Technical Security Certs.
cleanwithit
Member Posts: 63 ■■□□□□□□□□
Hello. I'm 20 years old, and I want to get into security; After I get a job in IT first. But it seems like all of these companies want management certs, by the looks of Monster.com, like CISSP. But I want to stay on the technical side of things.
I have my Security +, what's the next logical certification to tackle?
I have my Security +, what's the next logical certification to tackle?
A+, Network +, Linux +, MCP, MCTS, CCENT
A.S Network Administration
A.S Network Administration
Comments
-
JDMurray Admin Posts: 13,101 AdminWhat area(s) of information security are you interested in learning? Security+ is a good start, but knowing what areas you want to work in is necessary for knowing which InfoSec certification path to take.SSCP CEH OSCP
-
unsupported Member Posts: 192Sometimes I wonder if those companies that want a CISSP really want a CISSP, or they just believe that it is just a plain old security cert. I found one job posting in my area which required CISSP *OR* Security+. That is a huge gap there. Going along with JDMurray said, what is your goal? Do you want to become a pen tester (CEH), system admin specializing in security (MCSA: Security), a network admin who specializes in security (CCNA: Security), a malware researcher (Do programmers even get certs?)? I'll give you the same advice my mentor gave me. He had me look at the people in security that I admire and break down their skills. Basically, it boiled down to people who knew programming or networking. I suck at real programming and can only hack together some useful things I need from time to time, so I leaned towards networking. I think Net+ and Sec+ are a really good start. I don't think that any cert would hurt you in the long run. If you wanted to get something heavier than Sec+ until you decide what you want to do, maybe look for the SSCP (where you need one year experience in one of the domains). That would give you an intro to how ISC2 works, which is useful if you decide in the future if you want the CISSP. Also, depending on what you want to do SANS has a lot of specialized certifications for any security itch you may have (GIAC Certifications). Also, it is important to see what your market wants for certifications. Go on a pseudo job search to see what other certs people are looking for. Oh, and a degree would not hurt either. Stay in school, don't do drugs, take your vitamins and pray every night. Be a good lil' Security-maniac.-un
“We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman -
JDMurray Admin Posts: 13,101 Adminunsupported wrote: »I found one job posting in my area which required CISSP *OR* Security+. That is a huge gap there.unsupported wrote: »a malware researcher (Do programmers even get certs?)?unsupported wrote: »Be a good lil' Security-maniac.
-
UnixGuy Mod Posts: 4,570 Modunsupported wrote: »Sometimes I wonder if those companies that want a CISSP really want a CISSP, or they just believe that it is just a plain old security cert. .
yes ! I have seen Networks engineer jobs say that CISSP preferred ? what for ?? it's a pure routing/switch job..! this is an example:
Skills
Requirement:
• Prior Education & Certification in Data Communications or Computer Engineering.
• Strong sense of responsibility, urgency, initiative and commitment.
• Resourceful, strong problem-solving skills with the ability to work independently and cope with pressure.
• A team player and excellent people management skills.
• Experience and capable to manage projects independently for service providers, Telco, government, banks and large enterprises.
• Dynamic, honest, responsible, and willingness to work under pressure.
• Good knowledge and hands on experience in any of the following areas:
- PABX, IP Telephony with certification from CISCO, Nortel or Avaya
- Wireless LAN Networking certification or experience.
- LAN, WAN technologies, VLANs, RIPv1/v2, OSPF, ISIS, BGP4, MPLS-TE, MPLS-VPN.
- Network security solutions such as firewalls, IPSec, VPN, antivirus gateway.
- Appliance based proxy solutions and anti-virus security gateway & UTM.
- Appliance based Server/firewall/WAN load balancers. WAN Optimization systems and Applications Acceleration systems.
- Firewall and network security setup, administration and testing.
- Experience at internal/external penetration testing, system remediation, and penetration auditing.
- Proficient understanding of the pre-sales engineering process and sales processes
- Certified Wireless Network Professional (CWNP) is a plus.
- Wireless LAN Design Specialist Certification is a plus.
- Certified Information Systems Security Professional (CISSP) is a plus. -
UnixGuy Mod Posts: 4,570 ModI mean, it doesn't look like a security management or technical position to me at all
-
JDMurray Admin Posts: 13,101 AdminThat is a job req for a network admin, and having security certification is considered a plus that may put you ahead of some of the other job applicants. It's too bad that security experience and training isn't a sold requirement for the position.
-
cleanwithit Member Posts: 63 ■■□□□□□□□□Thanks for the replies, and I'm sorry for such a late response, I've been studying hard. The first scope of Info-sec, that got me vaguely interested was penetration testing. After further research I found that programming was a big aspect of that. I don't have any programming knowledge, and have never tried to learn it, so I don't know if I will be good at it or not; I will assume the latter, because I suck at math, lol. I'm scared I will get overwhelmed if I try it.
I don't know what else I'm interested in per se, because I haven't worked with anything physically. I've read about wireless, firewalls, and IDS/IPS, and it's interesting to me. I want to take a route that can get me into security, but the ultimate goal is to do penetration testing.
The only thing I have done is messed with, Wireshark, Nmap, Nessus, Netcat, Metasploit, etc. I have a lab setup; Windows 2003 server, Ubuntu, XP, Backtrack. I have cracked my wireless router a million times just to get the technique down. I really think wireless is neat technology.
About being the "little security maniac", I play in my lab, and read daily, but I don't do any programming. I'm studying for the C|EH at the moment, I got the Kimberly Graves review guide, and after reading Counter Hack Reloaded twice it's sort of a review. Oh yea, I always pray, take my vitamins, and never ever do drugs :PA+, Network +, Linux +, MCP, MCTS, CCENT
A.S Network Administration -
JDMurray Admin Posts: 13,101 AdminA couple of things you need to realize is that there are all kinds of programming, and only a very few of them have anything to do with complex mathematics. Pen testers get by learning shell and scripting languages and more programmer-friendly languages, like Python. To get good at programming, like anything else, is just practice, practice, practice.
Having your own lab, teaching yourself to learn the tools, going for the popular pen testing certs, and having a hobby-level interest in pen testing is a great start. People usually get into it as a profession by starting in a netadmin job where network pen testing and host vulnerability analysis is just part of the job. After building up several years of professional experience, you can find opportunities for doing pen testing full-time.
Also consider the possibility that you will discover that working as a full-time pen tester is not for you. It is not a glamorous job, and it can be down right boring, much the same way software testing is boring. If you end up not wanting to pen test for a living, be prepared to have other InfoSec interests to fall back on. -
UnixGuy Mod Posts: 4,570 ModI agree with JD on this, and would like to add that it will be good that you get a job in systems administration or networking...it's good for you to have this background, maybe.
-
cleanwithit Member Posts: 63 ■■□□□□□□□□A couple of things you need to realize is that there are all kinds of programming, and only a very few of them have anything to do with complex mathematics. Pen testers get by learning shell and scripting languages and more programmer-friendly languages, like Python. To get good at programming, like anything else, is just practice, practice, practice.
Having your own lab, teaching yourself to learn the tools, going for the popular pen testing certs, and having a hobby-level interest in pen testing is a great start. People usually get into it as a profession by starting in a netadmin job where network pen testing and host vulnerability analysis is just part of the job. After building up several years of professional experience, you can find opportunities for doing pen testing full-time.
Also consider the possibility that you will discover that working as a full-time pen tester is not for you. It is not a glamorous job, and it can be down right boring, much the same way software testing is boring. If you end up not wanting to pen test for a living, be prepared to have other InfoSec interests to fall back on.
So, I guess I will start to learn the shell, in other words that is called bash scripting, correct? It's just I'm spending so much time learning about security, and right now I don't think it's the best time to start learning to script, or program.
Yea, I'm hoping to get a network administrator job after I graduate. Hopefully with having a few security certifications I can do security-like tasks to get some experience.
Lets say I wanted to start my career in the firewall, IDS/IPS's, and wireless part of Infosec, what certifications should I start out with. Would SSCP > CCSP > CWNA > CWSP >, be my path? Then eventually move into penetration testing later on, because I'm still young and have plenty of time.
Thanks for all the helpA+, Network +, Linux +, MCP, MCTS, CCENT
A.S Network Administration -
JDMurray Admin Posts: 13,101 Admincleanwithit wrote: »So, I guess I will start to learn the shell, in other words that is called bash scripting, correct? It's just I'm spending so much time learning about security, and right now I don't think it's the best time to start learning to script, or program.
If you want to learn scripting on Windows, start with what you can learn in the Command shell (cmd.exe) and then move on to PowerShell. You'll also need to learn VBScript to work on Windows boxes because a lot of legacy scripts are written using it.cleanwithit wrote: »Lets say I wanted to start my career in the firewall, IDS/IPS's, and wireless part of Infosec, what certifications should I start out with. Would SSCP > CCSP > CWNA > CWSP >, be my path? Then eventually move into penetration testing later on, because I'm still young and have plenty of time.cleanwithit wrote: »Thanks for all the help -
cleanwithit Member Posts: 63 ■■□□□□□□□□Thanks JD for the quick response. So, Bash & VB Script then Powershell. It doesn't matter Linux or Windows I'm comfortable using both; but I prefer Linux
Well since I won't be starting my CCNA until September, I think I will start to study for the CWNA/CWSP, How difficult are these tests? I will not think about C|EH at this point and time. Yea Sans is ridiculously expensive, but I guess you get your moneys worth.
Again, Thanks for the help!A+, Network +, Linux +, MCP, MCTS, CCENT
A.S Network Administration