Please advice into my IT career "re-vamping" path :-)
joaoalemao
Member Posts: 12 ■□□□□□□□□□
in GIAC
Hello everybody,I hope to learn from others experiences.
I have read other posts with situations similar to mine which have helped me a great deal. I would like to get more personal advice though so here I go:
A little about myself(I have tried to keep it abbreviated to keep you guys from stopping reading my post till the end):
+10 years in IT, most of them in Portugal, some abroad.- Most of my experience has been as a programmer in different platforms/languages
- A lot of experience as a Database Admin & programmer
- Some years of experience as a freelance internet consultant, touching different areas, such as web development and integration, hosting services, web scraping programming in Java & Javascript(having had to deal with extensive use of proxies and anonimization)
- Some work experience with Linux & Windows boxes administration
- I don´t have a College Degree. I started working in IT in the 90´s after some very specialized training given by a big IT comany to cover booming demand.
- My knowledge of Networks & Security is very limited.
Right now I am at a turning point because internet consultancy at the freelance level is not working for me any more. I have allways been very attracted to Internet Security in general and to IT Forensics specifically since I started knowing about it for some years.
So I have decided to completely recycle myself and I want to devote some time full-time to get training aimed at gaining high quality knowledge and some certifications of that knowledge to be marketable and fit to work in the IT Security sector and maybe eventually in Computer Forensics area. I want to do this as quick and as effectively as possible, but establishing a good knowledge base that allows me to succeed both personally and professionally in this new career path turn.
So after a lot of digging I have my eyes specifically into the SANS OnDemand training, and this is what I have decided to do so far(and here is where your experiences and opinions might help me validate my decisions). In the following order:
1) Take the SANS “SEC401: Security Essentials Bootcamp Style” OnDemand course
2) Prepare and sit for the GSEC Cetification exam
3) Take the SANS “SEC560: Network Penetration Testing and Ethical Hacking” OnDemand course
4) Prepare and sit for the GPEN Certification exam
5) Take the SANS “FOR408: Computer Forensic Investigations - Windows In-Depth” OnDemand course
6) Prepare and sit for the GCFE Certification exam
7) At this point in time, ideally, be in a position to be higly marketable for the booming IT Security sector and get a job. In my country, Portugal, we are about 2 years behind in comparison to more highly advanced countries in this field. Once I would hopefully be working in IT Security and having a broader and more experienced perspective, (and ideally having my employer pay for some training) maybe get a very advanced course, depending on the direction taken by my career, like:
- SANS “FOR508: Advanced Computer Forensic Analysis and Incident Response”
or
- SANS “SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking”
I am ready to hear any opinion on my situation and plans, its logic, feasability, etc...
I am also very interested in hearing about anybody that has taken any of the mentioned courses and prepared the corresponding certification to have an idea on how much time I should plan to devote for each of them, considering that I will be dedicating full-time to the training and exam preparation.
Thank you very much in advance!
Joao:)
I have read other posts with situations similar to mine which have helped me a great deal. I would like to get more personal advice though so here I go:
A little about myself(I have tried to keep it abbreviated to keep you guys from stopping reading my post till the end):
+10 years in IT, most of them in Portugal, some abroad.- Most of my experience has been as a programmer in different platforms/languages
- A lot of experience as a Database Admin & programmer
- Some years of experience as a freelance internet consultant, touching different areas, such as web development and integration, hosting services, web scraping programming in Java & Javascript(having had to deal with extensive use of proxies and anonimization)
- Some work experience with Linux & Windows boxes administration
- I don´t have a College Degree. I started working in IT in the 90´s after some very specialized training given by a big IT comany to cover booming demand.
- My knowledge of Networks & Security is very limited.
Right now I am at a turning point because internet consultancy at the freelance level is not working for me any more. I have allways been very attracted to Internet Security in general and to IT Forensics specifically since I started knowing about it for some years.
So I have decided to completely recycle myself and I want to devote some time full-time to get training aimed at gaining high quality knowledge and some certifications of that knowledge to be marketable and fit to work in the IT Security sector and maybe eventually in Computer Forensics area. I want to do this as quick and as effectively as possible, but establishing a good knowledge base that allows me to succeed both personally and professionally in this new career path turn.
So after a lot of digging I have my eyes specifically into the SANS OnDemand training, and this is what I have decided to do so far(and here is where your experiences and opinions might help me validate my decisions). In the following order:
1) Take the SANS “SEC401: Security Essentials Bootcamp Style” OnDemand course
2) Prepare and sit for the GSEC Cetification exam
3) Take the SANS “SEC560: Network Penetration Testing and Ethical Hacking” OnDemand course
4) Prepare and sit for the GPEN Certification exam
5) Take the SANS “FOR408: Computer Forensic Investigations - Windows In-Depth” OnDemand course
6) Prepare and sit for the GCFE Certification exam
7) At this point in time, ideally, be in a position to be higly marketable for the booming IT Security sector and get a job. In my country, Portugal, we are about 2 years behind in comparison to more highly advanced countries in this field. Once I would hopefully be working in IT Security and having a broader and more experienced perspective, (and ideally having my employer pay for some training) maybe get a very advanced course, depending on the direction taken by my career, like:
- SANS “FOR508: Advanced Computer Forensic Analysis and Incident Response”
or
- SANS “SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking”
I am ready to hear any opinion on my situation and plans, its logic, feasability, etc...
I am also very interested in hearing about anybody that has taken any of the mentioned courses and prepared the corresponding certification to have an idea on how much time I should plan to devote for each of them, considering that I will be dedicating full-time to the training and exam preparation.
Thank you very much in advance!
Joao:)
Comments
-
chanakyajupudi Member Posts: 712Do you have any experience in the Security Side of the work you have done ?
These classes I hope you know are pretty expensive. Around 4000$ per class and with the exam at 579$.
Its good that you want to do all of these buy maybe you can start slow and look for jobs that need your skill more than the security. IN my opinion of course.
Cheers
ChanakyaWork In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]
http://adarsh.amazonwebservices.ninja -
joaoalemao Member Posts: 12 ■□□□□□□□□□Thank you for replying:)
I am aware of the high cost of these courses and the fact that they are aimed at security pros already working and that they are usually paid for by their employers. Unfortunately due to my current life equation I would have to pay for them myself.
And in reply to your question, I have no previous experience in IT Security. Your suggestion to start slow is great for most cases, but since I am 40 years old, my clock ticks at a different pace than most of the young people that start early in their career in the security area. I need to gain high level knowledge quickly and effectively.
cheers. -
chanakyajupudi Member Posts: 712What you say is true. Lets see what the more seasoned infosec professionals have to say !
I am new to the Infosec World and have just started out with the SANS stuff. I have done the 401 and 504. Exams still pending !
ChanakyaWork In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]
http://adarsh.amazonwebservices.ninja -
joaoalemao Member Posts: 12 ■□□□□□□□□□Oh, and I forgot to mention that I have maintained very good relationships and reputation with my previous employers before I decided to go freelance.
I believe that might help me a bit once I begin to try to market my "re-vamped" self.
So does people think my plan is too unrealistic or flawed?
thanks for any input,
Joao:)