Help and Guidance.

ev0

Hello all an welcome to my cry for help. Im currently in school for dual associates in Network Security Technology and Network Administration. I Passed Network+ yesterday. I wanna graduate in a year an go get a bachelors somewhere (NO IDEA WHERE, ADVICE WELCOME) My ultimate goal is to Start a security analysis company / networking. I would like to get some time in field first though. What certs should i be going for? What would be a good school for me? I'm also interested in malware analysis and software security. The plan for my company is to evaluate security by pen-testing but also doing a general evaluation of policy and procedures. Im only 19 with big dreams but im determined and willing bright with good social skills. Like i said any advice will help thanks alot

Essendon

I dont know where you are at, so cannot suggest any schools. Tell us your location and someone should be able to help.

I'd advise you to get a job, since you are just starting out, you'd most likely get a helpdesk sort of job. Dont get put off by this, most of us have been through it. Keep working on your certs, I'd probably start off with the Security+ to get a feel for security. Or you might grab an MCP or an MCTS to work on the Microsoft side of things. See if you like it, you could give CCNA a shot as well. It really is upto you which way you want to go.

L0gicB0mb508

You will definitely want to find a job in the field. Without a lot of experience most people will not hire a security consultant to pen test. In order to properly understand many of the underlying reasons that an exploit exsists, you will need network/systems knowledge on a fairly deep level. You have also listed two roles (kind of). While a pentester will review and possibly help revise a security policy, most of the time a security manager or engineer will be developing the security policy itself. I personally think until you actually get a crack at doing a security related career, you may not know what you are in for. With all that being said, let me list a few certifications you may want to shoot for.

Security+ - This is probably the first thing you should study and take.
CCNA -> CCNA Security - If you are interested in Cisco products go this route, but its also a good start on underlying network concepts
CEH - It will teach you the tools a pen tester might use, but dont expect to become an expert pen tester.
OSCP - A much more hands on security pen testing cert.
SSCP - A baby CISSP really, it doesnt require the amount of documented work experience the CISSP requires.
CISSP - this is the big one. It is generally meant for someone with extensive security experience. It also regarded as more of a management level certification.

This is just an overview. You will need to do some research on your own to determine what your personal goals/needs are. Security is a hot topic right now, don't get caught up into the hype that it is all glitz and glamor.

ev0

Im currently in the Southern United States but not limted to this region of the county. Thanks for the advice all any more would be great I have done alot of research and my biggest problem right now is finding a job in the field. There are no jobs in IT where i am.(Waco,tx) im currently working at Best Buy . With getting my Network+ im hoping i can find something somewhere. Trying to network with everyone i can. Though about just shooting all the Networking business an email with my resume and see if i get any responses. From personal study i already have a good basis in security and pen-testing. L0gicBomb and Essedon i do appreciate your response and i Like that list u gave L0gic i just need to work in some Linux+ and Microsoft Certs. An the end cert goal is CCIE secuirty

chrisone

To be successful in pen-testing you need to have a solid foundation of networking and how networks work. I would recommend, CCNA & CCNP. Then once you have that knowledge dive into Security with CCSP or Pen-testing. I know this sounds daunting at first but without general networking technologies i don't see how anyone can understand security, especially pen-testing skills.

Do not get confused with CCSP and other certifications like CISSP. One is theory and policy based concepts and the other (Cisco Certified Security Professional) is more hands on nity-grity security with actual packet inspection and network trouble shooting, stuff that theory and policies wont help you fix.

In other words policies and thoery tell how you to do things, but wont show you technically how to fix such things. So i guess in other words for pen-testing you will need to know how to build and fix networks before you dive into that category.

L0gicB0mb508

ev0 wrote: »

Im currently in the Southern United States but not limted to this region of the county. Thanks for the advice all any more would be great I have done alot of research and my biggest problem right now is finding a job in the field. There are no jobs in IT where i am.(Waco,tx) im currently working at Best Buy . With getting my Network+ im hoping i can find something somewhere. Trying to network with everyone i can. Though about just shooting all the Networking business an email with my resume and see if i get any responses. From personal study i already have a good basis in security and pen-testing. L0gicBomb and Essedon i do appreciate your response and i Like that list u gave L0gic i just need to work in some Linux+ and Microsoft Certs. An the end cert goal is CCIE secuirty

Linux will definitely be helpful to your pen testing skill set. A lot of the tools that a pen tester will use are *nix based. As for the job, you will probably have to start out in more of a helpdesk type role. Many people complain about this, but in all honesty a customer facing role is good. A lot of security people will have a direct customer facing role if they hire out their services. Even as an in house security person, expect to be in meetings and interfacing with your managers. Just keep your head up and do the best you can. Just keep putting pieces of the puzzle together until you reach your goal. How do you eat a whale? One bite at a time. (hahah)

dynamik

If you're interested in malware and software, why aren't you doing a computer science degree?

If you're interested in getting started in pen testing, check this out: http://www.infiltrated.net/pentesting101.html

I strongly recommend that you get a solid foundation in networking (Cisco/Juniper), Windows, and *nix. That will set you apart from the people who just run tools but don't truly understand how or why they work.

The CEH is a nice overview of the concepts while the OSCP gets much more in-depth and hands-on.

xukaome

I accept with information: Security+ - This is probably the first thing you should study and take.
CCNA -> CCNA Security - If you are interested in Cisco products go this route, but its also a good start on underlying network concepts
CEH - It will teach you the tools a pen tester might use, but dont expect to become an expert pen tester.
OSCP - A much more hands on security pen testing cert.
SSCP - A baby CISSP really, it doesnt require the amount of documented work experience the CISSP requires.
CISSP - this is the big one. It is generally meant for someone with extensive security experience. It also regarded as more of a management level certification.