Best entry certification track for Security?

monorion

Hello All,
I am looking to get more into security and wanted to get some opinions on how to start. I've been in IT for about 7 years and currently hold Net+ and CCNA:R/S...What are my best options? should i go for Sec+ or go for CCNA: Security? I am more interested in configuring firewalls and monitoring the network for threats as my goal is to be a network engineer and i def want to get some knowledge in security as it's becoming more sensitive now a days.

Thanks for the info everyone!!

JDMurray

Will you be trying for a security position in your present place of work or will you be looking elsewhere? Being an "insider" where you work is a great advantage in being able to customize a career development path at your employer.

monorion

JDMurray said:

Will you be trying for a security position in your present place of work or will you be looking elsewhere? Being an "insider" where you work is a great advantage in being able to customize a career development path at your employer.

Not really looking to jump ship soon and I don't think my current company has a need for it. Just looking into it now to better myself and boost the resume for when the time comes.

monorion

Cciedumpspoto said:

There are many good certification available in the field of Security. Among them, one of the best one would be the CISSP certification, but it is not an easy task to gain. If you are looking forward to gain it, I would advice you to join the **** CCIE Club, for better results.

Not sure if CISSP is what i want yet, I kinda did some research and I don't have the credentials to become certified (no college degree and I don't meet their criteria) so I think i would have to go for the associate level? and i'm not sure if it's worth it yet as i don't have a job in the security field. I do have sys admin experience but i don't think that meets their criteria. 

paul78

monorion said:

Cciedumpspoto said:

....

Not sure if CISSP is what i want yet, I kinda did some research and I don't have the credentials to become certified (no college degree and I don't meet their criteria) so I think i would have to go for the associate level? and i'm not sure if it's worth it yet as i don't have a job in the security field. I do have sys admin experience but i don't think that meets their criteria. 

@monorion - ignore that advice. The poster is advocating that you get your certification using dubiously obtained copyrighted materials. It's the wrong way to get a certification.

JDMurray

If you have the verifiable professional work experience to get the full CISSP certification then go for the CISSP. It's the best-bang-for-your-buck in security certifications, and it has a lot of useful information to learn as well.

MalwareMike

I don't know if I missed it but whats your current title/duties? Is there any way you can assist or take on any security duties in your current role? The CISSP will definitely look nice on your resume but I will also suggest trying to assists with any security tasks(**if possible**). 

monorion

@MalwareMike my current duties don't have anytihng to do with security, I am just trying to get ahead of the game and learn a thing or 2 when it comes to securing networks. my overall goal is to be a network engineer and I think it will be a good skill to have.

LonerVamp

If you plan to stay where you are or go elsewhere and work on Cisco equipment, then by all means CCNA: Security is a good way to go. Just be aware that you're learning the Cisco world and products. Those skills can translate elsewhere, but you'll have to relearn plenty of things for other tools.

With 7 years in IT, I honestly think you should be able to look into the CISSP. If that seems daunting, you can to Security+ first, as there will be plenty of material overlap, and then CISSP later. The benefit of getting one of those is it shows you want security work, and not just netadmin work. I don't think they have a degree requirement, I think that just helps shave down the experience requirement, right? And in your years of IT, I'm sure you worked on security technologies and concepts like accounts, passwords, permissions, encryption, firewalls, access controls, VLANs...

MalwareMike

@monorion but what are you current duties?

monorion

@MalwareMike So I am an associate systems admin, basic duties are end-user support, email management, built some linux and windows servers, create GPOs, mange DFS and windows share permissions, but that's as much as it get's. only "security" related task is managing end-point security using symantec and i guess folder/share permissions. 

JDMurray

So you want to get away from the system security stuff and go into either designing/implementing secure networks (NetOps/NetEng) or monitoring networks for security issues (SecOps)?

yoba222

So who at your company is hardening those Linux and Windows servers when you build them? If nobody, I'd say that your company does indeed have a need to fill a security void. If you want to become a security person, be a security person. You could start by downloading CIS benchmarks (they're free) and carefully working through hardening some servers in your downtime. It's time consuming, but you learn a ton in doing it.

Ertaz

Here's a pretty good blog to follow, lots of good suggestions in here:

https://danielmiessler.com/blog/build-successful-infosec-career/