Advices needed
tehcy84
Member Posts: 2 ■□□□□□□□□□
Hi everyone,
I'm a BSc Software Engineering graduate (2006) and currently working as a software engineer/developer. However I don't feel like going to work as software engineer/developer for rest of my life...I'm start getting bored of it. Actually my main interest is computer security. I have a good knowledge of reverse engineering software protection (debugging, analyzing, and breaking), I wonder is there any certification for this kind of knowledge? I read a lot of post it's seem likes the CISSP is a very good choice of certification and it's quite challenging to sit for the exam. Any advices will be welcome for example which certifications should I get first and what I'm going to do next.
Thanks in advance.
I'm a BSc Software Engineering graduate (2006) and currently working as a software engineer/developer. However I don't feel like going to work as software engineer/developer for rest of my life...I'm start getting bored of it. Actually my main interest is computer security. I have a good knowledge of reverse engineering software protection (debugging, analyzing, and breaking), I wonder is there any certification for this kind of knowledge? I read a lot of post it's seem likes the CISSP is a very good choice of certification and it's quite challenging to sit for the exam. Any advices will be welcome for example which certifications should I get first and what I'm going to do next.
Thanks in advance.
Comments
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
I'd definitely hit-up the Security+ first. It'll give you a good foundation and get you more familiar with the various aspects of computer security. It will also count as an elective for other certifications, such as the MCSA/MCSE +Security.
www.syngress.com has a great Security+ book, and you can download the PDF version for $9. If nothing else, I'd at least grab that and go through it even if you want to skip out on the actual cert.
The CISSP requires a decent amount of work experience, so you might need to plan for that one for awhile: https://www.isc2.org/cgi-bin/content.cgi?category=1187
I don't know if anyone offers a software cracking cert
-
BeaverC32
Member Posts: 670 ■■■□□□□□□□
Maybe the C|EH (Certified Ethical Hacker) certification might fit the bill? I'm not very familiar with the topics covered in this certification, so maybe someone can enlighten us
MCSE 2003, MCSA 2003, LPIC-1, MCP, MCTS: Vista Config, MCTS: SQL Server 2005, CCNA, A+, Network+, Server+, Security+, Linux+, BSCS (Information Systems) -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
Here's the course outline for the CEH course they offer: http://www.eccouncil.org/Course-Outline/Ethical%20Hacking%20and%20Countermeasures%20Course.htm
There's been some debate as to the legitimacy of the cert:
#3 Google result for "ceh certification": http://blogs.ittoolbox.com/security/investigator/archives/run-away-from-the-ceh-certification-9639
Similar Tech Exams Posting: http://techexams.net/forums/viewtopic.php?t=14444
Regardless, it certainly does looks like a fun cert. -
Kasor
Member Posts: 934 ■■■■□□□□□□
If you are Software Engineer, then it is very easy for you to break into the Security world. It is all about 0 and 1. Try to get a job that related with software secruity, then worked your way up to CISSP, GIAC...Kill All Suffer T "o" ReBorn -
drakhan2002
Member Posts: 111
Get your CISSP. However, make sure you have the experience requirement - which is 4 years of direct Information Security experience. You can take this down to 3 years with a Bachelors in a Computer-related field. Also, they accept a number of certifications (such as the Security+) as another year off the direct Information Security experience. So the best you can knock off is 2 years of experience.
The CISSP is certainly not a hard exam, in my opinion. I didn't find it hard at all. The CISSP just covers a lot of information. Probably more than any exam I've ever sat for.
What gets most people is the direct IS experience - you have to prove your experience (through a resume) and get a CISSP (or company officer if no CISSP will sign) to sign your endorsement. Most people who want to get into the IS-area are not willing to spend the time doing "administrative" duties - but that is a good avenue.
One thing you might want to consider is to get to work in programming for a couple of years in the security arena...they need application developers too. Once you get the requist experience, then hop over to a true IS function.
Good luck on your quest!It's not the moments of pleasure, it's the hours of pursuit... -
tehcy84
Member Posts: 2 ■□□□□□□□□□
Hi thanks for all the replies,
@dynamik
Seem likes Security+ is the first certification I should get as it's recommended by others. What a shame there is no software protection related certification
@BeaverC32
I came a across this certification on a news from my country(I'm working in UK now but I'm from Malaysia), it's seem like the government body is encourage ppl to take this certification. This definately will be one that I will get.
@Kasor
Yeah I'm a software engineer, actually my job is related to (some how) software security as I need to implement our own registration scheme.
@drakhan2002
Actually I'm thinking to work at least 2-3 years as software engineer/developer then only switching to other security job, so that's the reason I started this post. Just wanted to get myself prepared for what I'm going to do after 3 years time.
