
ITSec14 Member Posts: 398 ■■■□□□□□□□The SSCP exam is easy to get through, and you should have no trouble passing. Infosec covers a wide range and having that key skills set as an admin will certainly help you in the long run. Since you are looking to get some certs and experience to get you into that next job role, you first need to answer yourself what type of role do you really want to get into? Remember you don't want to over extend yourself and think you have to learn all of these different areas to get yourself a job. As an admin myself, I can tell you that a lot of the experience comes from OTJ training or through college. Your not expected to be an expert, but have a basic idea on how some of these things work, and be able to pick it up quickly if needed.
Since you already have vulnerability management experience, you can use that to transition into a vulnerability engineer role where your doing some pentesting work. That type of stuff can work well if you like CTF's and bug bounties. Knowing how to use Wireshark is also essential in this type of role.
Cloud security is another good area to get into that would go well with your admin experience. You can start looking at AWS, Docker, containers, etc. There are also plenty of cloud-based certifications, such as CCSP (ISC2), AWS and more. And yes, there is a Wireshark certification. Start with SSCP first, then if you have enough experience, go for CISSP.
+1 for the cloud stuff. That's a big area for security and lot's of opportunities. -
markulous Member Posts: 2,394 ■■■■■■■■□□I guess it all depends on the company...sounds like you currently perform administrative duties in a security function which is a good way to start IMO. Because Security is such a broad area, it's hard to really say EXACTLY what you would be doing.
If I were you, I would be learning everything I could and then figure out what exactly interests you the most. Some folks like the audit side of security, some like policy writing and others like the engineering.
Don't rely on a cert to teach you how to do the job. Certs are merely just to demonstrate an understanding of the concepts. Experience is the only way you will master those concepts. That being said, a combination of experience, certs and higher ed is a great combo to have to ensure your career growth. -
ITSec14 Member Posts: 398 ■■■□□□□□□□Who the heck likes policy writing? Eww
It's incredibly boring, but you can make $$$$ if you are good at it!