IS Roadmap suggestions!

maumercado

Hello All, Ive been making plans and choosing certifications to do and masters degree to get!

Ive chosen the following certifications:

Network+, sec+,CEH,OSCP,GSEC,CISSP and here I was thinking of applying for the msise program of sans, but Im not so sure. I like sans because well theyre certifications are great, and besides getting the masters degree with em I also get a lot of GOLD certifications, but I have also looked at other information security masters program from university of phoenix, nsu, nsa approved list and royal holloway university in london!

What would you guys recommend? the master in information security engineering degree from sans, or keep looking at another master infosec programs?
I know sans is a good choice but im still unsure.

Im planning on doing the master degree in 3 or 4 years! the certifications im studying net+ and sec+ as Im writing this.

All Suggestions are welcome, and thank you in advance!

little bit about me; I just began in the Information security field, something im really happy about cuz I have always liked it! I have a BS in electronic Engineering, and I have been working for a month and a half as an application security analyst.

dynamik

You should consider getting some *nix, Windows, and Cisco experience as well. You don't need to achieve a mastery level of everything, but you should be comfortable working with those technologies.

Also, check out the Masters in InfoSec here: http://www.capella.edu

A few people here either have it or are working on it, and I plan on going that route when I wrap up my undergrad in a year.

maumercado

I´ve been thinking in adding the linux+ and then lpic.

About the cisco exp, will the network+ help me prepare for ccna? I know Ill have to study some ccna specifics later... but what exactly? commands only?

On the microsft point, will a MCSE do?

About capella, Ive seen it mentioned in a lot of forums here that draw my attention, in fact is one of the main reasons im unsure about msise of sans, i know i did not name it on the previous post but is because I have not reviewed yet!

What are the pros (as in reasons for choice) of capella?

dynamik

maumercado wrote:

I´ve been thinking in adding the linux+ and then lpic.

That's a great start. The LPIC will take you a long way if you stick with it. I believe they've also added a security specialization in the third level.

maumercado wrote:

About the cisco exp, will the network+ help me prepare for ccna? I know Ill have to study some ccna specifics later... but what exactly? commands only?

The CCENT/CCNA is the obvious place to start. You can go on to the CCSP and CCIE: Security if you want. You're going to need to know more than commands. The commands are going to be useless if you don't understand the underlying theory.

maumercado wrote:

On the microsft point, will a MCSE do?

Sure. It depends on when you plan on start using it though. If you're looking at something three years from now, you may want to consider going with the new MCITP: Enterprise Administrator, which focuses on Vista and Server 2008.

maumercado wrote:

About capella, Ive seen it mentioned in a lot of forums here that draw my attention, in fact is one of the main reasons im unsure about msise of sans, i know i did not name it on the previous post but is because I have not reviewed yet!

What are the pros (as in reasons for choice) of capella?

JD, the dev, wireless, and virtualization moderator has it. I've PM'd him numerous times to discuss it, and it seems like he really enjoyed the program and has benefited from it (to put it succinctly).

maumercado

Im not really sure about going for ccna, Id prefer doing network+ only, and get CEH and other security related certifications, and since network+ is vendor neutral networking basics I believe it will work as background for other certifications that im looking for CISSP, CISA...etc.

Still thats why im posting this forum, for you guys to suggest on the road I have set for myself in the next 4 years!

Turgon

maumercado wrote:

Im not really sure about going for ccna, Id prefer doing network+ only, and get CEH and other security related certifications, and since network+ is vendor neutral networking basics I believe it will work as background for other certifications that im looking for CISSP, CISA...etc.

Still thats why im posting this forum, for you guys to suggest on the road I have set for myself in the next 4 years!

Cisco certs are not the be all and end all of networking by any stretch of the imagination. But if you are planning on working on networking security in detail, I would recommend you do CCNA at least and possibly CCSP. Add to which you should read a variety of non cisco networking texts. But it does depend on how technical you intend to be on the network security front. Security is a big area! As the previous poster said, some Unix exposure would be good for you too.

maumercado

so up to now linux and microsoft related certs are a "must" they will be added to my todo list!!

Now, what are youre toughts on information security master degree, what do you feel is a great program and why? compared to what other programs?

maumercado

So Ill be adding a MCSE certification in the future, ill be doing linux+ and lpic first

About the first two certs to study network+ and sec+ ill wait for both of them to be updated this year, seems that a sme is to study the changes on may this year! I guess they will be updating the cert in november or december, so as soon as updated material covering the new topics for these certs ill buy it or download it, and then do the required updated exams!

Now, what are youre toughts on information security master degree, I left out the university of phoenix, now its only capella, sans msise, carnegie mellon program and nova southeastern university http://www.scis.nova.edu/Masters/Academic_Programs/Academic_Programs_MSIS_info.html

undomiel

Just so you know a Network+ or Security+ certification earned now will still be completely valid whenever they update the exams. So there really is no point to putting it off. If you say you're putting it off to learn the new material then just take them now and learn the new material when the new material is released. No need to put your certification progression on hold for CompTIA.

dynamik

Plus, I think the exams are being released later this year, so good resources (or errata for the lesser ones) are probably not going to be available into 09. Just something to keep in mind.

shednik

maumercado wrote:

Now, what are youre toughts on information security master degree, I left out the university of phoenix, now its only capella, sans msise, carnegie mellon program and nova southeastern university http://www.scis.nova.edu/Masters/Academic_Programs/Academic_Programs_MSIS_info.html

To be honest if you want to pay what Carnegie Mellon charges go for that seriously, they are a top notch school. Capella does look to have a great program, I as well have talked to JD numerous times and at one point planned on attending there. So from my opinion I'd go for CMU in a heart beat they have 2 great masters programs for Secuirty. Not sure if you live in the Pittsburgh but the University of Pittsburgh also has a great program which is a lot more reasonably priced then CMU. If you need more info on the Pitt program PM me I'd be glad to share what I've learned about them or Capella.

maumercado

undomiel wrote:

Just so you know a Network+ or Security+ certification earned now will still be completely valid whenever they update the exams. So there really is no point to putting it off. If you say you're putting it off to learn the new material then just take them now and learn the new material when the new material is released. No need to put your certification progression on hold for CompTIA.

This is where i get lost!! so, if i get certified now, I wont have to do any recerts or anything to have up to date certfication? because i tought I was pointless to be certified now if they were going to upgrade the certification! is there a way to see what year did I get my certification, like what date and what version of the exam did I took? or Im just security+ certified and thats it? no problem because my certification is outdated or anything?

im kinda confused with that ...

dynamik

maumercado wrote:

im kinda confused with that ...

This type of things varies between certifications. CompTIA exams are good for life; no renewals, no expirations.

maumercado

Just to get the whole idea and understand this throughly, and im really sorry if by any means I upset someone with this, but it does not matter when or what version of network+ or secuity+ exam I present, if I pass, Im certify for life and thats it:

undomiel

Bingo. CompTIA certs are for life.