Security certification - where to start?

Lamini

been looking for an analogy of that, thanks.

coming from someone getting his cans...

kimanyd

Lamini wrote: »

coming from someone getting his cans...

Wow, I wouldn't have guessed that you'd have so much in common with a 12-year-old girl...

codeace

keatron wrote: »

I would say probably Sec+ (even if you do it self study).
Then MCSA:Sec
Then CEH
Then SSCP
At this point I'd suggest getting some Cisco in there. And you must start with CCNA, Then work the CCSP route (will not be easy, but worth it).

By this time you should be very ready to start preparing for the CISSP.

Would having Sec+, MCSA: Sec, CEH, SSCP, CCNA help me get a call for an entry level IT security position with a masters degree and without any experience?

dynamik

It's difficult to hop directly to a security position. You'd probably be better off trying to get into a systems/networking administration position and working your way up from there.

GAngel

codeace wrote: »

Would having Sec+, MCSA: Sec, CEH, SSCP, CCNA help me get a call for an entry level IT security position with a masters degree and without any experience?

You usually won't even get a call without front line x amount of experience. Entry level security is essentially senior admin work. In essence you'd be getting these certs over the course of years as you move through your career. It's what i look for when hiring because so many people just cram pass the test and forget.

codeace

Now I understand why experience matters in security!! So would these certifications help me get into an admin job over an year? If not what do you expect out of a no-experience sys/network admin applicant? Though it might depend on your requirement, i'm just trying to get an idea from employers perspective.

DoctorDoku

I signed up just to thank keatron for cutting to the chase and giving the noobs and semi-noobs out there a giant heap of useful info condensed into one small list and a few paragraphs after (the great coke can analogy.) I've been spreading myself out over several areas of IT (security, networking, web design, programming) while living in D.C. and one thing I've noticed is that people here tend to be annoying when you ask them even basic questions about certs and such. I understand worrying about competition from other pros and not wanting to talk shop when you're out having drinks or whatever, but I mean people here NEVER want to help in any way, shape or form. I've seriously had guys get angry when I asked what their cert acronym stood for.

So thanks for not being selfish and not talking down to the new folks. Maybe it's just this area, but those are traits more people in the IT field should have.

dynamik

That's ridiculous. The people who are afraid to share knowledge are the people who are afraid to learn and adapt and are clinging on to whatever menial jobs they have. I'm going to definitely try to hit up Shmoocon this year, so try and make it out. I'm more than willing to share knowledge in exchange for alcohol

the_Grinch

Going to be out front with the "Will hack 4 booze" sign dynamik?

APA

Just my 2c.... to say that this thread has fantastic info\direction in it.

Makes me realise why I stick around this forum.... not matter how much work tries to keep me away from it!

earweed

================================================== =======

CompTIA: A+ & Network+

Microsoft: MCP, MCDST, MCITP:EST, MCTS:Vista, MCSA 2003

Cisco: CCNA, CCNA:Security, Cisco Info Security Specialist, CCNP & CCIP

Juniper: JNCIA:Junos

================================================== =======

Nice six pack you got. No Sec+,lol

subl1m1nal

KABOOM! Keatron just dropped a bomb!!

Seriously. Very sound advice. I'll be taking this path approach once I get Server 2008 EA certified.

TechStriker

DoctorDoku wrote: »

I signed up just to thank keatron for cutting to the chase and giving the noobs and semi-noobs out there a giant heap of useful info condensed into one small list and a few paragraphs after (the great coke can analogy.) I've been spreading myself out over several areas of IT (security, networking, web design, programming) while living in D.C. and one thing I've noticed is that people here tend to be annoying when you ask them even basic questions about certs and such. I understand worrying about competition from other pros and not wanting to talk shop when you're out having drinks or whatever, but I mean people here NEVER want to help in any way, shape or form. I've seriously had guys get angry when I asked what their cert acronym stood for.

So thanks for not being selfish and not talking down to the new folks. Maybe it's just this area, but those are traits more people in the IT field should have.

Not surprising it is very powerful, I read this gazillion times for past 2 years!

518

The six-can analogy is pretty awesome

Registered to learn more about Security certs, and debating between GIAC 301 or 401.

DoD 8570, 301 satisfies IAM Level I. Whereas, 401 is IAT Level II. I thought it was the other way around.

dynamik

401 is pretty basic in its own right. I think you'd be disappointed with 301 if you're at all into security; I'd recommend that course to my mom.

Does 501 fit in there anywhere? That's the Advanced Security Essentials course, and it would probably be the most interesting of the three.

518

dynamik wrote: »

401 is pretty basic in its own right. I think you'd be disappointed with 301 if you're at all into security; I'd recommend that course to my mom.

Does 501 fit in there anywhere? That's the Advanced Security Essentials course, and it would probably be the most interesting of the three.

Thanks, dynamik. I'd like to ensure that the bootcamp/certification doesnt go way over my head. Hence, I'm debating between 301 and 401. Although I've been to Keesler AFB for my 2E2X1 AFSC, I'm still a fetus in the field of Security, so I have not considered the 501..lol.

I would like to take a bootcamp where I can learn as much on technical aspect. C&A using ODAA, Gold Disk, and CHAP8 isnt really that much of a help on progressing my security knowledge.

Regards,
518

sharkezo

exactly the answer i was looking for , thank you keatron

fredlwal

I'm glad Keatron posted that info which helps me down the security path.

Sponx

Wow, thank keatron. Awesome information.

rampage

Hi everyone
Thank you all especially keatron for this great information.Your suggestions are very useful.but i have a question:Are these security certificates useful for becoming a top-class hacker? if not what do you suggest for that?

ChooseLife

rampage wrote: »

Are these security certificates useful for becoming a top-class hacker?

rampage wrote: »

if not what do you suggest for that?

Learning how computers, networks, and systems work - reading and practicing, reading, learning, practicing... Architecture of different OSes, programming in multiple languages, hardware, networking, TCP/IP protocols, RFCs, databases, SQL, RDBMS. Reading, practicing, thinking, learning... Do it for some 5-10 years and you will be well set on the path to becoming what you aspire to be

rampage

Thabks a lot
Can you explain more,please?In which order i should study,how to practice....

ChooseLife

rampage wrote: »

Thabks a lot
Can you explain more,please?In which order i should study,how to practice....

Mastering CS/IS takes multiple iterations, and a particular order is not important, though having general CS fundamentals, OS architecture principles, and network basics down first probably helps. Practicing is specific to whatever you're learning at the moment - could be writing "Hello World" in assembly or configuring a firewall ruleset.

A top class hacker is "just" an expert in many different CS fields, so for the first 5-10 years the road is to be shared with those aspiring to be top class programmers, network engineers, DBA's, cryptographers... And by the time you have traveled the road long enough, you get a much better idea of what it's all about...

rampage

ChooseLife wrote: »

Mastering CS/IS takes multiple iterations, and a particular order is not important, though having general CS fundamentals, OS architecture principles, and network basics down first probably helps. Practicing is specific to whatever you're learning at the moment - could be writing "Hello World" in assembly or configuring a firewall ruleset.

A top class hacker is "just" an expert in many different CS fields, so for the first 5-10 years the road is to be shared with those aspiring to be top class programmers, network engineers, DBA's, cryptographers... And by the time you have traveled the road long enough, you get a much better idea of what it's all about...

Thanks again for this great information . This is very useful for me .

flt0nujr

I'm attempting to break into the Infosec career field. I recently passed my CCENT and Security+ certifications. I'm now trying to determine my next move in deciding which security cert to pursue. i no longer want to deal with ISP providers, troubleshooting circuits and
I dont want to be locked into only Cisco. I'm looking at the following:

1) SSCP
2) CEH
3) CCSA

If you can offer any suggestions or opinions of the best possible path. I'm currently enrolled for an MS for Information Security Mgmt and my ultimate goal is to be either:

Intrusion Detection Specialist
Vulnerability Assessor
Security Analyst
Information Security Auditor

emzee

Hello Everyone!!

I need some career advice from all the security gurus here. I am a Java based Web and Enterprise Application Developer with 5+ years of experience now looking to get into the field of Information Security. Will my previous experience as an Application Developer have any value add in the field of InfoSec?

Please advise where to start with the certifications related to the InfoSec and the best certification path that i need to take with regards to my previous experience as an Application Developer.

Thank You.

Regards,
emzee

treshawn05

I would like to ask since it is 2013, trying to start a career in Info Sec which route should I follow? My goal is to become a CEH then progress to CCIE and CISSP, I'm going to self study for Sec+, Since the times change I cant find MCSA:Sec so what would be its modern day equivalent? Also after taking Sec+ I was thinking of taking "the new MS equal" and going for CCNA then CCNA-Security followed by SSCP as you suggested. I just want to know if that sounds about right, your opinion is valued!

blaker00

Good security engineering route depends on what you want to specialize in. I've seen way too many people that memorize nist 800-53, iso 27000, itil, cobit... and claim they are security engineers. These people are not security engineers, they are auditors or security managers.

if you are looking to become a well rounded security engineer this is what you should know.

Offensive security: Scripting(python,ruby), Programming(C, Assembly), Javascript, PHP, Metasploit, sqlmap, Burp-proxy, SQL, OSCP/E, ollydbg, pydbg, etc...

Defensive security:

• Network Route: CISCO, JUNIPER, CHECKPOINT, MRTG, SOLARWINDS- NAC, AAA, VPN, SSL, AES,SHA,MD5. Understand the difference between a hash and encryption. CA, Wireshark, TCPdump, Network segmentation, Architecture roles. Understand Next gen Firewalls such as Palo Alto's, Understand IPS such as Snort, SIEM, wLoadbalancing(f5,citrix). Bluecoat,Riverbed,Netscaler type products.
• System Route: Linux(RHCE), Microsoft(MCITP), Mcafee EPO, Nagios, CLAMAV, Websense or other DLP, Qualys, nexpose, SQL, NOSQL, you should probably understand concepts of NIST 800-53 and ISO27000, Certificate Authorities, Active Dir., Puppet
• Manager : ISO27002, NIST 800-53,34, COBIT, ITILv3, CISSP,CISM,CISA. Not very active in technological side more interested in Confidentiality Integrity Availiability. Gets really in depth with security access and flows. Very interested not just in technology(logical) but also Physical and Administrative
• Programming : Learn SQL injections, Web-app security(web application hackers handbook 2), know everything I've written for Offensive security plus know agile, waterfall, etc different methods of application creation. Best bet for this path would be learn assembly x86 and 64. Learn how to create APT and end up working as a malware or security researcher

Good luck, takes a very long time and a dedicated person to become a sec engineer

flash27

Great post. Thanks!

tiffy09

Thank you so much for the info.