How do you determine?

Bl8ckr0uter

Turgon wrote: »

Always be mindful of what you spend your hard earned money on. Most people on this forum are blue collar and will not make the big time, and there is *nothing* wrong with that. But dollars on training materials come out of the family pot so invest your hard earned dollars wisely. If it will *really* help your bottom line, invest. If it will not, run away..far far away. Faceless vendors and training vendors will not feel your money, but you will.

I wish I had money for training like SANS 3K is just not happening.

Oh I agree 100% and that was part of the reason why I was having such trouble justifying the WCNA. $300 is $300 dollars and I am not exactly a baller. I mean I am going to have 3x as much trouble paying for GCIA at the end of the year but I can at least say that SANS is pretty popular. $300 for a no name cert is sort of a tough pill to swallow but I can make it happen. I am just tired of getting help desk calls ya know? Maybe if I have a cert that says Network Analyst on my resume people will get the idea I have no intention of rejoining the password ninja clan.

I have gotten some CCNA job calls and I would take one if I could get my school schedule worked out. My current job is very lax about that and it helps tremendiously because I am late from time to time (I need to work on that) because I am NOT a morning person. Who knows, any extra qual (cert or otherwise) should help you, albiet in various measurements. I guess I am trying to cert into the position I am trying to be in. WCNA, SSCP, CEH and GCIA (and linux+) all fit into my idea of what type of IT Pro I want to be (a JR security analyst) since my current title (Network and Security Admin) and current job duties and in a disagreement. I guess its kind of stupid to try to do (cert into a position) but it has worked for me twice (to get off the helpdesk and to get into a "security position" albiet not as "infosecy" as I would like it to be) so why not try again.

Turgon

Bl8ckr0uter wrote: »

I wish I had money for training like SANS 3K is just not happening.

Oh I agree 100% and that was part of the reason why I was having such trouble justifying the WCNA. $300 is $300 dollars and I am not exactly a baller. I mean I am going to have 3x as much trouble paying for GCIA at the end of the year but I can at least say that SANS is pretty popular. $300 for a no name cert is sort of a tough pill to swallow but I can make it happen. I am just tired of getting help desk calls ya know? Maybe if I have a cert that says Network Analyst on my resume people will get the idea I have no intention of rejoining the password ninja clan.

I have gotten some CCNA job calls and I would take one if I could get my school schedule worked out. My current job is very lax about that and it helps tremendiously because I am late from time to time (I need to work on that) because I am NOT a morning person. Who knows, any extra qual (cert or otherwise) should help you, albiet in various measurements.

I feel for you. You are the children of certification. The helpdesk swamp has grown as fast as the certification aspirations of the young. Those who started certification sooner have bailed and now hold the job you want. They are also instrumental in keeping the underpaid password ninja pool where they are. Forty is a long time till retirement age.

Bl8ckr0uter

Turgon wrote: »

I feel for you. You are the children of certification. The helpdesk swamp has grown as fast as the certification aspirations of the young. Those who started certification sooner have bailed and now hold the job you want. They are also instrumental in keeping the underpaid password ninja pool where they are. Forty is a long time till retirement age.

Wow that was epicly depressing

But you are right. That's why I joined infragard and OWASP. I am even thinking of going to ISSA (I honestly don't see the point of this one) and I am definately going to 2600, LUG and so on because at the end of the day, it takes more than certs. I don't have a ton of experience but all the experience I have, I basically had to fight to get simply because I didn't have experience or a cert. I remember the first real IT interview I had after I came back to my home town after my first stint at "college" (It was DeVry, it was lame, never ever doing that again) and I was proud that I did the A+ on my own. I had an interview with a government contractor and they actually offered me the job. Then basically took it back when they found someone with A+ AND Network+. I can't "make" experience but I can elminate a reason for my disqualification (lack of certification) and that's pretty much all entry level IT pros can do ( or entry level pros in any field for that matter). It's sad but that's all certs are to me. The same goes for a "degree" (not to be confused with education which I do value). It is nothing more than a possible disqualifier elimated. Nothing more, nothing less. Maybe I have a piss poor attitude, idk. I haven't seen anything that proves to me otherwise.

Turgon

Bl8ckr0uter wrote: »

Wow that was epicly depressing

But you are right. That's why I joined infragard and OWASP. I am even thinking of going to ISSA (I honestly don't see the point of this one) and I am definately going to 2600, LUG and so on because at the end of the day, it takes more than certs. I don't have a ton of experience but all the experience I have, I basically had to fight to get simply because I didn't have experience or a cert. I remember the first real IT interview I had after I came back to my home town after my first stint at "college" (It was DeVry, it was lame, never ever doing that again) and I was proud that I did the A+ on my own. I had an interview with a government contractor and they actually offered me the job. Then basically took it back when they found someone with A+ AND Network+. I can't "make" experience but I can elminate a reason for my disqualification (lack of certification) and that's pretty much all entry level IT pros can do ( or entry level pros in any field for that matter). It's sad but that's all certs are to me. The same goes for a "degree" (not to be confused with education which I do value). It is nothing more than a possible disqualifier elimated. Nothing more, nothing less. Maybe I have a piss poor attitude, idk. I haven't seen anything that proves to me otherwise.

There are still opportunities for the young, but you have to use your head. Tramping the same path as 1000000 people doing A+, N+, MCP, MCSE,CCNA,CCNP isn't going to separate you is it? Think laterally. These are the people getting hired into jobs with prospects, as opposed to being grunts. Managers like grunts.

Bl8ckr0uter

Turgon wrote: »

There are still opportunities for the young, but you have to use your head. Tramping the same path as 1000000 people doing A+, N+, MCP, MCSE,CCNA,CCNP isn't going to separate you is it? Think laterally. Those of the people getting hired into jobs with prospects, as opposed to being grunts. Managers like grunts.

...Which brings me back to the WCNA. I don't really want to be in desktop support or sys admin (at least windows stuff). I know what I want - Security analyst - IDS/IPS Firewalls, Router/Switch, WAFs, Concentrators VPNs, pen tests, volunerability tests, Auditing and compliance (yes even compliance) but some people (not folks here) make it seem like I shot myself in the nuts by not doing the MCSA/E when I was 18 (or 11 like those MCT kids). Plus I know I don't have MCSE level knowledge. I could build a multiforest domain with multiple trust. I don't know exchange like the back of my hand. . I know a little sql. These hiring people don't seem to get that not everyone wants to play with windows all day. But I'm b1tch1ng lol. I am just saying its like if you don't have an MCSE people assume you must want to do helpdesk work. If you don't have a CCNP or CCIE you don't know anything about routers or routing. If you don't have a CISSP you aren't in infosec, period. I don't know if anyone else has experience the same thing but that is the consensis in my area.

Chris:/*

I choose to study material that either fill gaps in my knowledge or leads me in the direction I am trying to get to. I rarely have time for curiosity based studies unless they align with my goals or knowledge fillers.

Turgon

Bl8ckr0uter wrote: »

...Which brings me back to the WCNA. I don't really want to be in desktop support or sys admin (at least windows stuff). I know what I want - Security analyst - IDS/IPS Firewalls, Router/Switch, WAFs, Concentrators VPNs, pen tests, volunerability tests, Auditing and compliance (yes even compliance) but some people (not folks here) make it seem like I shot myself in the nuts by not doing the MCSA/E when I was 18 (or 11 like those MCT kids). Plus I know I don't have MCSE level knowledge. I could build a multiforest domain with multiple trust. I don't know exchange like the back of my hand. . I know a little sql. These hiring people don't seem to get that not everyone wants to play with windows all day. But I'm b1tch1ng lol. I am just saying its like if you don't have an MCSE people assume you must want to do helpdesk work. If you don't have a CCNP or CCIE you don't know anything about routers or routing. If you don't have a CISSP you aren't in infosec, period. I don't know if anyone else has experience the same thing but that is the consensis in my area.

I hear you.

Your best bet is the following:

1. Get outstanding grades from an outstanding University and get taken on by an Outstanding company as a Graduate Trainee. Avoid helpdesk and get fasttracked

2. If you have influence make some calls, have conversations and make no 1 happen even if you haven't got the goods educationally.

3. Work for a provider or small shop where you get exposure to everything and build from there. Good experience.

4. Form your own company and take your chances.

5. Go helpdesk grunt and turn every lever you can to get out.

6. ANother solution

A good indicator of people getting on is the individuals postcount on TE. Royal, Keatron, Sexion, even Dynamik dont post often. They are way too busy at work! I think Im 3 a day but its a nice distraction after a busy day and an unwind. Im way too busy at work to post on works time.

Chris:/*

Bl8ckr0uter wrote: »

...Which brings me back to the WCNA. I don't really want to be in desktop support or sys admin (at least windows stuff). I know what I want - Security analyst - IDS/IPS Firewalls, Router/Switch, WAFs, Concentrators VPNs, pen tests, volunerability tests, Auditing and compliance (yes even compliance) but some people (not folks here) make it seem like I shot myself in the nuts by not doing the MCSA/E when I was 18 (or 11 like those MCT kids). Plus I know I don't have MCSE level knowledge. I could build a multiforest domain with multiple trust. I don't know exchange like the back of my hand. . I know a little sql. These hiring people don't seem to get that not everyone wants to play with windows all day. But I'm b1tch1ng lol. I am just saying its like if you don't have an MCSE people assume you must want to do helpdesk work. If you don't have a CCNP or CCIE you don't know anything about routers or routing. If you don't have a CISSP you aren't in infosec, period. I don't know if anyone else has experience the same thing but that is the consensis in my area.

It sounds like you are trying to get to the a security analyst position. Have you researched what knowledge areas those positions would like? Since I am moving in that direction I can tell you neither the CISSP (unless in gov work) or the MCSE is required for it.

Turgon's advice is like gold when he speaks of lateral moves. You will see a huge number of people doing the cert climb hoping it will get them into a great position. Instead you will see them get placed in a position that requires a "Jack of all" that pays decent but overworks them.

Turgon

Chris:/* wrote: »

It sounds like you are trying to get to the a security analyst position. Have you researched what knowledge areas those positions would like? Since I am moving in that direction I can tell you neither the CISSP (unless in gov work) or the MCSE is required for it.

Turgon's advice is like gold when he speaks of lateral moves. You will see a huge number of people doing the cert climb hoping it will get them into a great position. Instead you will see them get placed in a position that requires a "Jack of all" that pays decent but overworks them.

That's correct Chris. The cert climb ended in 2004. Those who did it went one of four ways:

1. Out of the industry
2. Management
3. Architect
4. Own IT company

Bl8ckr0uter

Turgon wrote: »

I hear you.


A good indicator of people getting on is the individuals postcount on TE. Royal, Keatron, Sexion, even Dynamik dont post often. They are way too busy at work! I think Im 3 a day but its a nice distraction after a busy day and an unwind. Im way too busy at work to post on works time.

..... so very, very true.

Chris:/* wrote: »

It sounds like you are trying to get to the a security analyst position.

Yep this is exactly what I am looking for.

Chris:/* wrote: »

Have you researched what knowledge areas those positions would like? Since I am moving in that direction I can tell you neither the CISSP (unless in gov work) or the MCSE is required for it.

Define research.

I have looked at job descriptions and such. Here is an example of what I am looking at:

https://xjobs.brassring.com/1033/ASP/TG/cim_jobdetail.asp?jobId=871841&PartnerId=54&SiteId=5346&type=search&JobReqLang=1&recordstart=1&codes=WB2345

Basically I have determined that Packet level knowledge and troubleshooting, general security, pen testing knowledge, networking and TCP/IP as well as linux are important. That has shaped my "path":

WCNA (April)
SSCP (May)
CEH
LPIC-1 (maybe)
GCIA

I think that makes sense....

networker050184

Turgon wrote: »

I feel for you. You are the children of certification. The helpdesk swamp has grown as fast as the certification aspirations of the young. Those who started certification sooner have bailed and now hold the job you want. They are also instrumental in keeping the underpaid password ninja pool where they are. Forty is a long time till retirement age.

So, I have to ask. What happened that has turned you so bitter? Not just this post, but in general I see a lot of bitterness in your responses lately.

Turgon wrote: »

A good indicator of people getting on is the individuals postcount on TE. Royal, Keatron, Sexion, even Dynamik dont post often. They are way too busy at work! I think Im 3 a day but its a nice distraction after a busy day and an unwind. Im way too busy at work to post on works time.

You can't be seriously taking the frequency of peoples posts on TE as an indicator of the IT field and certification in general. People come and go on forums. Its the nature of the internet and in no way an indicator the IT profession as a whole.

veritas_libertas

Bl8ckr0uter wrote: »

Wow that was epicly depressing

But you are right. That's why I joined infragard and OWASP. I am even thinking of going to ISSA (I honestly don't see the point of this one) and I am definately going to 2600, LUG and so on because at the end of the day, it takes more than certs. I don't have a ton of experience but all the experience I have, I basically had to fight to get simply because I didn't have experience or a cert. I remember the first real IT interview I had after I came back to my home town after my first stint at "college" (It was DeVry, it was lame, never ever doing that again) and I was proud that I did the A+ on my own. I had an interview with a government contractor and they actually offered me the job. Then basically took it back when they found someone with A+ AND Network+. I can't "make" experience but I can elminate a reason for my disqualification (lack of certification) and that's pretty much all entry level IT pros can do ( or entry level pros in any field for that matter). It's sad but that's all certs are to me. The same goes for a "degree" (not to be confused with education which I do value). It is nothing more than a possible disqualifier elimated. Nothing more, nothing less. Maybe I have a piss poor attitude, idk. I haven't seen anything that proves to me otherwise.

Really? I have made some great contacts at my local ISSA group.

dynamik

Turgon wrote: »

I hear you.

Your best bet is the following:

1. Get outstanding grades from an outstanding University and get taken on by an Outstanding company as a Graduate Trainee. Avoid helpdesk and get fasttracked

2. If you have influence make some calls, have conversations and make no 1 happen even if you haven't got the goods educationally.

3. Work for a provider or small shop where you get exposure to everything and build from there. Good experience.

4. Form your own company and take your chances.

5. Go helpdesk grunt and turn every lever you can to get out.

6. ANother solution

A good indicator of people getting on is the individuals postcount on TE. Royal, Keatron, Sexion, even Dynamik dont post often. They are way too busy at work! I think Im 3 a day but its a nice distraction after a busy day and an unwind. Im way too busy at work to post on works time.

I'm seriously flattered you included me with that group of professionals.

To answer the original question, it's almost OCD for me. If i'm interested in something, I pursue it. I've definitely "wasted" a lot of time and money on certs I didn't need. Even now, I'm pursuing things like the GSE that probably won't do much for me since no one knows what it is. I'll probably dedicate about two years and $7k of my own money when it's all said and done. However, it's fun for me; it really is a form of entertainment. Sure, you can be cynical and say I could have done a masters in that time, but that's really apples to oranges.

I have an innate drive to learn, and I think that's really what it takes to be successful in IT long-term. Most people can knock out a CCNA, CCNP, MCSE, MCITP, etc. and make a relatively quick career advancement, but then what? I know some people who are 40+, and despite having respectable skills, still spend a lot of their time dealing with BS user issues. I'd shoot myself.

I think there are a limited number of satisfactory outcomes for people like me. Become an architect, get on the management track (not stopping or being content with middle-management), join a consulting firm, or start your own business. Certifications don't cut it for any of these (even though some have "architect" and "manager" in the title). No certification is going to go into the depth or provide the experience you need for any of these roles. You must simply have the desire, and I really don't think that's something you can just acquire. If you don't have it, you should reevaluate your career plans and find something that appeals to you more.

I've personally found consulting to be the most rewarding. This will usually involve travel, but it's a fantastic experience to work in different environments on a regular basis. You always come out of an engagement more experienced than you were at the start of it. It's great to implement/evaluate X technology, but it sucks to babysit it day-to-day. Do the interesting work you enjoy and then **** the menial tasks off on someone else who doesn't have your drive. I've been in a managerial position for only slightly over two months, and I already really miss consulting. The only option I feel I have at this point is to start my own business; everything else feels like a step backwards at this point.

veritas_libertas wrote: »

Really? I have made some great contacts at my local ISSA group.

I like ISSA as well. I'm in OWASP, ISSA, Infragard, and ISACA (and DC225, but that's not really a "professional" organization )

Bl8ckr0uter

I really think that I might not be cut out with baby sitting servers and such. I think it is a patience issue. I also hate doing the desktop support stuff but I do like people (they taste wonderful in a light pasta sauce ).

Consulting is where I want to be but it seems like it takes a lot of experience that I don't have.


As far as ISSA, I think the cost is a bit high. I might join but Idk.

Turgon

Bl8ckr0uter wrote: »

I really think that I might not be cut out with baby sitting servers and such. I think it is a patience issue. I also hate doing the desktop support stuff but I do like people (they taste wonderful in a light pasta sauce ).

Consulting is where I want to be but it seems like it takes a lot of experience that I don't have.


As far as ISSA, I think the cost is a bit high. I might join but Idk.

I think some of the partners or integration companies might be a good way to a career in consulting for you. You may have to travel a good deal but there is lots of variety in the work.

stuh84

Personally for me its about personal interest. I am also hoping they help a little to get more interesting roles (because my current one couldn't be any less interesting) allied with my experience, but its not happened so far and I'm still after more so I think I'm just addicted to knowledge...

NetworkingStudent

Bl8ckr0uter wrote: »

I really think that I might not be cut out with baby sitting servers and such. I think it is a patience issue. I also hate doing the desktop support stuff but I do like people (they taste wonderful in a light pasta sauce ).

Consulting is where I want to be but it seems like it takes a lot of experience that I don't have.


As far as ISSA, I think the cost is a bit high. I might join but Idk.

Don't you live in Ohio? I found this and found it interesting.

Northeast Ohio Information Security Forum


Northeast Ohio Information Security Forum

Northeast Ohio Information Security Forum is a professional organization for people interested in information security. Members are in the information security, networking, system administration/engineering, and IT industry who are either involved in or interested in the information security field. The composition of the membership range from professionals working in the public sector (at colleges, universities, government agencies) to private industry (banks, manufacturing, tech, services) to college students. The group comes together monthly to discuss issues, watch presentations from members and speakers from outside of the group, and demos of various tools and techniques in the information security arena.


Key goals, missions, and values…
■Discuss security issues, emerging security threats & vulnerabilities, hacking techniques & trends, defense techniques & strategies, laws & regulations, recent trends in security
■Learn security
■Share knowledge and expertise
■Share solutions to issues
■Collaborate
■Network with fellow info security peers
■Conduct training programs for security and non-security people
■Share experience with security products
■Demo great tools and techniques
The forum was created in April of 2005 by Greg Feezel and Robert Wright. Initial meetings took place at the end of Northeast Ohio Cisco Users Group which were held in the Cisco building in Richfield, Ohio. Subsequent meetings have been held in Independence thanks to the support of Hurricane Labs.

Here we bring an unbiased group of technology experts/professionals from the greater Cleveland and Akron areas to discuss everything from the “How to’s” to the “Get ready’s” and “What abouts”.

We are non-profit, non-sales, no-fee, vendor-neutral community that provide each other with a hand in the area of security to face the ever increasing need to protect our computing infrastructure and companies we work for.

There is no cost or fee to belong to the forum and you aren’t required to attend the meetings to belong. Everyone involved in information security and/or IT are welcome to become a member.

The forum meets monthly in the evening on the third Wednesday of every month at a location to be announced prior to the meeting. It usually lasts 2 hours. The meetings consist of tutorials (training, etc) by members and outside of the group, group discussions, security trends update for the month (covering threats, tools, research), sometimes a basics/beginner section, best practices section, and tool demos. Topics covered range in level from beginner to advanced. See below for more information including directions to the location.

We encourage you to join us.

- NEO Info Sec Forum Board of Directors

Maybe joining up with them could help