IT Pro Journey into Security?

I was wondering if this is a good roadmap for someone with an IT background to get into the InfoSec side of things:

https://www.cbtnuggets.com/blog/2017/01/unlocking-your-it-security-career-pathway/

Thoughts? My waryness here is a lot of the vendor-specific stuff early on. Am I wrong in worrying?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Danielm7

It depends, what area of security do you want to get into? It's like saying "I want to get into IT", when that could mean one of 20 different areas. That seems more like a path for network security, but like you said, very network specific. Like for my environment I'd appreciate the Cisco stuff, but you probably wouldn't be configuring the ASAs, and you wouldn't touch PA or Checkpoint gear. Overall, not an great guide.

Read this

https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/

and try to figure out what actually interests you instead of just trying to collect letters, then you can make a path to get there.

Phalanx

Well the way I saw it, the CISSP (the ultimate goal) seems to suit anything from Security Consultant all the way to IT Director and through to the CISO. I guess it's more the getting there, in this case. In security, I'm thinking more along management and consultancy

Phalanx

So this is my current plan:

Long-term, of course, and based on experience as it comes in. I figured having some network experience and understanding would be beneficial (I work as a Technical Consultant right now, so it's more validation).

cyberguypr

I think this is duplicate in some areas and lacks focus. What is the end goal? Where do you want to get? That may help refine and narrow down the list.

Phalanx

So out of all the areas, my main interest seems to have settled on Intrusion Detection & Monitoring. The idea of "countering" the attacker and figuring out how it happens/happened.

soccarplayer29

I'd probably drop MTA: Security fundamentals, CCNA: Security, and SSCP. And I'd consider adding CSA+ and maybe GCIH.

You could probably simplify it even further: Net+ -> Sec+ -> CEH -> CSA+ -> CASP/CISSP

Phalanx

Very helpful, thank you. I've taken out CCNA: Security and SSCP, and added CSA+ and GCIH. I assume GCIH comes after CSA+?

I've decided to keep the MTA, as I'm keen to make sure my bottom foundational levels are solid, so the more I validate there, the better I'll feel moving forward.

NetworkNewb

Phalanx wrote: »

I assume GCIH comes after CSA+?

Doesn't really matter, they are fairly close in terms of knowledge. I would even question the need for both. GCIH is probably more well known, of course it costs a lot more though. The only reason I would ever get both is if you were having trouble getting a position you wanted and wanted to pad the resume.

Phalanx

Ah, interesting. OK, so perhaps focus on CSA+ unless I really need GCIH?

NetworkNewb

Yep, that is what I would do, unless a company is paying for you to take the course for the GCIH.

Phalanx

That's perfect, thank you. Finally after a few weeks, I've got a plan in my head.

Thank you.