Information Security..begining...

kosta-kkosta-k Member Posts: 29 ■■□□□□□□□□
Im beginner in the infosec world and planning to learn information security and thinking of learning the following way:
1) Security+
2) CCNA Cyber Ops 
3) CEH...
is this right way to start from zero and move to more advanced topics?
what else can be added here?


  • PseudonymousPseudonymous Ninja Member Posts: 78 ■■■□□□□□□□
    Are you looking to get into Penetration Testing? If no, then CEH probably isn't worth your time. If yes, then I've heard CEH is good for your resume, but still not really worth your time lol.

    Personally I think A+, Net+, Sec+ is a good start if you are new to IT. Learning the basics are important. If you're just new to Security, then I think Sec+ into CCNA CyberOps is good.

    If you do want a career focused on offensive security and pentesting, then I'd recommend eJPT. I'm going through it now and I like it a lot. It's a lot cheaper then the CEH and you'll probably learn more.
    Certifications: A+, N+, S+, CCNA: CyberOps, eJPT, ITIL, etc.
  • MontagueVandervortMontagueVandervort Senior Member Member Posts: 399 ■■■■■□□□□□
    Try this instead:
    1. Network+ - You don't have to take the exam but study and learn all (or at least most) of the information. Without a base in Networking, you'll be ineffective in InfoSec.
    2. Security+ - This is where you'll get your Security basics, definitions, and ideas that will be backed up by what you already learned in Network+.
    3. Undetermined - There are a few different directions you can go here. I wouldn't even plan this far in advance until you have 1, 2, and at least a few years of work experience under your belt to see if this is where you really want to go.

    Going into InfoSec is a long-term plan. The reason it's a longterm plan is because nobody (reasonable) hires someone to work in InfoSec who doesn't already have years of experience working in IT (Networking usually). It's something that takes a lot of knowledge and experience to do effectively. InfoSec is not an area you just walk straight into. You have to work you're way in. This is why it's a long-term plan or end-game.

    That said , for number three you have several options when the time does come. GSEC, ECSS, SSCP are a few worth mentioning. But who knows if by then you wouldn't have gone the Cisco + experience route. Also, just because you did go the Cisco route (personal recommendation) doesn't mean you still won't want one of those certs. It's too difficult to say at this point in time.

    Just be cautious you don't end up making a lot of lateral moves, and you'll be ok. That applies to all of IT but especially for InfoSec since it already takes a while to get there as it is. The last thing you want to do is waste time.

  • NetworkNewbNetworkNewb Member Posts: 3,294 ■■■■■■■■■□
    Do you currently work in IT?  IMO a great way to start learning is by learning how to best protect the things you currently have access to.   
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,101 Mod
    I personally recommend eLearnSecurity eJPT instead of CEH. you will learn a lot, and it's fully practical, which means you will retain most of it. I thought it was a brilliant course even if you don't plan on becoming a penetration tester

    if your employer sponsor SANS, then do any SANS course they sponsor (GCIH, GMON, GCFA, GPEN, ..etc) are all great
    Goal: MBA, Jan 2021
  • kosta-kkosta-k Member Posts: 29 ■■□□□□□□□□
    edited December 2018
    Thank you all for great responses.
    I currently work as tier 2 IT support for 4 year and was promised a promotion to jr.sysadmin so waiting for it :smile: But for past time infosec here started to become popular and want to have al least some knowledge.
    Have knowledge of CCNA RS and MCSA 2012/Exchange 2016/Office 365.
    So Security+ seems to be a good start and then will see.
  • kaijukaiju Member Posts: 405 ■■■■■■□□□□
    Get your Sec+and then move on to eJPT or CCNA Cyber Ops. Having a Systems or Networking cert (MCSA/CCNA/LPI/Linux+) will help with environmental knowledge.  If you find Sec+ to be not too difficult, move on to Cysa or CASP. CEH is just recruiter bait/resume bling so save your money and concentrate on certs that will actually show your skill set. IS is a rather broad field so you need to decide what you want to do before dedicating time and money to certifications. 
    Work smarter NOT harder! Semper Gumby!
  • lewis2018lewis2018 CCNA R&S, CCNA Sec, MSCA 2016, ITIL-F, PenTest+, Security+, LPIC-1, Linux+, OSCP Member Posts: 26 ■■■□□□□□□□

    Security+ is a great way to start, thats how i started. I had this email from sybex offering some free security+ content. You can probably get to it with some googling. Hopefully it helps get you on your way!

Sign In or Register to comment.