Career Path

First I would like you say yes this is my first post, but I can say I have used this site for years on research for certs and this has been a great source and I appreciate the knowledge and experience you guys share.

I am currently finding myself starting to look at the next stage of my career in the IT field and currently have found that I feel that I have a passion for the security aspect of IT. My current thoughts are that I want to go into the government sector falling into either the NSA, CIA, Homeland Security, or FBI. Most likely the NSA, CIA, or Homeland Security as they are more of intelligent agencies and I feel their business objective focuses heavily on what I believe in. I know this may sound tacky, but I want to work for a industry that supports something I heavily believe in.. the USA. Yeah, I know sounds really tacky, but I have strong believe in the nation I live in and want to help support it. I currently work in the education field and I do believe in what the business goal is of the company, but I would like to take that to the next level.

To give a little background on what I do and have...
Currently I am a systems engineer. I have a total of 4 years of experience. I have my AS in IT Management and am about to enroll into a BS in Cyber Security. This cyber security is very board and touches on both IA and InfoSec. I have my MCSA:Security, MCITP: Enterprise Desktop Administrator 7, Security+, and A+. I currently focus on project designing and engineering. I recently go more into a project designing and development side about a year and a half ago. I am finding that I really enjoy the design side, but love focusing on the security aspect of it as well. I love evaluating a risk and assessing the best way to mitigate the risk. I currently love being hands on, but I love project management. I want to stay in the realm of both for most likely at least another 5-10 years before I go into management. What can I say... I love getting my hands dirty.

The question I am running into is what best suites me. I know this is a hard question for anyone to answer but myself. I have a few questions that I feel will lead to more questions, but will help clarify my thoughts help me answer what I want to go into next. These questions are broad and I know that.

Note: I have searched this site quite a bit and have found it not possible to search for key items in my subject such as CIA, NSA, and FBI as the limitation of searching the forum is more than 3 characters (:P). Perfectly understandable why though. I have also performed hours upon hours of research and this is the first post I have put anywhere (honestly this is where I would come first anyways) for asking questions.

1. With research I have found that IA is the study and assessment of risks in a particular environment or product and InfoSec is more focused on implementing methods and tools to reduce the risk factor involved. Please correct me if I am wrong.

2. What certifications are best suited for job roles inside of the NSA, CIA, FBI, and Homeland Security. I know these departments have a broad set of jobs that both include IA and InfoSec. I am more looking for true "approved" certifications that these types of jobs look for, or look to as "accredited" by some if not all of these agencies.

3. Where does Forencies fall into IA and InfoSec and which one. Note: It may not fall into either and may be a section in itself.

4. Are there other sections other than IA and InfoSec?

5. I am good with network items and Cisco equipment, but want to focus more on the OS side of the whole item. Is that something I am going to have to be forced into focusing on more if I want to get into the security field? I can understand why as network equipment is pretty much the backbone to cyber security in general .

I know a lot of questions and long post. I appreciate any information on any of this and you guys rock!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Webmaster

First, welcome to TE!

Second,

have found it not possible to search for key items in my subject such as CIA, NSA, and FBI as the limitation of searching the forum is more than 3 characters (:P). Perfectly understandable why though.

Good, that'll save me from having to explain

It's a limit we'll overcome in the near future but for now try Google search and add "site:techexams.net" without the quotes to your 3-letter word(s).

I'll leave your InfoSec career path questions to others more knowledgeable/experience on that matter, good luck!

docrice

I can provide a partial answer to your set of questions. My original background was almost purely in supporting operating systems (specifically the Microsoft side of the shop), although I expanded that into *nix maybe eight years ago. Client / servers are a good start, but in infosec you'll need strong knowledge of the network side of the house as well because it ties everything together.

The OS area focuses on configuration, maintenance, and audits to ensure compliance against baselines, policies, and standards. You'll also deal with endpoint security with host firewalls, intrusion detection / prevention, file integrity checking, etc..

The network side will open up the playing field quite a bit by looking at traffic streams and packet payloads. Like an operating system, the subject matter gets pretty complex and if you want to approach it as a security engineer, you'll need an understanding of normal vs. abnormal traffic behavior, packet characteristics, tools used to identify and enumerate nodes, etc..

To be effective as a security professional (assuming you want to be dealing with assessing and recommending technical controls in the manner most people tend to think of when they imagine "IT security"), being well-rounded is important to see the big picture and then drill down. For example, forensics and the associated incident handling process will require strong knowledge in a lot of areas.

As for "approved" certifications towards the "cyber security" goal (I use the latter term in quotes since to me it's mostly the government that likes to leverage that term, although the media has carried it to the point where it's splashed around everywhere), I think there are a number of certs that can help and we've mentioned them quite often in this forum. I know the DoD 8570 list is frequently mentioned, but I don't know how that would apply to DHS, etc.. I assume most would generically want the CISSP, just because it's kind of a common standard. I think it's a good starting point.

I'm not trying to wave the SANS flag like I seem to always do, but you might want to look at the Cyber Guardian program:

http://www.sans.org/cyber-guardian/

I would think any other GIAC cert would be a good base as well, although it gets expensive pretty quick.

Infosec can be broken down into a lot of sub-branches, and depending on where you work, you might do a little of a lot of things, or do a lot of just one or two things.

JDMurray

This thread moved from the Security Certification forum. Much more IT career advice available here in the IT Jobs/Degrees forum.

Everyone

You're going to need a security clearance to work in this field in all of the agencies you mentioned.

Security+, which it sounds like you already have, is the bare minimum requirement for these jobs within the government.

Forensics is its own beast, and probably one of the tougher areas to get into, as there aren't many positions out there for it. I know that several companies are competing for contracts with the FBI to run their Regional Computer Forensic Labs. The contract should be awarded later this month. I've seen listings from both General Dynamics, and Lockheed-Martin, as well as other smaller contractors for these jobs right now. They're more Systems Administrator type jobs, but could be a gateway into the Forensic world.