Advice for my Infosec Situation
LosinMahPacketz
Member Posts: 5 ■■□□□□□□□□
Hello all,
Looking for some advice on which direction to go. Some quick background, I have been in Infosec for almost 5 years of my 16 years of work. The other years were straight IT work, going from support to Engineer. Currently my title is Info Security engineer and I am looking to get some certs. Currently the only InfoSec related cert I have is the EC-Council certified Incident Handler. My supervisor recommended the course to help get me out of my IT Engineer mindset and more into an Infosec Engineer mindset. Which it did to an extent but was not really technical. I am looking to do something to really immerse myself in Security but from a technical perspective. I will eventually get the CISSP but I want to do something fun and technical. Any recommendations would be helpful. Also if you need any additional information from me please feel free to ask. My first post here, and I look forward to being a member of this great community.
Looking for some advice on which direction to go. Some quick background, I have been in Infosec for almost 5 years of my 16 years of work. The other years were straight IT work, going from support to Engineer. Currently my title is Info Security engineer and I am looking to get some certs. Currently the only InfoSec related cert I have is the EC-Council certified Incident Handler. My supervisor recommended the course to help get me out of my IT Engineer mindset and more into an Infosec Engineer mindset. Which it did to an extent but was not really technical. I am looking to do something to really immerse myself in Security but from a technical perspective. I will eventually get the CISSP but I want to do something fun and technical. Any recommendations would be helpful. Also if you need any additional information from me please feel free to ask. My first post here, and I look forward to being a member of this great community.
Comments
-
Danielm7 Member Posts: 2,310 ■■■■■■■■□□If they're paying for it look at SANS. It really depends on what you do an a security engineer though for what class would make sense. The title is super generic in the industry so it could map to many different classes.
-
fabostrong Member Posts: 215 ■■■□□□□□□□If they're paying for it look at SANS. It really depends on what you do an a security engineer though for what class would make sense. The title is super generic in the industry so it could map to many different classes.
I second this. If they're paying, go look at the description of courses on the SANS website and see what you think best applies to your job or just what you'd like to do. -
LosinMahPacketz Member Posts: 5 ■■□□□□□□□□Funny you mention SANS. I did try for the SANS training but the cost is a tough sell. So for now, SANS stuff is out unfortunately.
Danielm7 your right the title is very generic, and I apologize for the lack of information. I looked at CEH, CASP, and even Linux+. I know Linux+ is not an infosec cert but I find myself using Linux more and more. -
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□What about the work study for SANS? If you have to travel...the course, hotel, and flight ends up being around $3,000-3,500.
What kind of technologies do you use daily? That could impact the suggestions. -
LosinMahPacketz Member Posts: 5 ■■□□□□□□□□I will look into the workstudy options.
On a daily basis I work with Qualys, and Tenable scanners. Review logs on our SIEM, monitor our AV solution, Web filtering, in process of putting together our Incident response plan, and I am also implementing an IDS solution. So it's a little bit of everything. -
EnderWiggin Member Posts: 551 ■■■■□□□□□□OSCP could be a good choice for you. Tons to learn there, and relatively inexpensive.
-
LosinMahPacketz Member Posts: 5 ■■□□□□□□□□EnderWiggin wrote: »OSCP could be a good choice for you. Tons to learn there, and relatively inexpensive.
Thank you for the suggestion. I did look at the OSCP but feel I may need to familiarize myself more with the tools and Linux in general before attempting it. Is their a pre-req cert that is recommended before attempting the OSCP? I know of E|EH but not aware of any others.
Also I wanted to mention that I am more Blue Team in nature than Red Team but I certainly see merit in understanding the process in which hackers think. Thank you for the suggestion.