IT security Career certification path

saadoon

Hi All,

I have a bachelor degree in IT, i need to take some certifications.

I`m very interested in IT Security, what i want to know is with certification path i should start with.

Should i start with CompTia N+ then S+ and decide to go for Cisco or Microsoft vendors ? or i can skip the N+ ?


Thanks In Advance

YFZblu

Often times the network is the medium by which an attack is facilitated - do not skip the networking.

Also, this question has been asked a lot recently. So a quick forum search should help.

rowelld

Which part of IT Security are you more interested in? Configuring firewalls, application security, incident management, security policies, wireless security, access control, VPNs, etc etc?

I'd say learning Network+ and getting a Security+ would be a good start to a foundation.

cjthedj45

Hi Saadoon,

I see you have just got an IT degree. Did you cover any IT security in the degree? I have not done a degree but believe they are very broad in terms of what you need to learn. The Comptia exams are vendor neutral so are also quite broad. If this has been covered in your degree then you may not need it. I would say check the learning topics in the comptia exams and see if you have already covered it. If you have then you may not need it. I do think the comptia exams are good for broadening your knowledge but they may not win you a job. The Vendor exams hold more weight in my opinion. If you are just starting out then you may find it difficult to go straight into a security job. I also want to specialise in security and working as a network engineer has helped me achieve this. Ideally I want to work in a pure infosec role but as networks and security have quite an overlap im finding myself do a bit of both at the moment. I have just bought a book that was recommended by someone on the forums called hackers exposed which is proving a very good read. If you want to work in Security you have to be prepared to read a lot as you need to be able to keep yourself updated with all the latest threats etc. I got a lot of emails from Infosecurity - the online magazine dedicated to the strategy and technique of information security and sites like this to stay up to date.

Kasor

Get a job first in system/network admin before even talk about security. There is no way anyone will get a job just before they got a BS of IT and certification. Security is not for everybody and properly only 5% of IT work force is dealing with security (not only looking at log, but actually analyze the traffic flow, malware, exploit the vulnerability and re-engineering the threat against the intrusion, deploy countermeasure....) Being a ITSEC is more than just few certification and education. Experience is everything and learn everything you can in IT system. However, I still believe that BS or CS and IS are the only two usual major. All those specific program that dealing with IT Security/IA/Web, if and only if you can get a job or you better be on top 10%. Otherwise, they are waste of money.

akazero

In terms of certification, I would skip security+, just go do CISSP as an associate after you get some general IT (sys/network admin) experience. On your CV you can always list yourself as "associate of ISC2, passed CISSP exam". This way you get the benefit of "keywords" without being untruthful.

emerald_octane

"Associate of (ISC)2 (working) toward CISSP". Anything else and you might get in hot water with ISC2. The "working" part is optional. They use both.

Complete_IT_Professional

I think that you should get a job using your current certifications, and then look to get some of the ISC2 certifications at a later date. The CISSP is one of the most highly-regarded in the industry, but it takes a while to get there. They do offer lower-level certifications in the industry.

SephStorm

Now when you say highly regarded...