Help required choosing Security Certification

anotherday

Hi All !

I have a Bachelor of Engineering in IT.And a recent post graduate diploma in Cyber Space Security.I recently got Comp TIA Security + certified.

I really need a frank opinion in choosing my next certification.I am a fresh graduate with 3 months ( internship) of experience as IT support.And m also looking for jobs now.

My main interest is to go into Info.Security ( Risk Mgmt domain is also of interest to me ).

Can anyone please suggest me something ?

I'd be grateful.

Thank You.

dynamik

Be sure to read through all the stickies at the top of this forum. There is some very good information in those.

What area are you interested in working in (Microsoft, Cisco, Firewalls, etc.)?

Welcome to the forums, and congratulations on your Security+ pass.

JDMurray

The way you get into InfoSec is by leveraging your current experience and skills. For you that would be IT and netadmin. Concentrate on the learning security aspects of those fields and getting the related certifications (CCNA: Security, CCSP, SSCP, etc.). Emphasize the security parts of your job on your resume.

All of InfoSec is about risk management. If you specially want to work in risk management itself, the financial, insurance, or healthcare industries are what you should focus on, as they are very RM-focused.

the_Grinch

JD is right on the money. If there is one thing I have learned so far between studying for the CEH exam and trying to find an info security job is you have to have sound knowledge of what it is you want to secure. Because if you don't have a solid grasp of how a technology works there isn't a good chance you will be able to secure it. So if its networking (Juniper/Cisco), Windows (MCSA/MCSE, 2008 might be good as well because not a ton of people have jumped on it just yet), or Linux (Red Hat, Solaris) all offer certification and a place to start. Experience is key! On another note, with you educational background you shouldn't have an issue being granted an educational waiver to take the Certified Ethical Hacker exam. Good luck and congrats!

anotherday

Thank you all! Appreciated ! Reading those sticky thingy didnt help much

I need a plain suggestion of all the certifications step by step from security + to CCSP/ CISSP

I really expect a good / beneficial suggestion from the senior members here.Please help me.

Also,I read about SSCP.What is with the Associate SSCP thing ?

Regards.

anotherday

@ The Grinch.

Do you suggest writing CEH ?

dynamik

anotherday wrote: »

Thank you all! Appreciated ! Reading those sticky thingy didnt help much

Did you see this post? That's gold.

anotherday wrote: »

I need a plain suggestion of all the certifications step by step from security + to CCSP/ CISSP

CCNA > CCNA: Security > CCSP

Consider doing the CCNP as well. Like Mike says, how can you secure something you don't understand?

CISSP can fit in anywhere, but you'll need four years of experience to qualify (it's five by default, but one of your other certs will take a year off).

anotherday wrote: »

Also,I read about SSCP.What is with the Associate SSCP thing ?

You're an associate if you pass the exam but don't meet the experience requirement. You earn the full certification once you meet the requirement. You can be an associate for the CISSP as well.

anotherday wrote: »

Do you suggest writing CEH ?

It's a good introduction into ethical hacking/pentesting. Does that interest you?

the_Grinch

I find the CEH to be the next logical step after Security+. Thus far I have found it to be like Security+ on steroids. You'll get an overview on tools and methods for beginning and finishing a penetration test. It won't make you a hacker, but I think it is a good place to start. But like others have said you need to know what you want to deal with. System Security? Network Security? Penetration Testing? Vulnerability Research? Security areas are like flavors of Linux, there are tons.

Like dynamik said, you gotta know how something works before you can secure it. That is part of the reason you see big experience requirements for security positions. Most people start off as a System/Network Administrator for a few years and then move to security. In that time you learn what works, what doesn't, and how to get everything just write. This would also be the reason why almost all security certifications require some years of experience:

SSCP - 1 Year
CISSP - 5 Years
CISA - 5 Years
CISM - 5 Years of Security Experience + 3 Years of Management Experience
CCSP - No experience requirement, but a CCSP with no experience won't be very successful with being higher

Best suggestion is to look at Monster and various other sites to see what would be required for what you want to do. Find a direction and then you'll know what certs to go after.

JDMurray

the_Grinch wrote: »

I find the CEH to be the next logical step after Security+.

I would suggest that the SSCP is the next step after Security+. The SSCP is a generic security technology cert and very much what you would expect a Security++ cert to be. The CEH is highly specialized in only a very specific area of InfoSec. Getting the CEH is akin to getting a cert in a specialized field or technology, like network firewalls or electronic forensics.

anotherday

Thank you so much !

I did go through SSCP, and I found it good.CEH also is of interest but looks like it would shine up the " hacking ' thing. If not,I am considering doing it. Guys, m totally a novice with no one around to advise me at all !

But doesnt SSCP require 1 yr of exp.? Or I should go for the associate thing ?

Regards !

the_Grinch

Yeah SSCP requires a year of experience, but you get something like three years to get the experience. Good luck!

JDMurray

anotherday wrote: »

But doesnt SSCP require 1 yr of exp.? Or I should go for the associate thing ?

You will need one year of experience in one of the domains of the SSCP CBK. Because telecommunications and network security is a domain, most IT people who are experienced with routers, firewalls, VPNs, etc. that have been on a job for a year can qualify. You'll just need someone who already has an SSCP or a CISSP cert that can verify your work experience to endorse you.