After security+ what is the next step up?

Matt_SmiMatt_Smi Posts: 111Member ■■■□□□□□□□
From what I understand Sec+ is considered to be an entry level security exam, although it is still difficult. But once one has obtained it what would be the next logical sec exam to take? Would it be CEH?

Comments

  • keatronkeatron Posts: 1,208Member ■■■■■■□□□□
    It would in part depend on where you want to end up. I would suggest either gaining some level of expertise in an OS area first, whether it be Linux, Unix, Windows or whatever OS you currently have experience in. For example maybe MCSA:Security to start with, then look at C|EH. The fact of the matter is, to truely be effective when it comes to penetrating a system, intimate knowledge of that particular system is key. I started with Linux security, so jumping to Windows security was a smooth transition. Do the same with networking. For example, gain some experience/knowledge with Cisco routers and firewalls. Then either obtain respective certs in that area, or at the least, aquire the knowledge required for those respective certs. Examples would be the Cisco Pix/ASA specialist stuff.

    Bottom line, trying to understand the security of any OS or device without first understanding the workings of that OS or device puts you at a severe disadvantage and even makes you as the attacker/pentester/security professional vulnearable. Imagine trying to do a physical security recommendation for convention center without seeing and understanding a blue print of the place and knowing where all the doors are. And to top it off, you have no idea how human traffic flows in, out, and through the place. I've seen a many pentests fail horribly simply because the tester lacked sufficient knowledge concerning the particular system he/she was trying to attack.

    Also you really need to decide if you're going to be a generalist, or a specialist. I'm seeing the IT security industry do like the medical field and branch off in to areas of speciality. IDS/IPS, Peremiter Security, Windows Security, Application Security (databases, OS's, web app, etc), Firewalls, or Forensics, just to name a few. Here's a couple of recommendations I have.

    1. MCP (270 or MCDST)

    2. MCSA (Security+ as one of your electives)

    3. MCSA:Security

    4. MCSA:Messaging (Messaging security is a concern)

    5. MCSE (understanding the processes and considerations engineers go through when designing an infrastructure and AD environment has proven to be valuable to me more than once, while conducting pentests.)

    6. CWNA - If you're going to be taken seriously, you need to know something about wireless (other than how to setup the linksys you bought from Bestbuy)

    7. SSCP (If you meet the experience requirements by this time)

    8. CISSP (If you meet the experience requirements by this time)

    9. C|EH (C|EH fits nicely as an add on to CISSP as in getting more specialized. People forget that CISSP is a very generalized cert. By now you will have started to either conduct, participate in or oversee pen tests) The management slant of the CISSP will equip you for always seeing the big picture in theses tests and assesments, while the C|EH knowledge will prove helpful in laying out a tactical pentesting methodology for your team.

    10. CWSP - Again wireless, wireless, wireless.

    11. CHFI- Forensics is rapidly growing, and you as a pentesting professional need to know what the forensics teams will be looking for. This does wonders in helping you "cover your tracks"

    Now keep in mind, this order DOES NOT reflect cert popularity or respect. If you have acces and/or experience with Cisco gear, you can stop right at number 5 and head off into the wild red yonder of the CCSP (and you'll certaily need to be on the Cisco forums with Mikej, darby, kenny and the rest of the experts there)

    My question to you would be what about security interests you and what about it makes you feel you'd be successful in this field?

    Just a hint to all job seekers out there, this is one of my favorite interview questions. icon_wink.gif
  • SlowhandSlowhand Questionably Benevolent Bay Area, CaliforniaPosts: 5,163Mod Mod
    I definately agree with keatron on this one, go and get up to speed on the types of systems you want to work with. (Well, when dealing with security, there's really no such thing as too much knowledge, so getting up to speed on a lot of things, not just what you want to do, might be a good idea.)

    I think the advice I got about where to go once I'm in my post-CCNA era says it best: "Go for CCNP before you do the CCSP. I know you want to do security, but you gotta know the network before you harden, or someone else will know it better than you.) I think it was good advice for me, and I'd say it's not a bad idea for anyone who wants to be a security professional. MCSE, CCNA/CCNP, LPIC, RHCE. . . all good things, especially if you're looking to secure those same types of networks/systems.

    Free Microsoft Training: Microsoft Virtual Academy
    Free PowerShell Resources: Top 50 PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • veritas_libertasveritas_libertas Audentis Fortuna Iuvat Greenville, SC USAPosts: 5,733Member ■■■■■■■■■■
    Just looking over this thread again and decided I would bump it since we keep getting so many question about what to do after the Security+.

    Thanks again Keatron...

    **bump**
    Currently working on: Linux and Python
  • impelseimpelse Posts: 1,227Member ■■■■□□□□□□
    Good post Keatron, there is not short way.
    Blog: learn-security.net

    Computer Support Houston Area: thehost1.com
  • dynamikdynamik Posts: 12,314Banned
    Related post: http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html#post205636

    One of the first things I did after joining TE was reading every one of Keatron's posts. Seriously.
  • Super99Super99 Posts: 274Member
    Then I'd say look into MCSE or maybe the Cisco certs?
  • veritas_libertasveritas_libertas Audentis Fortuna Iuvat Greenville, SC USAPosts: 5,733Member ■■■■■■■■■■
    dynamik wrote: »
    One of the first things I did after joining TE was reading every one of Keatron's posts. Seriously.

    Same here! I time to time (like today) go through and read his posts to keep my education plans sensible.
    Currently working on: Linux and Python
  • twodogs62twodogs62 Posts: 393Member
    I'd think it would be depend on what you want to do and want to specialize.

    Maybe more advanced security certs?
    SSCP
    CISSP
    GSEC
    CEH

    Maybe other certs to round out your knowledge:
    Microsoft
    Linux
    CCNA

    I'm kinda looking more at specializing at Linux so,
    LPI
    SANS - Linux security
    Novell's Linux certifications
    Red Hat

    Also specializing in Identity Management and Directory services.
  • Paul BozPaul Boz Posts: 2,621Member
    You will not get very far into IT if you don't have a traditional skillset to supplement the security knowledge. You have to know how to build something before you can secure it. If you're a host/server guy start on some entry-level Microsoft certifications. If you lean towards networking, start on the Cisco track. You'll need a certain level of experience for many of the higher-level security certs so you really need to get these foundation skills to be able to get that experience.

    For some perspective, I started in IT focused 100% on networking and Cisco technologies. I was able to leverage this knowledge to get into employment positions which allow me to have an impact with security. If you don't have any experience in traditional IT what can you really do with security? You can't be any good at penetration testing if you don't know about servers and the networks they're connected to. You can't audit an IT environment if you don't know anything about how IT environments are supposed to be set up.

    After being in security for a while now I've come to realize something: If you don't have the experience or knowledge to back up security training, you don't really know anything. There are two types of security practitioners out there: Those that live in the real world and make impactful statements, and those that live in the fantasy world of text books.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • GAngelGAngel Posts: 708Member
    PHD = Piled higher and Deeper (after BS = Bull..., MS = More of the Same...)

    Oh and security sucks donkey balls most days. I was promised glamour and prestige I got reports and lectures.
Sign In or Register to comment.