InfoSec Career Paths?

johny.xmarks

Hey guys,

First of all, congrats on the website/forum. I have found lots of useful here (I've consulted the site for almost a year now), so I decided to register...

Now, to the point.

I am a fresh computer science grad, currently working in customer support (temporarily - till i manage to start an infosec career). My wannabe-infosec adventure began when I wrote my Bachelor Thesis - "Computer Network Security by Intrusion Detection Systems". Of course it was relatively superficial, since I had zero experience on it, but completing it was more than enough to spark my interest for the infosec world.

I am also trying to get enrolled in a Master's Degree (Cybersecurity). My understanding is though, that certifications are mandatory in the infosec world. (a simple search for infosec jobs online and the DoD 8570 directive indicate that someone MUST be certificated to have a career).

So, my question is...what are the possible career paths in the infosec industry? Because my understanding is, that only 2 exist. Managerial and Technical. Now, I might be wrong here, but I trust you guys will correct me...

Managerial would be Security+ > GSEC > CISSP ?

Technical would be Security+ > SSCP > CEH?

Are these examples correct? Are these the "only" paths? What else is there? And to what kind of jobs does each path lead to?

Excuse me for the long post, but I am kinda excited & a noob as far as infosec goes.

ptilsen

There are a lot of paths out there. One thing I will say though is that from everything I've seen, CISSP is pretty much your primary goal until you have it. While yes, it doesn't get too deep into technical security, pretty much any security professional should get it at some point.

If you look at the GIAC "Roadmap", that can help you get a decent idea of some of the specializations. GIAC is not necessarily the only or best way to go, but it at least will give you some insights into security careers.

For offensive security and penetration testing, the Offensive Security offerings are considered top-notch. For network security, CCIE: Security is another path. There is EnCE and some others for forensics.

I will let the actual security professionals go further in-depth here, but I wanted to share my own findings from looking into this subject. There are a lot of paths, and it would be wrong to think that you're limited or even best of with simple certification paths such as S+ > SSCP > CEH.

kurosaki00

what exactly in infosec you want to do?
networking? programming? ids? ips? forensics? etc

this thread is recent and has a lot of good info

http://www.techexams.net/forums/general-certification/74340-building-career-path-towards-cyber-security-expert.html

docrice

Certifications may or may not be mandatory depending what the particular organization that you're applying to thinks about them and it's also highly dependent on the kind of path you want to take. It gets more complicated than just managerial vs. technical.

http://www.sans.edu/research/leadership-laboratory/article/path-to-infosec

johny.xmarks

ptilsen wrote: »

If you look at the GIAC "Roadmap", that can help you get a decent idea of some of the specializations. GIAC is not necessarily the only or best way to go, but it at least will give you some insights into security careers.

...it would be wrong to think that you're limited or even best of with simple certification paths such as S+ > SSCP > CEH.

You sir, are gold! That roadmap was what I was looking for, just as a reference point. I am trying to figure out what the possible paths are, so that I can choose.

johny.xmarks

kurosaki00 wrote: »

what exactly in infosec you want to do?
networking? programming? ids? ips? forensics? etc

this thread is recent and has a lot of good info

http://www.techexams.net/forums/general-certification/74340-building-career-path-towards-cyber-security-expert.html

Well, pretty much everything except programming. As I said, I am trying to figure out what I like the most, but first I have to find out what the possible paths are.

What certification organizations besides ISC^2, COMPTIA and GIAC are there?

johny.xmarks

docrice wrote: »

Certifications may or may not be mandatory depending what the particular organization that you're applying to thinks about them and it's also highly dependent on the kind of path you want to take. It gets more complicated than just managerial vs. technical.

Varied Paths Taken to Information Security Competency

Yes, those testimonies are truly interesting. It seems that anyone can become an infosec pro these days...NOT. I had no idea this could be such a broad field.

Psoasman

Take a look through this post. Anything by Keatron is excellent.

http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html

johny.xmarks

Psoasman wrote: »

Take a look through this post. Anything by Keatron is excellent.

http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html

Thank you, saw it! That guy is an InfoSec guru...

beads

The field is tremendously large and sometimes a bit unwieldy at first glance. One hidden gem to keep in mind as a recent CS grad is to learn or keep up your development skills - particularly scripting. A great deal of security patches and maintenance uses scripts of some sort, even custom code so you have a leg up on many of us who simply went on to infrastructure and now finding ourselves relearning code practices again.

- beads

gabypr

Like others have said, the InfoSec career can be started in many ways. You can follow a single vendor certification path or multiple vendor certification path. SANS for example have many security certifications, but you take another route to mix different vendors to have a more abroad knowledge of security. For example you can start with CompTIA Security+, then take Windows 7 (70-680), then ISC SSCP, then EC-Council CEH and so on.

EC-Council have many security certification covering many aspects such as Forensics, Disaster and Recovery, Ethical Hacking, Licensed Penetration Tester and others. You can check their certification list EC-Council | Courses which now received accreditation from the American National Standards Institute (ANSI).