Which cert should I get next?

johndabomb44johndabomb44 Member Posts: 32 ■■■□□□□□□□
Hello,


First, thank all of you for your thoughts and help at this site. I made a lot of good choices and got better prepared for certifications.



I want to get into information security, primarily "blue team"/ actually defending the network and incident response.

Right now, I work for the DoD and still waiting on my Secret clearance to come through. I would like y'alls opinion on what cert should I go for next.


I'm leaning towards Linux+ right now as I don't have a strong OS cert and Linux is used for almost everything. The other thing I'm looking into is doing the McAfee HBSS and ACACS training for the DoD. My certs are under my profile name.


If anyone needs more info from me in order to give a better response just let me know.

Comments

  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■□□□□□
    Are you already in infosec? If so, unless your job requires you to have a computing environment certification, you don't need one. What do you mean Linux is used for everything? Are you saying Linux is what you protect at work? If you don't secure Linux at work (and only Linux is what I mean), Windows would be a better choice as you are much more likely to see Windows than Linux.

    Can you get funding for SANS/GIAC? If you can, I would maximize that with GSEC/GCIH/GCIA at minimum. Otherwise HBSS/ACAS are "ok" options, or Cisco security track could be useful.
  • johndabomb44johndabomb44 Member Posts: 32 ■■■□□□□□□□
    "Are you already in infosec?"

    No, I do Desktop Administration.

    "What do you mean Linux is used for everything? Are you saying Linux is what you protect at work?"

    I should clarify: Linux is most used for hacking/pentesting and also "blue team" purposes as well. Also, as you get higher in the DoD foodchain, the more Linux becomes more popular. The idea here is if I can grasp a damn good understanding of Linux in general, I can understand a lot of the tools used by red/blue teams (Kali, Metasploitable, Snort, Bro, Suricata, etc).

    And no, I would be protecting Windows mostly at work, but I might or might not want to work security in the environment I'm in now.



    "Can you get funding for SANS/GIAC? If you can, I would maximize that with GSEC/GCIH/GCIA at minimum."

    I wish. I can only get funding for certs that pertain to my current job....which for desktop support is limited and I sure as hell don't want to stay desktop support for long.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■□□□□□
    Ok that helps knowing that information.

    Knowing Linux is useful but for infosec you don’t really need to be certified in it. Since you are dealing with Windows for work, again get certified in Windows if any OS. You will be applying group policy, STIGs, etc. so it will help you much more. A lot of the tools you mention are going to be used to either analyze network traffic or Windows logs in SIEM tools...Windows is everywhere, unlike Linux where there are specific use cases from a monitoring perspective.

    If you really want Linux+ go for it, but it sounds like you might be able to get some MCSA funding...make sure it’s Server though.
  • ivyvaldivyvald Member Posts: 9 ■□□□□□□□□□
    I agree with what TechGuru said.

    I'm also in DoD, and my advice is that you move to an InfoSec/Cyber role ASAP. Tons of moneys being shuffled around to improve all things cyber.
    Once you're in, you will get SANS funding as part of your employee package (if not, negotiate this in, high probability they will do it).

    You should look at the Cisco Cyber Ops Scholarship program as well: http://www.techexams.net/forums/general-certification/120553-ciscos-10-million-scholarships-cyber.html

    And here's one of my fav homelab references for learning some blue-teaming: https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat.html

    You don't necessarily need a lot of certs to move up/into cyber. What's more important is having the knowledge and skills needed for the job.
    My team lead's only cert is his CISSP (just to keep DoD compliant), but this is the dude that mentored me through my OSCP & OSCE.

    I highly recommend you start a small homelab (if you don't already have one) to hone your skills and put to use what you are learning from the certs.

    Goodluck! icon_thumright.gif
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    CCIE, go big or go home
Sign In or Register to comment.