What Cyber security certification begin to study?
carlostg
Registered Users Posts: 2 ■■■□□□□□□□
Hello everyone,
I started my career in Cyber security as a Cyber Security Analyst since december 2016 I'd like having a cyber security cetfication but I don't know what to choose.
My background experience is working with voice and networking the last 12 years as a network administrator and It is the computer sciences that I like more.
When I was working in networking I have clear that I want to get Cisco CCNA certification but in cyber security I don't know what to study, I am lost. There are a lost products, a lot of certs.......
Nowadays, I am Cyber Security Analyst working with RSA Via Lifecycle and Governance and IBM QRadar but I'd would more having knowledge on networks defense or something like that because networking is what I like more.
Also, I don't want to change my residence from Spain.
Could anybody help me?.
I started my career in Cyber security as a Cyber Security Analyst since december 2016 I'd like having a cyber security cetfication but I don't know what to choose.
My background experience is working with voice and networking the last 12 years as a network administrator and It is the computer sciences that I like more.
When I was working in networking I have clear that I want to get Cisco CCNA certification but in cyber security I don't know what to study, I am lost. There are a lost products, a lot of certs.......
Nowadays, I am Cyber Security Analyst working with RSA Via Lifecycle and Governance and IBM QRadar but I'd would more having knowledge on networks defense or something like that because networking is what I like more.
Also, I don't want to change my residence from Spain.
Could anybody help me?.
Comments
-
asurania Member Posts: 145Depends on what in security you want to do.
Personally I would say just go for the gold, and get the OSCP.
It is hard, and will take you longer, but will be worth it -
Hornswoggler Member Posts: 63 ■■□□□□□□□□Will they pay for it? If so, go get some SANS certs.
If money is no object, SANS is the BEST!!!
Security is a HUGE field and lots to it. It's not just pentesting and hacking. See the SANS training roadmap in the link below for a few example paths:
https://www.sans.org/media/security-training/roadmap.php
If SANS is not in the budget, I recommend getting some well rounded foundational certs like Security+ or CISSP. You can be an Associate of ISC2 until you have the 5+ years of security experience. Get the security basics down and you can speak the language with other security geeks.
Core skills like CCNA are still very, very useful. Knowing Windows, Linux, ITSM/ITIL, and business skills are good. The best starting point will depend on where you want to be in 5 years.2018: Linux+, eWPT/GWAPT -
TechGromit Member Posts: 2,156 ■■■■■■■■■□The obvious answer is get your Security+ first. Once you get a foundation, you can decide what area of cyber security you want to specialize in. If money is no object, then Sans 401 / GSEC is a great place to start. I wouldn't get into OSCP or CISSP just stating out, you need to learn which direction up is before you start to fly.Still searching for the corner in a round room.
-
carlostg Registered Users Posts: 2 ■■■□□□□□□□Hello,
I am already CCNA.
I will pay the exam for myself, so I discard studying a SANS and the OSCP certs.
I am thinking to self study an isc2 cert or the Comptia CSA+. Any advices for the this self study in order to get the cert?.
Like a told before, I do not what will be my position in cyber security world the next years, I am beggining.
Like I told before what I like more is secure networks. WiFi nets, secure routing and switching, firewalling, etc...
Thank you for your answers. -
NavyMooseCCNA Member Posts: 544 ■■■■□□□□□□For Security+, you can't go wrong with Darril Gibson's book and premium content on his website. Please note, there is a new Security+ exam coming out soon so be careful which version you buy books for and which one you register for.
'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil
-
burfect Member Posts: 128TechGromit wrote: »The obvious answer is get your Security+ first. Once you get a foundation, you can decide what area of cyber security you want to specialize in. If money is no object, then Sans 401 / GSEC is a great place to start. I wouldn't get into OSCP or CISSP just stating out, you need to learn which direction up is before you start to fly.
Would someone mind elaborating on the "different areas." I hear this come up a lot that you should decide what you want to specialize in, but what exactly does that mean? Can anyone point me in the direction of some reading etc. regarding the different areas one might specialize in?
For example, would "Cloud Security" be an area of specialization, or does that just refer to a very broad subject? -
Hornswoggler Member Posts: 63 ■■□□□□□□□□Would someone mind elaborating on the "different areas." I hear this come up a lot that you should decide what you want to specialize in, but what exactly does that mean? Can anyone point me in the direction of some reading etc. regarding the different areas one might specialize in?
For example, would "Cloud Security" be an area of specialization, or does that just refer to a very broad subject?
You can see the SANS roadmap link that I posted earlier in this thread.2018: Linux+, eWPT/GWAPT -
cyberguypr Mod Posts: 6,928 Mod
-
TechGromit Member Posts: 2,156 ■■■■■■■■■□Would someone mind elaborating on the "different areas." I hear this come up a lot that you should decide what you want to specialize in, but what exactly does that mean?
Pentesting - This is where you become any expert breaking into other computer networks. You might work for a company or a company may hire you or your firms to validate there networks are secure. This can be exciting at times, and very frustrating when coming up against a well secured network.
Network Monitoring - you work in a companies Security Operations Center (SOC), where you monitoring network dashboards, firewalls, reviewing logs, you trying to see if anyone hacked your network and if detected, take actions to slow or stop an attack. This can be boring as a security guard or soldier job waiting for a criminal or enemy to attack. It's hours of boredom and minutes of stress when an attack happens / detected.
Incident Response - This can be a pretty broad field in itself. You the guy they call when an attack is detected, you trace down the vulnerability to see how they got in and what needs to be done to correct the problem so it doesn't happen again.
Reverse Malware engineer - You analyze malware detected, try to figure out what it does and develop signatures that you can give to the firewall / IDP team to block/ detect the virus in your network.
Computer forensics - See what damage malware did to a computer so you can recover your data and secure the system so it doesn't happen again.
Cyber Security Admin - This can include a wide array of hats, anything from compliance, writing procures, policy, running vulnerability scans, etc.
Server Admin - This is the guy that will be locking down the servers to ensure they are secured against outside attacks.
Firewall/IDS/IPS admin - This is the guy that is in charge of writing rules and monitoring logs to ensure the rules they write have the intended effect.
There's more, but this is what I came up with off the top of my head.Still searching for the corner in a round room.