InfoSec Career Paths?

johny.xmarksjohny.xmarks Registered Users Posts: 5 ■■■□□□□□□□
Hey guys,

First of all, congrats on the website/forum. I have found lots of useful here (I've consulted the site for almost a year now), so I decided to register...icon_cool.gif

Now, to the point.

I am a fresh computer science grad, currently working in customer support (temporarily - till i manage to start an infosec career). My wannabe-infosec adventure began when I wrote my Bachelor Thesis - "Computer Network Security by Intrusion Detection Systems". Of course it was relatively superficial, since I had zero experience on it, but completing it was more than enough to spark my interest for the infosec world.

I am also trying to get enrolled in a Master's Degree (Cybersecurity). My understanding is though, that certifications are mandatory in the infosec world. (a simple search for infosec jobs online and the DoD 8570 directive indicate that someone MUST be certificated to have a career).

So, my question is...what are the possible career paths in the infosec industry? Because my understanding is, that only 2 exist. Managerial and Technical. Now, I might be wrong here, but I trust you guys will correct me...icon_lol.gif

Managerial would be Security+ > GSEC > CISSP ?

Technical would be Security+ > SSCP > CEH?

Are these examples correct? Are these the "only" paths? What else is there? And to what kind of jobs does each path lead to?

Excuse me for the long post, but I am kinda excited & a noob as far as infosec goes.

Comments

  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    There are a lot of paths out there. One thing I will say though is that from everything I've seen, CISSP is pretty much your primary goal until you have it. While yes, it doesn't get too deep into technical security, pretty much any security professional should get it at some point.

    If you look at the GIAC "Roadmap", that can help you get a decent idea of some of the specializations. GIAC is not necessarily the only or best way to go, but it at least will give you some insights into security careers.

    For offensive security and penetration testing, the Offensive Security offerings are considered top-notch. For network security, CCIE: Security is another path. There is EnCE and some others for forensics.

    I will let the actual security professionals go further in-depth here, but I wanted to share my own findings from looking into this subject. There are a lot of paths, and it would be wrong to think that you're limited or even best of with simple certification paths such as S+ > SSCP > CEH.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • kurosaki00kurosaki00 Member Posts: 973
    what exactly in infosec you want to do?
    networking? programming? ids? ips? forensics? etc

    this thread is recent and has a lot of good info

    http://www.techexams.net/forums/general-certification/74340-building-career-path-towards-cyber-security-expert.html
    meh
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Certifications may or may not be mandatory depending what the particular organization that you're applying to thinks about them and it's also highly dependent on the kind of path you want to take. It gets more complicated than just managerial vs. technical.

    http://www.sans.edu/research/leadership-laboratory/article/path-to-infosec
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • johny.xmarksjohny.xmarks Registered Users Posts: 5 ■■■□□□□□□□
    ptilsen wrote: »

    If you look at the GIAC "Roadmap", that can help you get a decent idea of some of the specializations. GIAC is not necessarily the only or best way to go, but it at least will give you some insights into security careers.

    ...it would be wrong to think that you're limited or even best of with simple certification paths such as S+ > SSCP > CEH.

    You sir, are gold! That roadmap was what I was looking for, just as a reference point. I am trying to figure out what the possible paths are, so that I can choose.
  • johny.xmarksjohny.xmarks Registered Users Posts: 5 ■■■□□□□□□□
    kurosaki00 wrote: »
    what exactly in infosec you want to do?
    networking? programming? ids? ips? forensics? etc

    this thread is recent and has a lot of good info

    http://www.techexams.net/forums/general-certification/74340-building-career-path-towards-cyber-security-expert.html

    Well, pretty much everything except programming. As I said, I am trying to figure out what I like the most, but first I have to find out what the possible paths are.

    What certification organizations besides ISC^2, COMPTIA and GIAC are there?
  • johny.xmarksjohny.xmarks Registered Users Posts: 5 ■■■□□□□□□□
    docrice wrote: »
    Certifications may or may not be mandatory depending what the particular organization that you're applying to thinks about them and it's also highly dependent on the kind of path you want to take. It gets more complicated than just managerial vs. technical.

    Varied Paths Taken to Information Security Competency

    Yes, those testimonies are truly interesting. It seems that anyone can become an infosec pro these days...NOT. I had no idea this could be such a broad field.
  • PsoasmanPsoasman Member Posts: 2,687 ■■■■■■■■■□
  • johny.xmarksjohny.xmarks Registered Users Posts: 5 ■■■□□□□□□□
    Psoasman wrote: »

    Thank you, saw it! That guy is an InfoSec guru...
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    The field is tremendously large and sometimes a bit unwieldy at first glance. One hidden gem to keep in mind as a recent CS grad is to learn or keep up your development skills - particularly scripting. A great deal of security patches and maintenance uses scripts of some sort, even custom code so you have a leg up on many of us who simply went on to infrastructure and now finding ourselves relearning code practices again.

    - beads
  • gabyprgabypr Member Posts: 136 ■■■□□□□□□□
    Like others have said, the InfoSec career can be started in many ways. You can follow a single vendor certification path or multiple vendor certification path. SANS for example have many security certifications, but you take another route to mix different vendors to have a more abroad knowledge of security. For example you can start with CompTIA Security+, then take Windows 7 (70-680), then ISC SSCP, then EC-Council CEH and so on.

    EC-Council have many security certification covering many aspects such as Forensics, Disaster and Recovery, Ethical Hacking, Licensed Penetration Tester and others. You can check their certification list EC-Council | Courses which now received accreditation from the American National Standards Institute (ANSI).
    EC-Council Master in Security Science M.S.S [Done]

    Reading Project Management Professional (PMP) Certification Exam prep by Sohel Akhter
Sign In or Register to comment.