Career Questions and Outlook

Blade3D

I finally got a job after graduating with a degree in Computer Science with an emphasis in Information Assurance in the Fall of 2011. My job consists of design, engineering, and consulting services for information systems, telecommunications infrastructure, wireless networks, physical security systems, voice and data systems, as a junior systems designer. Also, they do some project management. It is a very small firm and I want to position myself as an integral part. I was wondering what certifications people would recommend and I will outline my projected plan.

Certification Plan:
CWNA
CCNA
Comptia Security+
C|EH
E|CSA
L|PT

I also figured after I got the experience SSCP, CAP, CISSP. I planned on doing C|EH, E|CSA, and L|PT because they said I could potentially expand the work they get by doing penetration testing, and is also the classes I enjoyed the most in college. I was also wondering if getting certifications from GIAC (GCIA, GPEN, GAWN, etc) would be a better fit then EC-Council. Any help and recommendations would be greatly appreciated.

DoubleNNs

Personally, I'd suggest starting w/ CCNA then going to Security+. Then from there, re-asses your goals and see where next would benefit you the most at that position.
The CCNA does have some wireless concepts in it, and depending on the responsibilities of the role, you may or may not want to go into further depth.

I can't speak much about the other security related certs, but I do know that often times what you think might be beneficial to you today, you might reconsider a few months down the line. So maybe think of the 1st 2 or 3 certs to get, and focus on those. Then when nearing the end of completing them, try to figure out the next step after.

Blade3D

They do want to start sending me to various job sites to do wireless surveys, and so forth which is a main reason I was going to start with CWNA. Sorry I forgot to mention that.

kiki162

Sec+, CCNA, CEH, SSCP, and CWNA.

It will take you a bit for the CISSP, but you have plenty of time for those SANS certs. If your employer will pay for those classes, that's a bonus that most of us don't get.

docrice

To clarify a bit, SANS does not provide certification, but training courses. GIAC is the sister-organization which provides certification based on the SANS training curriculum (for example, GCIA would be "GIAC Certified Intrusion Analyst").

In the infosec world, GIAC status is better regarded than EC-Council, but currently in the general HR world, GIAC certs are much less-known and it's not common for hiring managers to know much between security certifications (unless they're specialized in the area themselves).

Blade3D

docrice wrote: »

To clarify a bit, SANS does not provide certification, but training courses. GIAC is the sister-organization which provides certification based on the SANS training curriculum (for example, GCIA would be "GIAC Certified Intrusion Analyst").

In the infosec world, GIAC status is better regarded than EC-Council, but currently in the general HR world, GIAC certs are much less-known and it's not common for hiring managers to know much between security certifications (unless they're specialized in the area themselves).

Ah, I thought it was the governing body of it. That's fine, what I was trying to say still applies just switch SANS to GIAC (edited OP).

docrice

I don't think I addressed your original question. For your your case, I would assume that Security+ may not be worth your while (unless you find the material challenging, in which case by all means go through that first). If the plan is to be a security generalist, then I would probably also look into the CCNA. The CISSP is a highly-visible certification to have, although not everyone gives it a lot of credit.

I've always been a big fan of SANS training and the GIAC certification program, but I'd also round it out with other security-centric training such as those by Offensive Security. eLearnSecurity might be a good bet as well, although the certification has almost no recognition. Going through the CWNA material seems to be a good thing to instill wireless knowledge, but the certification isn't well-known.

The SANS courses and the certs for the GCIA, GPEN, and GAWN will require some existing fundamental knowledge about networks and they're not exactly introductory-level material. I don't know what your actual fluency is in these technical areas that you're pursuing, but keep that in mind if you're not used to doing any sort of protocol analysis.

Blade3D

docrice wrote: »

I don't think I addressed your original question. For your your case, I would assume that Security+ may not be worth your while (unless you find the material challenging, in which case by all means go through that first). If the plan is to be a security generalist, then I would probably also look into the CCNA. The CISSP is a highly-visible certification to have, although not everyone gives it a lot of credit.

I've always been a big fan of SANS training and the GIAC certification program, but I'd also round it out with other security-centric training such as those by Offensive Security. eLearnSecurity might be a good bet as well, although the certification has almost no recognition. Going through the CWNA material seems to be a good thing to instill wireless knowledge, but the certification isn't well-known.

The SANS courses and the certs for the GCIA, GPEN, and GAWN will require some existing fundamental knowledge about networks and they're not exactly introductory-level material. I don't know what your actual fluency is in these technical areas that you're pursuing, but keep that in mind if you're not used to doing any sort of protocol analysis.

Thanks, I just want to gain some well-rounded knowledge and certs. Then I'd like to concentrate more on cyber-security, and penetration testing as I think I could develop a larger role in the company. I had looked at Offensive Security before and that might be something I'd be interested down the road.

Blade3D

I am also considering WGU for a M.S. in Information Security and Assurance or possibly a MBA in Information Technology Management. I've been contemplating getting a Masters since I graduated, this seems like a convenient route.