I've cleared my security +, what after this?

lavi17

Hi everyone,

i need help.. i've cleared my security plus examination... i've got two years of relevant experience as information security officer... i'm not a graduate... n i've been laid of recently... well i kno its very difficult to find a job for non-graduates. well its been four months n i'm still unemployed... what i want to ask is since i've cleared security +, n i don't see any job for it in the Indian market as of now... so which certification should i prepare for next.... reply awaited... thanks to all who'll waste some of their time replyin to this post...

cyberguypr

Congrats on the pass. Time is never wasted here. We are more than happy to assist our fellow members in any way we can.

First question is, what are you interests? Do you wan to dig further into security? Do you have any other certs at the moment?

lavi17

thanks a ton for ur reply... it means a lot to me... yes sirrrr.... i want to get to the core of information security... really its all i wish to do in my life now... you being a senior member.. can u jus lend me some advice... what shod i do after this... this is my first cert....

ltgenspecific

So, one aspiring security professional to another, I tend to see a lot of cert / proprietary experience requirements in job descriptions. I then use these in general to dictate my course of study.

It seems through my research that perhaps knocking out your Network+ would be of benefit to begin with. As you've got some work experience and passed your Sec+ it seems the next step is to pull an "Inception" and "go deeper" into Networking / Hardware basics. After that I would look at CCENT/CCNA and then focus on something even more challenging, perhaps C|EH or ITIL Foundations if you want to head into management.

It's been advised to me on multiple occasions that the best security specialists have a deep, deep understanding of what is taking place through the transfer of data at a fundamental level. This will then allow for a more complete ability to diagnose, solve and prevent problems as they arise at a more complicated level.

I am just relaying some of the great advice I've received here at techexams.net and elsewhere. Hope it helps.

kriscamaro68

Sorry to hear about lay off. At this point you have a couple options.

Pentesting: CEH, OSCP, Gpen, and ECPPT
General security: Gsec, SSCP, CISSP

All of these will be somewhat expensive to study for and take to really expensive to study for and take. All the Giac certs are very expensive but higly regarded in the info sec community. You may have a ahrder time finding jobs with teh OSCP, SSCP, and the ECPPT.

Your best bet is to search out job boards in the area and find what they are looking for in info sec jobs. CISSP is the most common but with only 2 years experience you would only be an associate but its still something.

Also as itgenspecific said experience with the technologies that you are going to secure is key. At that point finding out if you want to secure the network side of things or the OS side of things or both will help in determining if you should pursue other certs first. There is always the MCITP: SA/EA and the Cisco route like mentioned. Then when you dive into the info sec certs things will make a lot more sense because it only gets much more complicated from this point on as the security+ is just the tip of the iceberg.

ibcritn

Saying you want to be in security isn't enough to really recommend a certification. The security field is extremely vast.

Describe to me your ideal job and I will help shape which certifications might be desired of that role.

xenodamus

I'm no security guru, but I'd say you really need a solid foundation in general data networking before you can "get into security".

The CCNA would provide invaluable knowledge and maybe the Network+ or CCENT could be your first step toward that.

Then on the other side of the coin there's the Microsoft certifications that would give you more depth on the systems side of things.

Either way, I think you should broaden your scope and just work on more IT experience in general. Then you can try to narrow your focus.

lavi17

ibcritn wrote: »

Saying you want to be in security isn't enough to really recommend a certification. The security field is extremely vast.

Describe to me your ideal job and I will help shape which certifications might be desired of that role.

Hi,

Well the ideal job ... as i see for myself... would be like being a security analyst, conducting vulnerability assessment, pen testing. As far as my knowledge goes.. and what i've observed so far is.. for a security personnel.. jus exceling in one field is not enough...

I'll jus write few words about my last interview, in JD they had mentioned everything that you expect from a security specialist, securing network, log management, firewall monitoring, enforcing policies. When i went for the interview all they asked me about was ISO 27001 implementation. So, if i had the thorough knowledge of ISO 27001, which is more of an architecture, where u play with the enforcement of policies, guidelines and standards, will i be considered as a security personnel or a working knowledge with securing domain server, dns server, managing firewalls, network monitoring, does this consititute to be termed as a security professional.

Well, so, in this case what i feel is like, i'll like a career in the second role... that is field knowledge rather than paper knowledge... Is this enough to help me out? Thanks for ur response

Well, as per everyone's suggestion, shall i focus on Network+ then? or CCNA? I want to get into network security, web security is my area of interest too.