Computer Forensic Career Advice Needed

Madmd5

Hello all!

I have been researching a lot lately on possible career paths and I think I may have found what interests me the most. I would like to get into the cyber security field, specifically being either a forensic analyst or investigator or hacker: something dealing with digital evidence and computer crimes. I am currently enrolled as a full-time student at my local community college and will obtain my associate's degree in computer & information science this spring. I am also taking classes to obtain a certification in computer forensics while at community college. From there, I plan on transferring in the fall of 2013 to a 4 year school where I will major in Cyber Forensics & Information Security and hopefully receive my bachelor's degree, possibly even someday masters. For now though, I would like advice on possible certs to obtain in the mean time while I am still in school. I currently have no certs or relative IT experience at all. I am currently studying for the A+ which I hope to take and pass this spring. My next step would be to obtain an N+ cert but it's offered as a course in my degree program so not too worried about that. My next plan would be to obtain the Sec+ sometime before or around my graduation date in 2015. Below is my temporary plan for certs and degrees:

currently: no certs or relative IT experience
Spring 2013: pursue compTIA A+
Spring 2013: receive my associates degree
Spring 2014: pursue compTIA Network+ (offered as course in my degree program)
Spring 2015: pursue compTIA Security+
Spring 2015: receive bachelor's degree in Cyber Forensics & Information security

Now I have made a thread before about my career path and others advised me to also get some Cisco certs in sometime between my other 3 certs. I also have been researching a lot lately and found a few other certs I'm interested in (CEH, CHFI, ESCA). Now i realize those certs mentioned above require IT hands-on experience so I'm okay with waiting for those until after I graduate and gain experience. My question is if i do want to be involved in computer forensic career, such as a examiner, analyst, investigator, etc. would A+ benefit me at all? or should I just skip over that one? Also, as stated previously, others advised me to work on getting some Cisco certs too, would this still be the case? If you could please help me out here I would really appreciate it!

Thanks in advance guys!

Quantumstate

You're on the right track. If I were you I'd volunteer for an IS internship at little or no pay, to help get the hours.

CEH has not really helped me. OSCP is the highest respected cert, at least in the Black Hat world.

The ultimate career goal would be CISO and EC Council offers their cert... although it's hardly recognized, the term CISO is.

the_hutch

Sounds like you've got it pretty well figured out, at least for short term. You might be interested in the idea of security and forensics long term...but until you start really getting your hands dirty...there is no way to be sure. CompTIA is always a good place to start because it covers a large breadth of topics, instead of a few topics in depth. This will give you exposure to different areas of IT and should help you to better develop your interests and help you to decide what areas you want to further pursue.

In my opinion, the EC-Council certs (CEH, ECSA, CHFI) are more of a novelty than a practical business investment. They sound exciting and impressive, but when it comes to people who actually know anything about them, they prove very little. Not any of them are difficult tests. And don't expect them to be an automatic ticket into information security or forensics. Because this is rarely the case.

...That being said...its not a bad thing to have them. Like I said...to the non-technical person, they look very impressive. And they can help advance your career too. If you have a non-technical manager who finds out you have those certs...or even a technical manager who doesn't know much about EC Council exams...he might throw a promotion your way. But if I had to do it over again...I'd probably save my money and just do CISSP and then move along to OSCP (which is currently the plan for 2013).

JDMurray

Madmd5 wrote: »

a forensic analyst or investigator or hacker: something dealing with digital evidence and computer crimes.

This is a career either in a law firm as a legal (eDiscovery) analyst or in law enforcement as a forensic analyst. For these career goals, IT certifications should be a "nice to have" and not your main objective. You need to be primarily learning the legal system, law enforcement studies, and looking to intern at an FBI regional computer forensics lab. Consider degree programs in criminal justice and avoid programs that seriously use the word "cyber," as it's just a marketing catchphrase.

coty24

Do you think a cyber security degree is ill advised? I was looking at some Masters options and Bellevue's MS in Cyber Security intrigued me. Not trying to hijack the thread; please inform me OP if you feel that I am.

the_hutch

coty24 wrote: »

Do you think a cyber security degree is ill advised?

I don't think JD was suggesting that an MS in cyber security is necessarily a bad thing. More that cyber security is not the best route if you are looking at doing criminal data forensics. If you are in (or looking to get into) network security...an MS in cyber security could definitely give your career a good boost.

Madmd5

Funny you should mention network security @hutch because I'm also interested in that area of security as well as computer forensics. Would the certs for each area of security be that different? or is the A+, Network+, Sec+, CCNA, CCNA: Sec a good starting point for both careers? This is what the college says about their goals for educating students:

Five years after graduation the graduates should be:

1. Contributing to the work force in their specialty such as but not limited to information security, network/Internet security, cyber forensics, computer forensics, or digital forensics.

JDMurray

Colleges look for the latest marketing buzzwords to attract students for enrollment in their degree and certificate programs. A program that describes itself using the word "cyber" is not necessarily bad, but don't automatically assume that it's good. For example, I would be very suspicious of any program named "cyber justice," "cyber analyst," or "cyber investigator." Those names don't exist in the real world.

Madmd5

Well after researching and considering different possibilities, I may actually decide to enroll at WGU and pursue a bachelor of science in IT - security. I think they offer more bang for your buck and if I go on and decide to pursue the M.S. in ISA there, they have certs that also pertain to computer forensics. So I guess I'll get the best of both worlds and interests of mine haha

swild

I just interviewed for a Cybersecurity Investigator position at a state agency and the certifications that they were looking for are CISA, CCNA, and Associate of ISC2 or CISSP. They also liked my BS in IT Sec from WGU.

A+, Net+, and Sec+ are a great place to start your education, but don't expect to get anything more that a help desk/entry level role with these.

My next steps are to get the CISA and go for a Masters.

I don't believe that anything from EC-Council is worth the time or money.

Valsacar

swild wrote: »

I don't believe that anything from EC-Council is worth the time or money.

I agree! CEH is only good if your working in the DoD world, for some reason they think it's good. CHFI (I just got due to WGU) is useless IMO. I found both exams to be ridiculously easy, and the organization itself to be highly unprofessional. I'll put CEH on my resume, since I work in the DoD world, but CHFI I doubt I would unless it looks like it is something that organization really wants to see.

Madmd5

It sounds to me like E-Council is generally not liked in these forums. Are they really that bad? or is it like hutch said, they are more of a novelty then of real-world use? I mean I plan on enrolling at WGU BS IT: security in the fall and then possibly their MS: ISA and as of now two of the E-Council certs are integrated as part of the curriculum. Is the general feel that these two certs (CEH, CHFI) aren't worth the time? Even if I have a great interest in the forensic field?

JDMurray

EC-Council has gained a sub-par reputation for their apparent lack of customer service and the substandard quality and content of their certification exams. I've never seen any of their actual courseware, so I can't speak of it, but I would certainly love to review their materials for my blog.

As to the worth of the CEH and CHFI, the CEH certification certainly got a big marketing (and price) boost by being accepted for DoD Directive 8570.01. I don't know how much of that is due to the content of the exam, the need by the DoD to have a "hacking" cert on its list, and the aggressive selling pressure applied by EC-Council on the DoD. The CEH's acceptance by the DoD has certainly made it appear more valuable for people looking for US defense-related work.

I do recommend that you should search job postings on the popular job boards and see how many employers bother to mention the EC-Council certs. The CF/DF community seems to hardly recognize the CHFI at all.

swild

I bought the official CEH courseware on ebay from a student who attended an official class. The CD was filled with a bunch of software packages that are all freely available to be downloaded online. The 2 huge books were nothing more than powerpoint slides printed out. The content of the books was nothing more than introductory (e.g., with Wireshark, you can do network protocol analysis, here's a screenshot. With Metasploit, you can do vulnerability analysis. Here's a screenshot.) Completely stuff that could be found on the programs own webpage. I'm just glad I didn't spend the money on the exam voucher. With that level of content, the certification really doesn't carry any weight with me.

I'm not sure what exactly they had to do to get on the DoD standard, but it couldn't have been much.

As far as real world use is concerned, just buy the Wireshark, Metasploit, and NMap books. You will learn much more that way.

the_Grinch

I'd agree that Criminal Justice is probably the route to go. Generally speaking, for law enforcement in the US, any degree will do the job. That being said I would probably get a minor in IS along with the Criminal Justice degree. Any school worth their salt usually will over courses dealing with cyber crime as part of their program in CJ (example: Criminal Justice < 2012-2013 Catalog | Drexel University). You'll see there that they have a track in Cybercrime.

If you decide you want to stick to the IT related degree I'd suggest getting a general IT/IS degree that maybe offers a specialization in Information Assurance. I say this because my degree has security in it's name and I missed out on a lot of jobs based on that fact. Employers would literally say "you won't be doing security so I don't think you'll be interested." Experience is king so you'll want to get some IT experience. Maybe IT support at a law firm that does eDiscovery so that you have somewhere to move to after doing your time.

Cert wise you are on the right track. The FBI requires A+ and N+ for their forensic examiners (along with a degree). If possible, see if you can shadow someone that does computer forensics because I see a lot of people finding out it isn't what they thought it was. As far as EC-Council goes, the CHFI is definitely worthless. Any posting you find for a forensic investigator will not have that listed. Encase and AccessData seem to be the major two that people look for, but there are others.

If law enforcement is your aim you are looking at just getting in somewhere and doing your street time before doing any real forensics (unless you are going Federal and it's a Special Agent position). Depending on the size of the agency they may have a dedicated digital forensics team or they may outsource it to the county/state.