How to get started?

3FmX42mCD74Rg

So basically, I've been studying a ton and I've gotten 4 certs now the A+, Security+, Network+, and ITILv3 Foundation. I studied for the CEH and was about to take it, then found out you need 2 years of experience which I don't have or I can pay 1500$ to take their course for 7 days and suddenly I'm qualified for the exam. I "acquired" their course stuff and I can say it's bullshit. It's nothing but a scam so that's off the table. I also studied for the CISSP but I feel like that's just a bunch of fluff and I don't want to pay 500$ for it. Why do that when I can get like 8 Microsoft certifications and learn a massive amount of information for 20$ less?

I've dabbled in C++, Assembly, and Python, and it interests me to do true hacking but time is of the essence. That's a hobby that will have to wait. Here's a list of programs that I've practiced in through VMWare: [FONT=&quot]Bastille, Look@LAN, VMWare Workstation 7, Linux: Backtrack 4, TrueCrypt, Wireshark, Colasoft Packet Builder, Nessus, NMap, Microsoft Baseline Security Analyzer, inSSIDer, NetworkStumbler, Goolag, Nikto/Wikto, Paros Proxy, Cain & Abel, Netcat

The problem here is that even though I know how to use these programs and OS's, I have no real experience in using them beyond some VMWare trials, which lets face it is really nothing compared to the real world use of them. So basically I need a job to get the experience or I can do it illegally which isn't really an option.

So I feel like getting into security is out of reach. I'm going for some SQL certifications and I'm studying heavily in this area. I'm not really sure what to do at this point other than keep learning? No experience but a lot of studying, that's about all I have at the moment which compared to someone with experience is really nothing. Any ideas?
[/FONT]

dynamik

You're more than likely going to have to start with a low-level network or systems job and work your way up. It took me roughly six years to get into security (granted, I wasn't really pursuing it strongly from the start). And unfortunately, fluff can look good on your resume...

3FmX42mCD74Rg

I'd like to start with a low level systems job, that would be fine. So going the SQL route is a good bet? My background is actually more in business. I have a marketing degree and I started up a business a couple years ago that failed, but I have the experience of going through the whole process. I was thinking about getting these 3 certifications MCTS: SQL Server 2008, Business intelligence Development and Maintenance, Database Development, and Implementation and Maintenance. 70-448, 70-433, and 70-432 respectively. Then while I worked I would get the MCITP of those 3 areas. I'd be open to a business analyst route as well, it's just that security always interested me since I was a kid.

So would going the SQL server admin route to start off be my best bet then you think? Also, any certifications you recommend as well? I actually also studied for the CCNA but decided not to take the test since it was 250$. Thanks for the reply.

codeace

3FmX42mCD74Rg wrote: »

I studied for the CEH and was about to take it, then found out you need 2 years of experience

If you have other certifications and experience in other fields, you can try completing the eligibility form and fax it to EC-council. If you are able to get an exam eligibility code, then it means they have waived your required experience. I think typically they would expect some form of security background. But it doesn't hurt to give it a shot!

Good luck

Daniel333

Never met a person who one day got up and said " I am gonna be the IT security guy for my company " and succeeded, at least quickly.

Most had managed great interpersonal relationships with business units as well as IT management, did a great job in the administrative/engineering roll and moved in from there.

Anyhow, round our your MCSE: Sec, CCSP while doing administrative work and see where you are at in a few years.

JDMurray

3FmX42mCD74Rg wrote: »

I also studied for the CISSP but I feel like that's just a bunch of fluff and I don't want to pay 500$ for it. Why do that when I can get like 8 Microsoft certifications and learn a massive amount of information for 20$ less?

Part of the cert game is making yourself more marketable to employers. Security-minded employers are looking for people with the CISSP. If you are competing with other job candidates that have similar skills as yourself, but they have the CISSP and you don't, that could be the determining factor in why you were not offered the job.

Don't forget to choose your certs from the perspective of your future employers, and not just based on what you think is fun or inexpensive to pursue.

3FmX42mCD74Rg

That's true, but at the moment I have to go with the best bang for my buck. I'll probably pick up the CISSP later on, but right now I just feel like really learning Server 2008 and SQL Server 2008 is going to do more for me since I don't see where I'm going to get hired directly into a security job. Plus, knowing SQL and expanding out into these other areas I think will open the door to business analyst as well. I just feel like the CISSP at this point is just for the sake of a resume builder whereas I can study all this microsoft stuff and learn so much while still building up my resume. Thanks for all the replies. Do you guys have any suggestions beyond Server 2008 and SQL 2008 MCTS certifications for a low level systems job? Should I also get the MCITP or wait till I get a job to get those?