New Security Job

I have been working senior help desk for about 3 years now and recently the company I work for wants to train me to become more focused on the security aspect of the infrastructure. Right now to start off I will not be doing any in depth specific tasks, like penetration testing or forensics, but I will be doing audits, patch maintenance, AV, firewalls, policy, encryption, endpoint maintenance, etc.

I am currently going to a technical school and hope to graduate in the spring with an AAS in network administration. I have the A+, Security+ and have gone through the CCNA academy (just not taken the test yet).
My boss wants me to look at possible training/certifications. I am looking at it for this next year and the 5 year plan. The CIO hears all these acronyms thrown around, CISSP, GSEC etc. and thinks that they would be great to have. I agree that there is respect with having those certs, but I feel for my level of experience those would be 3-5 years away.

So I know that there are multiple threads on this subject and I have read through them, but I still wanted a place to put my thoughts etc.

My plan is to study and pass the CCNA and then look at what the next step might be. What is an intermediate cert before the GSEC or CISSP? The SSCP or should I take a look at the GCWN or a MCITP track?
Any pointers or direction would be great, thanks!

Find more posts tagged with

Comments

JDMurray

A big part of your decision will be how much budget will your employer give you to obtain training and certifications?

With your training, you should do at least CCNA:Security. The Security+ material helps with this. You can then determine if the CCNP or CCSP route is best for your job.

After Cisco, don't forget about other vendor certs for equipment that you may use, such as Juniper.

With your experience, the SSCP should be on your near-term list too. It's a "real" security cert. The SSCP not only costs $$$ to get, but also a yearly "maintenance" fee (check if your employer will pay for such a thing too).

The GSEC is an excellent cert to get, and there is no work experience requirements, but the class and cert will run you about $4K, not including the hotel stay. Will your employer pay for that? Maybe this is a long-term cert if the money is not there right now.

CISSP is definitely on your long-term list for the full cert. However, you can take the exam at any time, but you'll pay $35/year for the "Associate" designation. No real hurry on this; you should concentrate on the technical learning for now.

Getting certs like GCWN and MCITP will depend if they are relevant to your work.

the_Grinch

I agree with JD, you definitely want to get certified in the technology you are going to work with. MCITP in you'll be doing audits/security on Windows (I'm going a review on Thor's Microsoft Security Bible, pretty good read and covers a lot of different aspects of Windows Server 2008 security). From there you can bounce around the various security certs available based on your various job functions.

SilverGenius

We run Windows XP, 7 and the servers run 2003 and 2008. We have a couple of Unix and Linux boxes but I think it will be a while before I do anything with them. All our router equipment is Cisco for now, although we have been replacing the Cisco switches when they die with some Dells.
My boss said he is not opposed to sending me to the SANS training for the GSEC, so maybe I will take a better look at that.