Information Security..begining...

Hi,
Im beginner in the infosec world and planning to learn information security and thinking of learning the following way:
1) Security+
2) CCNA Cyber Ops
3) CEH...
is this right way to start from zero and move to more advanced topics?
what else can be added here?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Pseudonymous

Are you looking to get into Penetration Testing? If no, then CEH probably isn't worth your time. If yes, then I've heard CEH is good for your resume, but still not really worth your time lol.

Personally I think A+, Net+, Sec+ is a good start if you are new to IT. Learning the basics are important. If you're just new to Security, then I think Sec+ into CCNA CyberOps is good.

If you do want a career focused on offensive security and pentesting, then I'd recommend eJPT. I'm going through it now and I like it a lot. It's a lot cheaper then the CEH and you'll probably learn more.

MontagueVandervort

Try this instead:

Network+ - You don't have to take the exam but study and learn all (or at least most) of the information. Without a base in Networking, you'll be ineffective in InfoSec.
Security+ - This is where you'll get your Security basics, definitions, and ideas that will be backed up by what you already learned in Network+.
Undetermined - There are a few different directions you can go here. I wouldn't even plan this far in advance until you have 1, 2, and at least a few years of work experience under your belt to see if this is where you really want to go.

Going into InfoSec is a long-term plan. The reason it's a longterm plan is because nobody (reasonable) hires someone to work in InfoSec who doesn't already have years of experience working in IT (Networking usually). It's something that takes a lot of knowledge and experience to do effectively. InfoSec is not an area you just walk straight into. You have to work you're way in. This is why it's a long-term plan or end-game.

That said , for number three you have several options when the time does come. GSEC, ECSS, SSCP are a few worth mentioning. But who knows if by then you wouldn't have gone the Cisco + experience route. Also, just because you did go the Cisco route (personal recommendation) doesn't mean you still won't want one of those certs. It's too difficult to say at this point in time.

Just be cautious you don't end up making a lot of lateral moves, and you'll be ok. That applies to all of IT but especially for InfoSec since it already takes a while to get there as it is. The last thing you want to do is waste time.

NetworkNewb

Do you currently work in IT? IMO a great way to start learning is by learning how to best protect the things you currently have access to.

UnixGuy

I personally recommend eLearnSecurity eJPT instead of CEH. you will learn a lot, and it's fully practical, which means you will retain most of it. I thought it was a brilliant course even if you don't plan on becoming a penetration tester

if your employer sponsor SANS, then do any SANS course they sponsor (GCIH, GMON, GCFA, GPEN, ..etc) are all great

kosta-k

Thank you all for great responses.
I currently work as tier 2 IT support for 4 year and was promised a promotion to jr.sysadmin so waiting for it

But for past time infosec here started to become popular and want to have al least some knowledge.
Have knowledge of CCNA RS and MCSA 2012/Exchange 2016/Office 365.
So Security+ seems to be a good start and then will see.

kaiju

Get your Sec+and then move on to eJPT or CCNA Cyber Ops. Having a Systems or Networking cert (MCSA/CCNA/LPI/Linux+) will help with environmental knowledge. If you find Sec+ to be not too difficult, move on to Cysa or CASP. CEH is just recruiter bait/resume bling so save your money and concentrate on certs that will actually show your skill set. IS is a rather broad field so you need to decide what you want to do before dedicating time and money to certifications.

lewis2018

Security+ is a great way to start, thats how i started. I had this email from sybex offering some free security+ content. You can probably get to it with some googling. Hopefully it helps get you on your way!