Paths?

Hi all,

Looking at Networking or Security and trying to get a basic idea of fields within each. I've heard people mention different offensive VS defensive paths I could take. Offensive being something like Pen Testing while defensive would be like Application Vulnerabilities...if I'm even right about that.

Does someone know a site (or could explain) some paths or jobs available in Security? Maybe something like the CompTIA roadmap they have showing example jobs per certification, but not necessarily as exact?

Thanks and sorry for being confusing!

Find more posts tagged with

Comments

cyberguypr

I think the SANS roadmap poster gives a good general idea of some of the subdivisions of InfoSec.

http://www.sans.org/media/security-training/roadmap.pdf

the_hutch

A few off the top of my head...

Vulnerability Management - Certifications for Nessus/Retina/Nexpose etc... (I know Nessus has one, not sure on the others)
Forensics - EnCE, CHFI, GCIH
Penetration Testing - CEH, OSCP, GPEN
Boundary / Firewall - CCNA-Sec, CCSA, CCSE

widget101

I believe the ENSA by EC Council is a defensive cert and a suggested prerequisite for the CEH, but I do not know anyone who has obtained one and thus cannot comment on its value.

Nytrocide

So to start off, would Security+ and GSEC be the best two entry level IT Security certs?

Master Of Puppets

That's a nice choice! Whichever direction you choose, those will be of benefit. I think that as far as network security is concerned, the Cisco track is great. Yes, I know it is vendor specific but regardless of that you will learn a lot. They do a great job of explaining the concepts and the knowledge from there can be applied to other vendors and equipment.

I feel like it's important to point out that in case network security is your choice, it is quite vital to learn networking first(IMO). Many security enthusiasts overlook the fact that you can't really protect a network unless you understand how it works. It is not uncommon to run into security guys that know how to operate the firewall but have no idea what happens beyond that. Sometimes that can be a problem and a burden on the other members of the staff. I think the best security guys are the ones who know routing, switching etc. and can easily do an admin's job. Of course, you don't need to be a CCIE but you gotta know something.