Network certs advice please.

Hellow experts,

I would like to know how far I should go in terms of network certs. MY plan is to become info sec analysis/auditor. I have no plans to become a network admin.

My current plan is

Network+ --> CCENT --> CCNA --> ???

Any advice what I should go after CCNA or how far? CCNA would be overkill?

Cheers.

-J-

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Dr IT

Your CERT Plans look ok and is logical - My Bet would be taking the N+ followed by the CCNA ( you can skip the CCENT " - this would be my choice )

as after the CCNA you can jump on to the MS Bandwagon for some Win 7 Certs ( 680 or the 685 - depending on your Job Profile )

Hope that helps

lordy

You should skip CCENT. It has no value, only CCNA does.

If you are in the security field it might be a good idea to move from CCNA to CCSP. A CCxP is not easy to obtain but holds a lot of value.

Turgon

lordy wrote: »

You should skip CCENT. It has no value, only CCNA does.

If you are in the security field it might be a good idea to move from CCNA to CCSP. A CCxP is not easy to obtain but holds a lot of value.

I would go CCNA/CCNA security and then leave the Cisco tracks if you are not expecting to be doing detailed security work in the Cisco genre. You really dont need to know the internals of an ASA for a lot of security type work. That should be plenty on the tech side of the shop. You might look at a Microsoft security type certification so you have network and servers mostly covered.

At the same time as all this you should be emersing yourself in the non vendor security specific tracks put together by the various bodies in the genre. Most important you should read a good deal and do some labbing.

DigitalZeroOne

lordy wrote: »

You should skip CCENT. It has no value, only CCNA does.

I would advice that you go for the CCENT first, the reason is because unless you have a very good background with Cisco equipment, going in and taking the CCNA is going to be much harder. Unless pricing is different in Canada, it won't cost you any more money to take the 2 tests separately. The only downside is of course you have to take 2 separate tests.

Of course it's possible to go in and pass the CCNA without experience; but why make it harder on yourself?

lunchbox67

DigitalZeroOne wrote: »

I would advice that you go for the CCENT first

ChooseLife

Big-JJ wrote: »

MY plan is to become info sec analysis/auditor.
...
CCNA would be overkill?

At the minimum, CCNA-level knowledge is what you should have to be successful in InfoSec, IMO.

Megadeth4168

The CCNA will give you a good sense of the basics regarding how Routing and Switching works. I think it would be a good idea to do the CCNA with the Security specialization and then, as mentioned, look into some server side certifications.

If you are absolutely new to configuring routers/switches then I would suggest the CCENT > CCNA route.

raptur2000

I agree. Skip CCENT

kurosaki00

raptur2000 wrote: »

I agree. Skip CCENT

Agree too, skip CCENT

"No interest in being network admin"

You shouldnt limit yourself like that. I'm pretty new to networking jobs per se, Only a few months as a network admin and maybe my opinion doesnt matter as much.

But I wouldnt Hire an auditor without experience. You need to learn how things work, what goes wrong and get the hands on.
I dont think most people go from entry level to Auditor in one jump.

N2IT

Skip Network + and the CCENT. CCNA and Security sounds like a winner to me.

brad-

I would start with CCENT, I dont know how everyone can suggest to skip it if we dont know his starting knowledge. If you already know it, fine, but if not, you need to do it for a couple of reasons. Most importantly, it will actually help you decide if info sec is something you enjoy or want to do.

Assuming you like it, i agree with everyone else and you need to get the CCNA:S...but you also need to learn about firewalls...at least some flavor if not cisco.

I would say skip the N+ no matter what tho.

colemic

Speaking as a security auditor for financial institutions... A CCNA is nice, but is not necessary. Your focus should be primarily on the CISA and CISSP. In my experience, 99% of the time, the networking knowledge required to pass those two exams is sufficient.

instant000

Big-JJ wrote: »

Hellow experts,

I would like to know how far I should go in terms of network certs. MY plan is to become info sec analysis/auditor. I have no plans to become a network admin.

My current plan is

Network+ --> CCENT --> CCNA --> ???

Any advice what I should go after CCNA or how far? CCNA would be overkill?

Cheers.

-J-

This thread was made for you:

http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html

^^^^ Especially read post #14.

instant000

colemic wrote: »

Speaking as a security auditor for financial institutions... A CCNA is nice, but is not necessary. Your focus should be primarily on the CISA and CISSP. In my experience, 99% of the time, the networking knowledge required to pass those two exams is sufficient.

If you work as a security auditor, then you're probably one of the best pieces of advice here.

Even with that said, I would advise the original poster to not shoot for the minimum of knowledge.

On another point, any organization you work for should get audited at some point, volunteer for these if you can, and get a better feel for what auditors do.

Also I would recommend getting involved in writing policies and procedures for your organization. (These need revising from time to time.) This will get you more familiar with rules and regulations that affect your operation, as well as get you exposed to the parameters against which you'll be audited.

If you can get exposure to the policy and procedure side, as well as the auditing side, as well as the systems side, you should be well-rounded and ready to progress as an auditor .

... but ... I'm not an auditor, colemic is, so listen to that poster

colemic

LOL erep to you friend.

You are right on track as well - certainly don't be content to do the minimum, I was speaking purely from a what-you-have-to-know perspective. I totally agree to get involved in the policies and procedures, and the risk management side especially. A firm understanding of risk (residual is important, don't really care about inherent, since that's what controls are for), the difference between the two, and seeing how they are mitigated is necessary to get the 'big picture' for what an organization is trying to accomplish and how it is protecting its assets.

instant000

colemic wrote: »

LOL erep to you friend. You are right on track as well - certainly don't be content to do the minimum, I was speaking purely from a what-you-have-to-know perspective. I totally agree to get involved in the policies and procedures, and the risk management side especially. A firm understanding of risk (residual is important, don't really care about inherent, since that's what controls are for), the difference between the two, and seeing how they are mitigated is necessary to get the 'big picture' for what an organization is trying to accomplish and how it is protecting its assets.

Affirmed.

Auditors often ask for "risk assessment", "policy and procedures" "disaster recovery plan" etc., etc., Would make sense to try to get experience doing this stuff, so you know what you're looking for, when you're auditing it one day in the future.

Yeah, there's an audit for everything, LOL.

Physical Security? There's an audit for that. Backups? There's an audit for that. Process credit cards? There's an audit for that. It's like the app store, except it's audits.

But I must make this disclaimer: I'm not an auditor, but I have been audited (many) times. It kind of goes with IT. At my last job, our internal audits were quarterly, which meant that you had the next one coming when you were finishing up the after action review and mitigations on the current one. Also, we had external auditors, and it felt like we saw those guys 3 or 4 times a year, too. We petitioned for an extra employee, the auditing schedule was so heavy.

And the only idea I had about the auditing being so heavy was because the parent company was going public, and our company was going public, too, so they wanted the books all flushed out.

If quarterly (internal and external) isn't that frequent, then excuse me, but it felt excessive, considering I still had to do all the server/network/app/trouble ticket work also

It was funny, whenever we got a new admin, we put them on audits

colemic

Seems a bit excessive to me but that could depend on what industry the business is in, was it driven by regulation or whatnot. i usually go 18 months between visits.

msule

hi i wanna work for an IT company but havent got any commercial experience. I have done 70-620 microsoft about 2 year ago now. then to break... i wanna do my certifications again and wanna start working in IT now. i am working towards my A+ and thinking about doing Network + after my A+. i wanna do some microsoft certifications after that. either MCITP server adminitrator or MCiTP desktop administrator. can somebody help me which way to choose to get a into job market in UK and will my 70-620 vista would be any help or i have to do all from scratch.
Please help