question on path to security
Hello I have a+ and network+. I am considering choosing security as my future career and my ultimate goal. I just want to know which path to take in the matter of certifications? i know security+ is a good start, but after that, do i have to go for more advanced security certificates? or i should reinforce my network knowledge by some other certifications like CCNA or microsoft certifications. i want to know how much knowledge of network do i need in order to be successful in my security career? thanks in advance
Comments
-
quinnyfly Member Posts: 243 ■■■□□□□□□□You are right on the money, you need to do certs that increase your knowledge on security topics with a focus on networking, I would suggest either the CCNA or the MS track. You need Sec+ first as you say, because it is the foundation-level security cert. After you have your sec+, it may give you some idea on what area of security you might like? Some like pen-testing and others enjoy the auditing/analyst track, there are several domians covered by internet security, again the sec+ might give you some idea on which one appeals to you since it very basically touches on a few of them.
You will be better informed after that to decide on which certs to take.The Wings of Technology -
dajohnso Member Posts: 11 ■□□□□□□□□□From what I've seen in the Security Department at a large financial company is that the employees went with Security+ then on to some more advanced Security certifications. I'm not familiar with the certification names so I do appologize but they definitely weren't CompTIA, MS, or Cisco.
-
paul78 Member Posts: 3,016 ■■■■■■■■■■Security is very broad and networking is a sliver of infosec. It depends on what aspects of security you are interested in. The base certification is CISSP. Pretty much all my peers hold that cert. Infosec managers will also hold a CISM or CIPP. Risk folks will hold CRISC. IT auditors, testers, and managers hold CISA. Forensics hold GCFA and similar. Pent testers hold CEPT, CEH, GWAPT, OSCP, GPEN depending on whether they focus on applications, networks, or infrastructure. The incident managers hold GCIH or similar. And pretty much all the privacy attorneys hold CIPP. That the sample in my company anyways. No disrespect intended for Comptia, but with our security organizations, folks dont typically mention security+, at least not to me. But as a starting point, I think its a good place as any. Welcome to the practice of information security and risk management.