Security certification - where to start?

24

Comments

  • LaminiLamini Member Posts: 242 ■■■□□□□□□□
    been looking for an analogy of that, thanks.

    coming from someone getting his cans...
    CompTIA: A+ / NET+ / SEC+
    Microsoft: MCSA 2003
  • kimanydkimanyd Banned Posts: 103
    Lamini wrote: »
    coming from someone getting his cans...

    Wow, I wouldn't have guessed that you'd have so much in common with a 12-year-old girl...
  • codeacecodeace Member Posts: 38 ■■□□□□□□□□
    keatron wrote: »

    I would say probably Sec+ (even if you do it self study).
    Then MCSA:Sec
    Then CEH
    Then SSCP
    At this point I'd suggest getting some Cisco in there. And you must start with CCNA, Then work the CCSP route (will not be easy, but worth it).

    By this time you should be very ready to start preparing for the CISSP.

    Would having Sec+, MCSA: Sec, CEH, SSCP, CCNA help me get a call for an entry level IT security position with a masters degree and without any experience?
    Everything happens for a good reason! Don't question it. Just accept it :)
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    It's difficult to hop directly to a security position. You'd probably be better off trying to get into a systems/networking administration position and working your way up from there.
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    codeace wrote: »
    Would having Sec+, MCSA: Sec, CEH, SSCP, CCNA help me get a call for an entry level IT security position with a masters degree and without any experience?

    You usually won't even get a call without front line x amount of experience. Entry level security is essentially senior admin work. In essence you'd be getting these certs over the course of years as you move through your career. It's what i look for when hiring because so many people just cram pass the test and forget.
  • codeacecodeace Member Posts: 38 ■■□□□□□□□□
    Now I understand why experience matters in security!! So would these certifications help me get into an admin job over an year? If not what do you expect out of a no-experience sys/network admin applicant? Though it might depend on your requirement, i'm just trying to get an idea from employers perspective.
    Everything happens for a good reason! Don't question it. Just accept it :)
  • DoctorDokuDoctorDoku Member Posts: 1 ■□□□□□□□□□
    I signed up just to thank keatron for cutting to the chase and giving the noobs and semi-noobs out there a giant heap of useful info condensed into one small list and a few paragraphs after (the great coke can analogy.) I've been spreading myself out over several areas of IT (security, networking, web design, programming) while living in D.C. and one thing I've noticed is that people here tend to be annoying when you ask them even basic questions about certs and such. I understand worrying about competition from other pros and not wanting to talk shop when you're out having drinks or whatever, but I mean people here NEVER want to help in any way, shape or form. I've seriously had guys get angry when I asked what their cert acronym stood for.

    So thanks for not being selfish and not talking down to the new folks. Maybe it's just this area, but those are traits more people in the IT field should have.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    That's ridiculous. The people who are afraid to share knowledge are the people who are afraid to learn and adapt and are clinging on to whatever menial jobs they have. I'm going to definitely try to hit up Shmoocon this year, so try and make it out. I'm more than willing to share knowledge in exchange for alcohol :D
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Going to be out front with the "Will hack 4 booze" sign dynamik?
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • APAAPA Member Posts: 959
    Just my 2c.... to say that this thread has fantastic info\direction in it.

    Makes me realise why I stick around this forum.... not matter how much work tries to keep me away from it! :D

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • earweedearweed Member Posts: 5,192 ■■■■■■■■■□
    ================================================== =======

    CompTIA: A+ & Network+

    Microsoft: MCP, MCDST, MCITP:EST, MCTS:Vista, MCSA 2003

    Cisco: CCNA, CCNA:Security, Cisco Info Security Specialist, CCNP & CCIP

    Juniper: JNCIA:Junos

    ================================================== =======

    Nice six pack you got. No Sec+,lol
    No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
  • subl1m1nalsubl1m1nal Member Posts: 176 ■■■□□□□□□□
    KABOOM! Keatron just dropped a bomb!!

    Seriously. Very sound advice. I'll be taking this path approach once I get Server 2008 EA certified.
    Currently Working On: 70-643 - Configuring Windows Server 2008 Applications Infrastructure

    Plans for 2010: MCITP:EA and CCNA
    70-648 - Done
    70-643 - In progress
    70-647 - Still on my list
    70-680 - Still on my list

    www.coantech.com
    www.thecoans.net
    www.facebook.com/tylercoan
    www.twitter.com/tylercoan
    www.linkedin.com/users/tylercoan
  • TechStrikerTechStriker Member Posts: 131
    DoctorDoku wrote: »
    I signed up just to thank keatron for cutting to the chase and giving the noobs and semi-noobs out there a giant heap of useful info condensed into one small list and a few paragraphs after (the great coke can analogy.) I've been spreading myself out over several areas of IT (security, networking, web design, programming) while living in D.C. and one thing I've noticed is that people here tend to be annoying when you ask them even basic questions about certs and such. I understand worrying about competition from other pros and not wanting to talk shop when you're out having drinks or whatever, but I mean people here NEVER want to help in any way, shape or form. I've seriously had guys get angry when I asked what their cert acronym stood for.

    So thanks for not being selfish and not talking down to the new folks. Maybe it's just this area, but those are traits more people in the IT field should have.

    Not surprising it is very powerful, I read this gazillion times for past 2 years!
    Passed SNIA - SCSP
    Working on VCP4
  • 518518 Member Posts: 165 ■■■□□□□□□□
    The six-can analogy is pretty awesome icon_cheers.gif

    Registered to learn more about Security certs, and debating between GIAC 301 or 401.

    DoD 8570, 301 satisfies IAM Level I. Whereas, 401 is IAT Level II. I thought it was the other way around.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    401 is pretty basic in its own right. I think you'd be disappointed with 301 if you're at all into security; I'd recommend that course to my mom.

    Does 501 fit in there anywhere? That's the Advanced Security Essentials course, and it would probably be the most interesting of the three.
  • 518518 Member Posts: 165 ■■■□□□□□□□
    dynamik wrote: »
    401 is pretty basic in its own right. I think you'd be disappointed with 301 if you're at all into security; I'd recommend that course to my mom.

    Does 501 fit in there anywhere? That's the Advanced Security Essentials course, and it would probably be the most interesting of the three.

    icon_lol.gif

    Thanks, dynamik. I'd like to ensure that the bootcamp/certification doesnt go way over my head. Hence, I'm debating between 301 and 401. Although I've been to Keesler AFB for my 2E2X1 AFSC, I'm still a fetus in the field of Security, so I have not considered the 501..lol.

    I would like to take a bootcamp where I can learn as much on technical aspect. C&A using ODAA, Gold Disk, and CHAP8 isnt really that much of a help on progressing my security knowledge.

    Regards,
    518
  • sharkezosharkezo Member Posts: 16 ■■■□□□□□□□
    exactly the answer i was looking for , thank you keatron
  • fredlwalfredlwal Member Posts: 44 ■■■□□□□□□□
    I'm glad Keatron posted that info which helps me down the security path.
  • SponxSponx Member Posts: 161
    Wow, thank keatron. Awesome information.
    Personal Website | LinkedIn Account | Spiceworks Account | Field Services Engineer

    Certifications (Held): A+, CWP, Dell Certified
    Certifications (Studying):
    Network+, Security+
    Certifications (In Planning): Server+,
    ICND1 (CCENT), ICND2 (CCNA)
  • rampagerampage Member Posts: 48 ■■□□□□□□□□
    Hi everyone
    Thank you all especially keatron for this great information.Your suggestions are very useful.but i have a question:Are these security certificates useful for becoming a top-class hacker? if not what do you suggest for that?
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    rampage wrote: »
    Are these security certificates useful for becoming a top-class hacker?
    :)
    rampage wrote: »
    if not what do you suggest for that?
    Learning how computers, networks, and systems work - reading and practicing, reading, learning, practicing... Architecture of different OSes, programming in multiple languages, hardware, networking, TCP/IP protocols, RFCs, databases, SQL, RDBMS. Reading, practicing, thinking, learning... Do it for some 5-10 years and you will be well set on the path to becoming what you aspire to be :)
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • rampagerampage Member Posts: 48 ■■□□□□□□□□
    Thabks a lot
    Can you explain more,please?In which order i should study,how to practice....
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    rampage wrote: »
    Thabks a lot
    Can you explain more,please?In which order i should study,how to practice....
    Mastering CS/IS takes multiple iterations, and a particular order is not important, though having general CS fundamentals, OS architecture principles, and network basics down first probably helps. Practicing is specific to whatever you're learning at the moment - could be writing "Hello World" in assembly or configuring a firewall ruleset.

    A top class hacker is "just" an expert in many different CS fields, so for the first 5-10 years the road is to be shared with those aspiring to be top class programmers, network engineers, DBA's, cryptographers... And by the time you have traveled the road long enough, you get a much better idea of what it's all about...
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • rampagerampage Member Posts: 48 ■■□□□□□□□□
    ChooseLife wrote: »
    Mastering CS/IS takes multiple iterations, and a particular order is not important, though having general CS fundamentals, OS architecture principles, and network basics down first probably helps. Practicing is specific to whatever you're learning at the moment - could be writing "Hello World" in assembly or configuring a firewall ruleset.

    A top class hacker is "just" an expert in many different CS fields, so for the first 5-10 years the road is to be shared with those aspiring to be top class programmers, network engineers, DBA's, cryptographers... And by the time you have traveled the road long enough, you get a much better idea of what it's all about...

    Thanks again for this great information . This is very useful for me .icon_thumright.gif
  • flt0nujrflt0nujr Member Posts: 65 ■■■□□□□□□□
    I'm attempting to break into the Infosec career field. I recently passed my CCENT and Security+ certifications. I'm now trying to determine my next move in deciding which security cert to pursue. i no longer want to deal with ISP providers, troubleshooting circuits and
    I dont want to be locked into only Cisco. I'm looking at the following:


    1) SSCP
    2) CEH
    3) CCSA

    If you can offer any suggestions or opinions of the best possible path. I'm currently enrolled for an MS for Information Security Mgmt and my ultimate goal is to be either:

    Intrusion Detection Specialist
    Vulnerability Assessor
    Security Analyst
    Information Security Auditor
    B.S Information Technology Telecommunications
    A.S Network Server Administration
    M.S Information Security Management (expected 2014-2015)
  • emzeeemzee Registered Users Posts: 4 ■□□□□□□□□□
    Hello Everyone!!

    I need some career advice from all the security gurus here. I am a Java based Web and Enterprise Application Developer with 5+ years of experience now looking to get into the field of Information Security. Will my previous experience as an Application Developer have any value add in the field of InfoSec?

    Please advise where to start with the certifications related to the InfoSec and the best certification path that i need to take with regards to my previous experience as an Application Developer.

    Thank You.

    Regards,
    emzee
  • treshawn05treshawn05 Registered Users Posts: 1 ■□□□□□□□□□
    I would like to ask since it is 2013, trying to start a career in Info Sec which route should I follow? My goal is to become a CEH then progress to CCIE and CISSP, I'm going to self study for Sec+, Since the times change I cant find MCSA:Sec so what would be its modern day equivalent? Also after taking Sec+ I was thinking of taking "the new MS equal" and going for CCNA then CCNA-Security followed by SSCP as you suggested. I just want to know if that sounds about right, your opinion is valued!
  • blaker00blaker00 Member Posts: 6 ■□□□□□□□□□
    Good security engineering route depends on what you want to specialize in. I've seen way too many people that memorize nist 800-53, iso 27000, itil, cobit... and claim they are security engineers. These people are not security engineers, they are auditors or security managers.

    if you are looking to become a well rounded security engineer this is what you should know.

    Offensive security: Scripting(python,ruby), Programming(C, Assembly), Javascript, PHP, Metasploit, sqlmap, Burp-proxy, SQL, OSCP/E, ollydbg, pydbg, etc...

    Defensive security:
    • Network Route: CISCO, JUNIPER, CHECKPOINT, MRTG, SOLARWINDS- NAC, AAA, VPN, SSL, AES,SHA,MD5. Understand the difference between a hash and encryption. CA, Wireshark, TCPdump, Network segmentation, Architecture roles. Understand Next gen Firewalls such as Palo Alto's, Understand IPS such as Snort, SIEM, wLoadbalancing(f5,citrix). Bluecoat,Riverbed,Netscaler type products.
    • System Route: Linux(RHCE), Microsoft(MCITP), Mcafee EPO, Nagios, CLAMAV, Websense or other DLP, Qualys, nexpose, SQL, NOSQL, you should probably understand concepts of NIST 800-53 and ISO27000, Certificate Authorities, Active Dir., Puppet
    • Manager : ISO27002, NIST 800-53,34, COBIT, ITILv3, CISSP,CISM,CISA. Not very active in technological side more interested in Confidentiality Integrity Availiability. Gets really in depth with security access and flows. Very interested not just in technology(logical) but also Physical and Administrative
    • Programming : Learn SQL injections, Web-app security(web application hackers handbook 2), know everything I've written for Offensive security plus know agile, waterfall, etc different methods of application creation. Best bet for this path would be learn assembly x86 and 64. Learn how to create APT and end up working as a malware or security researcher
    Good luck, takes a very long time and a dedicated person to become a sec engineer
  • flash27flash27 Member Posts: 33 ■■□□□□□□□□
    Great post. Thanks!
  • tiffy09tiffy09 Registered Users Posts: 1 ■□□□□□□□□□
    Thank you so much for the info.
Sign In or Register to comment.