Path to network security engineer

neo468neo468 Posts: 123Member
Looking for tips from anyone in the network security field. What kind of job experience do I need to lead into a network security engineer role. What are the best certifications to help educate and qualify me for it. Right now I'm a desktop support manager, and assist network engineers in various small tasks. I have a pretty solid grasp of basic network support skills. I'm at a point where I could go into more of a manager role, or into more of a technical role, and would like to know which will be more adventageous to a career in network security. Thanks in advance.
1's and 0's

Comments

  • markzabmarkzab Posts: 619Member
    The Security+ cert would be the way to start I've been told.
    "You, me, or nobody is gonna hit as hard as life. But it ain't how hard you hit; it's about how hard you can get hit, and keep moving forward. How much you can take, and keep moving forward. That's how winning is done!" - Rocky
  • AhriakinAhriakin SupremeNetworkOverlord Posts: 1,800Member ■■■■■■■■□□
    Planning/Managerial: (many paths)->CISSP

    Technical/Implementer: Security+->CCNA->CCSP->CCIE Security, or to a lesser extent MCSE: Security(not mocking the MCSE, but there's a greater level of depth on the engineering side, and a higher level of certification in the CCIE). You can throw in some other vendor security products and maybe ethical hacking/pen testing. But that's a decision you can make later.

    Lots in betweens of course but these are the standout and most common tracks.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • drakhan2002drakhan2002 Posts: 111Member
    Engineering, Architect, Management, Analyst? You have several paths to go down. As someone who has several years of experience in the security field, I can say that no two paths to Information Security are the same.

    For certification sake, if you're serious about getting into the high end of Information Security, get the CISSP. It is simply the yardstick that is currently required to get into the upper echelons of the field. If you're content with being someone in the trenches, doing some of the more day-to-day operational work, then the CISSP is not required. Certifications like the Security+ are sufficient.

    However, I am beginning to see that even the mid-level jobs are now "preferring" a CISSP. This is a trend that will, in time, turn into a "requirement." (Think about how the MCSE went from the ticket into network admin to a help desk requirement, for example). So, the sooner you obtain the CISSP, the better your opportunities will be. You will need experience to back your CISSP, as the CISSP requires 4 years of proven experience before you can be granted the title (if you pass the test without the 4 years of experience, you can become an "Associate.") The 4 year requirement can be brought down a year with a Bachelors degree and another year can be brought down with certain security certifications (like the Security+...see the ISC2 web site for the list). Therefore the most experience you can knock off is 2 years.

    Determine your career path – you said you wanted to be an engineer. To me that is someone who implements security application software and manages the applications on a network. There is a lot of work in the operations space for people who understand firewalls, IDS, etc. You can make a great career in this space, as every organization needs qualified people. This space, to me, is not where the "sexy" is anymore...

    Architects, in my opinion, are the up and coming jobs in the enterprise area. Larger enterprises are looking for highly certified people (i.e., not only security certs, but also vendor specific certs – Cisco, Microsoft, etc.). These IS Architects actually work with the Enterprise Architects to build and design secure networks. The experience requirements here are a little higher and are very specialized...and the money is huge. Security Architects I know are involved with big picture, future state network design, encryption, and threat prevention. Hot, hot, hot!

    Good luck in whatever area you IS you decide to get involved with – we need more quality people in the ranks of information security to protect our networks!

    Specifically: (1) get your Security+, (2) Take any job you can in Information Security (even if it sucks doing user admin or virus scan log checking, etc...), (3) Get two or three years of experience there, (4) Get your CISSP (and continue to get other certs!), (4) You're a security engineer or architect or analyst or whatever you want!
    It's not the moments of pleasure, it's the hours of pursuit...
  • shednikshednik Posts: 2,005Member
    Definatley a good field to get into hoping to get into security once i get this annoyance called a degree(only 7 more months...just impatient). But that definatley sounds like the way to go if you would like to get into security!
Sign In or Register to comment.