Cert/Career Advice for an IT newb

Sgcgeek78

Hello all, an IT newbie here with a question of what to do/pursue next. When I decided to go back to school a few years ago to finish up my bachelor's I searched around to see what was a good degree to major in. The answer that came back to me from almost everyone I asked was two words: computer security. Computer security was the hottest thing since sliced bread it seemed so I figured why not get a degree in it, and when I graduated I'd have to beat the job offers back with a stick.

Well as I'm sure you've no doubt guessed by now, that plan didn't exactly turn out to be aligned with reality. Computer security is indeed a hot field right now, but it's not exactly a field that someone with no IT experience can just walk right into. If someone had explained that to me before I majored in it (my degree is actually in Information Assurance and Security) I probably would have majored in computer science instead, but that's water under the bridge at this point.

So I find myself trying to figure out which direction to go from here. I've been applying to jobs since I graduated last May, at first I was all super optimistic that I could get a job in computer/information security, however after months of sending in resumes and cover letters I've had to lower my sights. I decided that a help desk job was probably my best bet, but alas even that has proved a bit elusive. I don't have any certs at the moment, though I've got an exam test date to take the Comptia Security + exam on the 19th of this month as that one seems to be a standard requirement for any government/government contractor position.

My main question is what cert should I get next? I know everyone generally says the Comptia's (A+, Net +, Sec +) are a good starting point for newbs, but other than the Sec + one the other two seem to be a waste of money to me (though if I'm wrong on that please do tell me). It would seem almost a no brainer that since my degree was in security I should stay with that theme when getting certs, but having looked over some of the main security related certs (SSCP, CISSP) I'm not sure they would really benefit me given my complete inexperience. I know there is a CCNA security cert, but if I'm gonna get a cisco cert the regular CCNA seems to be a better fit as it would probably open more doors for me with my lack of experience.

I'm not wedded to computer security mind you, it's just where I thought I'd have the easiest time getting a job. I have no qualms about going another route such as going towards the networking side of things, I'm just not sure what my next step should be. Any advice or tips you can offer will be greatly appreciated. Thanks for your time.


Edit: If this is in the wrong section a moderator can by all means move it. Also having taken some time to explore this forum more in depth it would appear that indeed the A+ and Net+ are a waste of money, but a waste I'll probably have to suck up if I even want to obtain a help desk job. You'd think that employers would want a higher level cert like a CCNA or CCNP, but I've seen only like two job postings that said anything about having a CCNA while I've seen umpteen thousand that want a Net+ cert.

Serenity Now!

Michael2

I know a lot of people badmouth the A+, but it's the cert to have if you want to start out in IT. It proves that you understand the basic ins and outs of computer hardware and operating systems, and that you will at least have some idea of what to do if there's a problem. How can you expect someone to hire you for anything having to do with computers if you can't answer those basic questions? The A+ cert will help demonstrate your value as an IT employee. The Sec+ is a waste of money unless you're already working in IT and you want to enlarge your skill set. It has absolutely nothing to do with anything outside of security. It's all about how to get things done once the system is set up, but who's going to set up the system?

HailHogwash

I dont think no one is bad mouthing A+ but he has a Bachelors already

bigmantenor

Currently working in infosec (network security); here are my thoughts:

* Skip A+; this is my one cert so far that I would erase if I could get my money back for taking it. Has not helped me at all, and will soon be dropped from my resume.

* Network+ can be useful, but if you plan on going CCNA anyway then it is just as acceptable to go straight for the CCENT. The CCENT and Network+ are very similar in content.

*Security+ is a good starter security cert.

* Your plan to get the CCNA is prudent; this will help you get that all-important first position, and looks good on pretty much anyone's resume as it is a very well-known cert.

* Entry-level security jobs are few and far between, so getting a job as a NOC tech or on a helpdesk somewhere is your best bet for getting in IT. Don't allow yourself to get comfortable/stagnate if you end up going these routes; continue to certify and learn, and keep track of anything you do on a day to day basis which involves security (access control, physical security, policies, etc.) for future reference at job interviews.

* Also keep in mind that IT security is extremely broad, and that it is a constant learning process.

Hope that helps some. One nice thing about working in security is that no two days are the same. The sky is the limit with IT, as long as you have the drive to learn. I'm currently studying for Linux+/RHCSA, and after that I'll probably start looking at one of SSCP/CISSP/C|EH, to give you an idea of my process.

coreyb80

Even if the OP does go the helpdesk route the A+ at the very least will be needed outside of the Bachelors. That's from what I've seen. I could be wrong though.

ArabianKnight

Learn Windows 7 (70-680), Learn Server 2008 AD (70-640), Learn Linux, Go CCNA -> CCNA:Sec, Learn CEH stuff, I would just go ahead and get the CompTia Trinity of A+, Network+, Security+ as it will provide a good foundation. Also Sec+ will qualify you for IAT2 and IAM1 for DOD gigs.

Michael2

All I'm saying is that getting the A+ is better in my opinion because it will give employers a better idea of your level of skill and knowledge. If you show up with a degree from so-and-so Institute or such-and-such University, the person you talk to might not be familiar with that particular school's IT program and thus hesitant to hire someone without any experience. If you have the A+ cert, though, it will show that you have some real world knowledge and leave less room for doubt. But it's up to the OP.

Complete_IT_Professional

I would think that the degree would trump the A+ in terms of relevance and education? I haven't done the A+ so I might be way off.

I agree with several of the above posters, though, about entry-level security jobs being hard to come by. It could be beneficial to get into a helpdesk-type job and move across from there.

Sgcgeek78

Thanks for the replies all.

It's not that I'm saying anyone is badmouthing the A+ per say, only that its just so redundant in my opinion. I can use a vulnerability scanner to footprint and enumerate a network in preperation for a pen test, but they need a cert to prove I can assign printer permissions? That's a joke to me, but hey that's the way the game is played right so I guess I've got to go along to get along. At the very least I do agree with you Michael2 on the point that if I get the A+ its one less reason for them to say no to me.

The only reason I'm even getting the Sec+ is its required for just about any DoD IT job, even a simple helpdesk job that has NOTHING to do with security. As I live in northern va pretty much any IT job I apply for is a DoD contractor so that one isn't really a choice for me at this point. And at that point if I've already got two of them what's the point of holding out on the third so yeah Net+ will be done as well, but after that I'm concentrating on certs that actually mean something other than I can select the right multiple choice answer!

It just bugs me that I went through the trouble of getting a degree percisely because I wanted to prove my abilities beyond what these basic certs would. And yet 4 years and $20k later I'm in the same position I was in before I started.

bigmantenor - I get what your saying on Net+ and CCENT, though If I'm gonna take the CCNA then I'd rather just do that one test rather than the CCENT first and then the CCNA.

ArabianKnight - I had thought about the MCSA:Windows 7 cert, server 2008 wasn't really in my plans only because I figured if I went the CCNA route it would put me more towards a network admin rather than a system admin in which case I didn't think server 2008 would be as benefical to me. If I'm wrong or you disagree please do tell though. I sincerely appreciate all advice.

ArabianKnight

As far as MS Server goes, at least the Active Directory part certification stuff. I have seen numerous job postings that require or prefer AD knowledge/experience. Resetting passwords and other security related tasks for help desk related positions, and many use MS server 2003/8. It is good knowledge to have. My .02 cents

Ivanjam

@Sgcgeek78 - first, congratulations on completing your degree - I am sure you made a lot of sacrifices and put a lot of effort into pursuing the degree. Don't for a moment let yourself believe that it was a waste of time. It demonstrates your potential and ability to learn and will come in handy during the next stage of your career.

For right now, you just want that toe-hold in the industry to launch your career, and you are right in pursuing the Sec+ certification as you probably know that material quite well. The degree and certification combo will be your ticket into the industry, in lieu of experience. Someone on these forums once said that you need to know what you are securing, so your plan to get the CCNA (whether via the CCENT or not) is great and ArabianKnight's suggestion of getting a Windows 7 or even Windows Server 2008 R2 cert is excellent. Start applying for helpdesk or NOC jobs once you get that Sec+ but your chances of landing that first job should really improve with the CCNA.

So, in short, focus on getting the Sec+ out of the way then the CCNA and/or a Windows 7 cert while applying for entry-level jobs. After that you can start thinking about the SSCP/CISSP/CEH sort of thing, even a Master's degree.

Good luck on your endeavors and keep us posted!

Sgcgeek78

Been a bit since I first posted on here so I suppose an update is in order. I passed both the A+ and CCNA exams, and even managed to land a job in a NOC, though its not the traditional NOC job as there is almost no configuration required mostly just SSHing into servers to remotely restart them and racking and stacking servers. Plus its an overnight shift which is a total bummer when it comes to having a life, though it does provide for plenty of time to study.

I'm currently trying to decide what my next step is. I don't see a point in pursuing any of the security certs still (like the CEH, SSCP, or CISSP) since I'm still a noob in the IT world, but I don't really want to go the sys admin route. The only sys admin I would even remotely consider is for either UNIX or Linux. I know there is a CompTIA Linux+ cert (for linux noobs) and the RHCE cert (for linux pros), but are there any UNIX certs? My feelings on the Linux+ cert is the same as I had with the A+ cert from above, plus I haven't seen one linux admin job posting that said anything about wanting Linux+, but almost everyone wants you to have the RHCE. The only reason I would even comtemplate Linux+ is for the LPI cert that goes with it, but again level I is very basic and no one really wants that one (if they want any LPI cert its at least the level II).

The only other course of action I could see would be to learn SQL and go the DBA route or learn Python or Java and go the programming route, both of which would take me even futher away from security which is where I want to go eventually. While the pay is good for those type jobs, its just not where my perference lies and I don't want to get stuck doing a job I hate just because of a paycheck.

Any thoughts/advice from the community would be most appreciated.

Ivanjam

As you like Security and already have the CCNA, the CCNA: Security might a reasonable choice for your next step. After that you could try your hand at the CCNP: R&S or the CCNP: Security.

Winzer

It would seem a CCNA and a degree would land you a good job easily. My guesses are either a) you live in an area where IT jobs are scarce or b) employers do not like your lack of experience.

If I were you I would consider moving somewhere else to address point a or just suck it up for at least a year to acquire experience to address point b.

Sgcgeek78

Ivanjam...I had thought about taking the CCNA: Security, but decided it would be better to try for an OS cert first (which is where the Linux/Unix cert pursuing idea came from). I'm not sure adding the security CCNA would really improve my resume that much, at least not as much of a bump as I'd get from adding an OS cert to it.

Winzer...I'm currently in Northern VA, home to more government and government contractor IT jobs than I can shake a stick at so location isn't the issue, alas I agree with your second point: it's the experience, or lack thereof. The issue is the contract I'm currently on ends next April, so I only have a limited time (no where near a year unfortunately) to gain experience where I am before I'll be doing the job search all over again. It'd be nice to be able to broaden my job searching from simply help desk/noc technician as that would increase my prospects for landing my next job.

W Stewart

Linux+ may not be as impressive on your resume but it will provide you with a great foundation of knowledge that I don't think you should take for granted unless you're already a linux pro with years of experience. RHCE is more for someone who already has experience as a sys admin although it's not a hard requirement.

Also, I believe there's a solaris cert but I thought I remembered someone saying that they changed the requirements to force you to pay for their classes prior to taking the test. I also heard that you probably won't pass it if you don't have a lot of solaris experience.

W Stewart

Also, are you still applying for jobs that you don't meet the experience requirements for? A lot of places will make exceptions. I'm currently working as a Jr Systems Administrator and I'd be willing to be that everybody in the company I work for right down to the regular techs have more experience than I do. If you can show that you have the skill set to do the job, then numbers may not matter as much.