Paths?
Nytrocide
Member Posts: 225
Hi all,
Looking at Networking or Security and trying to get a basic idea of fields within each. I've heard people mention different offensive VS defensive paths I could take. Offensive being something like Pen Testing while defensive would be like Application Vulnerabilities...if I'm even right about that.
Does someone know a site (or could explain) some paths or jobs available in Security? Maybe something like the CompTIA roadmap they have showing example jobs per certification, but not necessarily as exact?
Thanks and sorry for being confusing!
Looking at Networking or Security and trying to get a basic idea of fields within each. I've heard people mention different offensive VS defensive paths I could take. Offensive being something like Pen Testing while defensive would be like Application Vulnerabilities...if I'm even right about that.
Does someone know a site (or could explain) some paths or jobs available in Security? Maybe something like the CompTIA roadmap they have showing example jobs per certification, but not necessarily as exact?
Thanks and sorry for being confusing!
Goals for 2014: CCNA: Voice / CCNA: Security
Comments
-
cyberguypr
Mod Posts: 6,928 Mod
I think the SANS roadmap poster gives a good general idea of some of the subdivisions of InfoSec.
http://www.sans.org/media/security-training/roadmap.pdf -
the_hutch
Banned Posts: 827
A few off the top of my head...
Vulnerability Management - Certifications for Nessus/Retina/Nexpose etc... (I know Nessus has one, not sure on the others)
Forensics - EnCE, CHFI, GCIH
Penetration Testing - CEH, OSCP, GPEN
Boundary / Firewall - CCNA-Sec, CCSA, CCSE -
widget101
Member Posts: 29 ■■■□□□□□□□
I believe the ENSA by EC Council is a defensive cert and a suggested prerequisite for the CEH, but I do not know anyone who has obtained one and thus cannot comment on its value. -
Nytrocide
Member Posts: 225
So to start off, would Security+ and GSEC be the best two entry level IT Security certs?Goals for 2014: CCNA: Voice / CCNA: Security
-
Master Of Puppets
Member Posts: 1,210
That's a nice choice! Whichever direction you choose, those will be of benefit. I think that as far as network security is concerned, the Cisco track is great. Yes, I know it is vendor specific but regardless of that you will learn a lot. They do a great job of explaining the concepts and the knowledge from there can be applied to other vendors and equipment.
I feel like it's important to point out that in case network security is your choice, it is quite vital to learn networking first(IMO). Many security enthusiasts overlook the fact that you can't really protect a network unless you understand how it works. It is not uncommon to run into security guys that know how to operate the firewall but have no idea what happens beyond that. Sometimes that can be a problem and a burden on the other members of the staff. I think the best security guys are the ones who know routing, switching etc. and can easily do an admin's job. Of course, you don't need to be a CCIE but you gotta know something.Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.