Building a career path towards Cyber Security Expert

learner@shri

Hi, this is shri from India.Glad to be part of this community, its been a long search & wait till today finding a proper place where someone can guide me. very sadly tried many counselors, forums but there's no one who actually advise me whether I'm on right track or not & on which path I should go.with Hope to get advise from Experts here let's get started.

My aim is to be Cyber Security Expert & I am not sure what it takes to be a CSO(Chief Security Officer) but as of now only thing I know & I'm following is HARD WORK. Currently I have RHCE & ASCL Certified Digital Evidence Analyst Certifications.

I am planning for Security+ & CEH but the Lack of Training Centers specifically Faculties who themselves not practitioner & just certified few years ago & now teaching, in addition CEH Course criticized in India by Security Professionals as it's lacking to provide in depth & core knowledge. Anyways I won't waste mine & yours time on this, after going through some posts & articles here I found- CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide- this is Key towards succeeding in security+, are the other books suggested too? or this will do the job? a similar sort of Study work can be done for CEH? it's illegal talking here..sorry for that...but entire CEH course can be downloaded so that will help? because I won't waste money on Classroom Training. CEH covers everything including SQL attacks, injection, xss?

Next step will be which certifications- CISSP,CISM,,CIWSA,CISA p?I have been advised by a friend to specialize in at least one OS, so is it going to be useful?I'm trying get them done within span of this Year as I am looking forward enrolling MASTER's in Cyber Security Program either in US or UK next year.
After MS, a Ph.D is advisable? but couldn't find relevant field yet for Ph.D all belongs to Computer Science.

By the way I have bit confusion between Security auditor, Digital Forensic Professional, Security Management Professional?

Some questions, doubts may sound Childish,stupid pls bare with me :)A path towards Cyber Security Expert & then to CSO is way long journey but am I going on right way, kindly have your helpful words.

afcyung

For Security + you will want this book Amazon.com: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (9781463762360): Darril Gibson: Books the 201 exam was retired on 31 Dec of 2011. As for what certs you should get, you want to read this thread http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html specifically Keatron's post about the coke cans.

Also your goal to complete the CISSP,CISM, and CISA in one year is probably an unreasonable goal. Many of the higher end security certs require 4-5 years of verifiable Information Security experience to be certified anyway so rushing through them even you are able to pass the exams would provide little value to you as you appear to lack the experience that these certs try and tie together.

As for the different positions in security check out this thread and read Keatron's post http://www.techexams.net/forums/security-certifications/24759-need-helping-chosing-security-certification.html

Check out the Security Cert forums on this site it has answers to most your questions. Hope this helps.

GoodBishop

afcyung wrote: »

For Security + you will want this book Amazon.com: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (9781463762360): Darril Gibson: Books the 201 exam was retired on 31 Dec of 2011. As for what certs you should get, you want to read this thread http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html specifically Keatron's post about the coke cans.

Also your goal to complete the CISSP,CISM, and CISA in one year is probably an unreasonable goal. Many of the higher end security certs require 4-5 years of verifiable Information Security experience to be certified anyway so rushing through them even you are able to pass the exams would provide little value to you as you appear to lack the experience that these certs try and tie together.

As for the different positions in security check out this thread and read Keatron's post http://www.techexams.net/forums/security-certifications/24759-need-helping-chosing-security-certification.html

Check out the Security Cert forums on this site it has answers to most your questions. Hope this helps.

Admittedly, I got the CISSP, the CISA, and CISM all in the same year. So it is possible. It was very difficult though.

learner@shri

Thanks guys for replying.
Dear afcyung, I gone through the all comments on both the threads. but not able to find answer to some of my doubts.

uncleared doubts-
CEH Certification query

I'm not planning to do all- CISSP,CISM,,CIWSA,CISA certifications in one shot, in fact that's what I have asked whether I need all certifications or some of them will benefit me? within span of year along with Sec.+ which certifications can be done?

by the way I also had question whether to pursue a Ph.D or not? which field I should look for?

One thing is clear enough-that CISSP needs industry experience because then it will be actually a worth having it, as even if I complete CISSP now in next few years during Masters & Ph.D I won't be able to do much practice. So I have to consider doing it while on the Job or will see if I can do it concurrently.

@goodbishop- sir, can u tell me I'm on right path in terms of choice for Master's studies & certifications I've done only two so far but more importantly I got good practice while doing so. Have words on how to proceed with? how to plan out things so that a little mess is there.

you did ur best but just have a look if you can guide me on the remaining

qwertyiop

GoodBishop wrote: »

Admittedly, I got the CISSP, the CISA, and CISM all in the same year. So it is possible. It was very difficult though.

In which order? I'm planning to start working on those as soon as I graduate this upcoming April.

Turgon

learner@shri wrote: »

Hi, this is shri from India.Glad to be part of this community, its been a long search & wait till today finding a proper place where someone can guide me. very sadly tried many counselors, forums but there's no one who actually advise me whether I'm on right track or not & on which path I should go.with Hope to get advise from Experts here let's get started.

My aim is to be Cyber Security Expert & I am not sure what it takes to be a CSO(Chief Security Officer) but as of now only thing I know & I'm following is HARD WORK. Currently I have RHCE & ASCL Certified Digital Evidence Analyst Certifications.

I am planning for Security+ & CEH but the Lack of Training Centers specifically Faculties who themselves not practitioner & just certified few years ago & now teaching, in addition CEH Course criticized in India by Security Professionals as it's lacking to provide in depth & core knowledge. Anyways I won't waste mine & yours time on this, after going through some posts & articles here I found- CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide- this is Key towards succeeding in security+, are the other books suggested too? or this will do the job? a similar sort of Study work can be done for CEH? it's illegal talking here..sorry for that...but entire CEH course can be downloaded so that will help? because I won't waste money on Classroom Training. CEH covers everything including SQL attacks, injection, xss?

Next step will be which certifications- CISSP,CISM,,CIWSA,CISA p?I have been advised by a friend to specialize in at least one OS, so is it going to be useful?I'm trying get them done within span of this Year as I am looking forward enrolling MASTER's in Cyber Security Program either in US or UK next year.
After MS, a Ph.D is advisable? but couldn't find relevant field yet for Ph.D all belongs to Computer Science.

By the way I have bit confusion between Security auditor, Digital Forensic Professional, Security Management Professional?

Some questions, doubts may sound Childish,stupid pls bare with me :)A path towards Cyber Security Expert & then to CSO is way long journey but am I going on right way, kindly have your helpful words.

You are too focussed on certifications although yes they are relevent. You have the ambition. Focus now on getting some work experience as a security professional for a few years. It's a competitive field that is swarming with people who either have the experience or say they do but dont. Work for someone who has for a few years and be a good assistant.

learner@shri

^ will give it best try & look forward enrolling in a Security Firm as internship in our Vacations. Certifications because that will Certainly clear many more concepts related to respective field & it will benefit while pursuing Masters & later working as It won't be complete NOOB entry. Yes experience is Most important factor & I will surely take ur advise for granted. thnx buddy

paul78

Turgon wrote: »

You are too focussed on certifications although yes they are relevent.

Very well said.

Turgon

paul78 wrote: »

Ver well said.

Yup. He needs to be a Jedi's b!tch for a few years and learn the ropes.

kurosaki00

In the long term I want to work in Network Securit - Forensics
For now, I just want experience experience!

I think you should set short, medium and long term goals for the career path.
And go little by little to achieve them.
For example
Get Networking experience, you get a job. Stay for X amout of time. Determining X = many reasons and individual to each.
Get specific cert
Move to certain job ( either new level, or with a new focus to learn certain abilities)
Get certs/degree/knowledge
move on, and so on and on etc

qwertyiop

It all come's down to getting some experience.

Besides the fact that I have some certs and am finishing my Masters degree I choose to continue my my career as a IT Manager/Admin because many of the Security positions outhere are actually hybrid Admin/Security positions and many companies outhere require their security personnel to to have a strong networking and admin background (both windows and linux)

UnixGuy

You need to combine three things: experience + certifications + education.


Try to get a job that has security related tasks. You are an RHCE, this is a good start. Any system administration/engineering positions involves security tasks, so work on this area and try to move to a security-oriented position.


Even if CEH is criticized, I don't see how learning the CEH topics and taking the exam is going to hurt you. Get the certification, learn everything, and move on to the next target. You will always find people who try to belittle certifications/qualifications, don't listen. If a certification doesn't help you, at least you learned something. I recommend CEH, OSCP, CISSP, and SANS certs. and a lot of practice.


Education: If you already have bachelors degree, keep the masters degree option in your mind. It will boost your career and knowledge if you choose a program carefully. Find a specialized program in a reputable university.

anandtya

HI All,
Please help to let me out from confusion, i am 36 year old and have IT PG degree with 5years Information Security experience with hand on (Firewall, IPS/IDS, Mail Gateway solution, Wan Load balancer, NAC solution), now i want to be an security expert.
What all certifications required to be an Info Sec Expert required and how i can achieve so that in short term get my goal.

Or please guide the best solution.
Regard

Aditya

chanakyajupudi

You can get a job in Security with just your experience. Where do you work right now ? If you are working in India. I might be able to help you out with that. you can start searching for Network Security Jobs. Lots of them are open now. COLT , JP Morgan , Wells Fargo and Nokia are right now looking for Network Security.

If you are looking for certs then Security+ may be very easy for you. Start with the CEH as thats mandatory for many a company in India.

Cheers

Chanakya