Career advice needed

new2securitynew2security Users Awaiting Email Confirmation Posts: 4 ■□□□□□□□□□
Hi Everyone!
I seriously need some career advice.

I'm 32 years old (had a late start in the field! hehe). I have a BS in IT (2006) and a MS in IA (2009). Certifications I have are Network+ and Security+. I let the CCNA expire a while back. I've been a Systems/Network Administrator for a little over 4 years with a 52k salary. Experience includes Windows servers, Exchange, SQL, Sharepoint, Cisco ASA, Virtualization, etc., in short...jack of all trades, master of none...which I've been happy with till now. I work for a small government contractor and have a clearance. I just joined my local ISSA chapter. There is a slight possibility that I might get laid off if my company doesn't get more contracts this year.

Which certification path to follow? A friend of mine suggested to stick with Microsoft completely and forget the rest..saying that I would be able to find a full time job any time and contract on the side. Or do I obtain multiple certifications from different vendors? I understand that satisfies the HR requirements these days and possibly better opportunities to get jobs. My long term career goal is towards security. Would it be possible to follow ONLY GIAC certs at this stage of my career and find a better job? I know the SANS training is expensive, but the costs of training and upgrading certs from other vendors over time adds up. The upfront costs of SANS is expensive. Would it be worth it though?

How I spend my time:
I'm married with no kids. My commute to work is almost hour and half each way. I just put my house up for sale so I can move closer to the city and going back to renting. At work, during my extra time...I read up on the server side of stuff and I have a small lab setup to keep up with the changing trends. At home I get around 1-2 hours daily and spend my time reading security related books and articles.

Any input would be greatly appreciated. Thanks in advance!


  • Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    Your experience makes you a good candidate for a Sr System Administrator job more than a security type role. That being said you experience and education provides a strong foundation for an entry in security. No certification in Security is going to be a ticket as it is a more guarded community than either networking or servers.

    If you have experience working with C&A teams or Audits and patching security vulnerabilities after a security analysis you may have the experience necessary to break into the field. If you do not look at jobs that could give that experience or opportunity that are already in your realm.

    MS certs may be a bigger bang for your buck and unless you work with Gov jobs a GIAC ONLY path will not help you.
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • new2securitynew2security Users Awaiting Email Confirmation Posts: 4 ■□□□□□□□□□
    Thanks Chris! It makes sense. :)
  • TrainingDazeTrainingDaze Member Posts: 62 ■■□□□□□□□□
    32 years old with a graduate degree, a clearance, and 4 years NA/SA experience is a GREAT spot to be in, I wouldn't sell yourself short :)

    With your background and if you really want to break into security why not take the CISSP?

    Throw up a linkedin page with your CLEARANCE in big bold letters, along with your background and a CISSP and I would be surprised if you didn't get a few HR knocks on your email door.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,259 Admin
    I would strongly consider diversifying on the certifications and not just sticking with one vendor. Right now your career is ruled by hiring managers. Having a bunch of MS certs while being interviewed by someone who doesn't personally like MS is not a good position to be in, so it's good to have other certs on your resume too. And MS isn't the end-all-be-all of the IT world either.

    Because you are a SysAdmin, I would say spending the big-bucks on a VCP (VMware) cert rather than anything from SANS would give you the best return for your money. And if you re-up your CCNA, go for the CCNA:Security this time.

    It's rather unusual for someone to have an MSIA and not have at least the CISA, CISM, or CISSP. If you have the InfoSec experience, go for the CISSP. If not, start with the SSCP. These cert are well-known in DoD-land too.

    Because of the economy and current (lack of) White Hose defense spending, the big money is being paid for people with security clearances mostly in the beltway. Programs don't like paying for clearances these days, and the more clearances you have now the better. TS/SCI is a great one to have, but even a lowly S is worth something.
  • new2securitynew2security Users Awaiting Email Confirmation Posts: 4 ■□□□□□□□□□
    Thanks guys for your responses. Though I don't meet the experience requirements for the CISSP just yet, I don't mind being an Associate till I get those years behind me. Going to shoot for August to take this exam (that's the time it is available in my city). From there (if I pass of course!) VCP and then CCNA and CCNA Security. Might have to make more time at home for studying and knocking these out. I have alot more experience in ESX and Windows 2003/2008, might look into Transcenders for the 2008 tests to see how much I actually know. I will keep you guys updated!
Sign In or Register to comment.