Which cert to get for my career?

Good morning techexam community,
I am at a crossroad and need some advice on which certification would help me in my career.

Background:
I am currently an information assurance manager
5 years security background (COMSEC, EMSEC, Physical, security manager)
1.5 years information assurance experience

-I am proficient at vulnerability scans, active directory, auditing, certification & accreditation and EMSEC

-I am NOT proficient at network design, programming, technical network knowledge

So my ambitions are to someday become a security director of some type but it seems that a lot of these security positions require that security professionals are basically programmers, computer engineers or network wizards!icon_lol.gif

I have the SEC+, if I have no ambitions on becoming a programmer or network admin and just want to stick with security what should I learn (master’s degree IA maybe?) or which cert should I go for next?

ALL input will be appreciated!

Comments

  • badrottiebadrottie Member Posts: 116
    With the current changes the DoD is implementing, I would strongly advise getting the CISSP and/or CISM. Obtaining a Masters in IA would not hurt, but it will definitely hurt your pocket book if you are paying for itself, so you would have to factor in what the ROI would be in that situation.
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    I would pursue the CISSP and or the CISA. I would also try and address your lack of proficiency with networking knowledge. You don't need to know how to do everything but a strong foundation can only help you not hinder you.
  • da_vatoda_vato Member Posts: 445
    I agree with tpatt. With a foundational understanding of networking you will a lot more effective at your job. Security is about protecting the entire infrastructure, how are you going to protect if you don't understand how it works?

    Are you Kirtland by chance?
  • 5502george5502george Member Posts: 264
    da_vato wrote: »
    I agree with tpatt. With a foundational understanding of networking you will a lot more effective at your job. Security is about protecting the entire infrastructure, how are you going to protect if you don't understand how it works?

    Are you Kirtland by chance?

    Yup good old new mexico!
  • da_vatoda_vato Member Posts: 445
    That's where I'm at, you're not in the IA office are you?
  • NfokingNfoking Registered Users Posts: 1 ■□□□□□□□□□
    Hello All,
    I have a couple of questions regarding a career in infosec. I have a non technical bachelors degree. I am CCNP, CCNA Security, CCNA, MCP (XP), and A+ certified. I have about experience as a System Admin (Windows-based), and close to a year and a half experience as a NOC Engineer (Cisco), plus over ten years experience in tech support. Currently i am learning how to administer Linux.
    I want to move into INFOSEC which has been of interest to me in the past couple of years. I am looking for a vendor neutral certification since i already have a vendor based security certificate from Cisco, and was wondering about what to study. I want a well rounded training in INFOSEC, because i want to move to management in the field in the near future.
    Some people have advised that i should take the GCIH, but others argue that the CISSP is better. I have also heard some argue that a solid knowledge of Linux and Windows is required. I also see others emphasizing Network infrastrusture background.
    I want to make sure i make a good and reasonable decision before moving forward. I would greatly appreciate any feedback or advise.
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    What I usually suggest is that you spend some time looking at job postings on Monster, Dice, and Linkedin, find the jobs you'd like to have, and notice what certs the hiring managers are asking for. After a while, you will see a pattern of the most requested certs for the type of position you want.
  • instant000instant000 Member Posts: 1,745
    To the OP:

    Always consider bang for the buck.

    If working DoD, the far right of the chart is where you want to be: DoD 8570 Information Assurance Workforce Improvement Program

    Now, it would make sense to have a plan to get there.
    Based on your work experience, I'd recommend CISA > CISSP > CISM.
    The Auditor more immediately applies to what you currently do. The CISM would be nice to have also, but there would be a six month lag between tests. During this time, you could study for the CISSP, which would also help to prepare you for the CISM, due to the overlap between the two. If you can clear it in time, go ahead and take the CISSP in-between. If not, do it after the CISM.

    Now, that is all fine and dandy, but you have the issue of admitting a lack of knowledge for networking. Few things can irk the admin team more than someone firing off vulnerability scans without realizing how they can adversely affect the network.

    I'm not saying you should go out and "cert up" to address your programming, networking, and design weaknesses, but it won't hurt to read up on a few things, so you at least understand them theoretically. You hire your experts to do the nitty gritty, but you cannot afford to be clueless as a manager. (Whenever I think of clueless manager, I get an image of Dilbert's boss in my head.)

    Heck, I feel that I don't know enough about networking or security, and I have professional-level certs in these areas. That is, certs aren't enough. You can always go further than any vendor-specific or vendor-neutral cert.

    To the second poster (Nfoking):

    JDMurry gave great advice.

    It is very difficult to provide any recommendations, since you have not decided what you want to do yet. Usually, a person establishes an end state, and then we can attempt to help that person reach it, by helping them develop a plan to get there. If you have not decided on your end state, it will be difficult to help you get there.

    If you want advice on vendor-neutral certification for information security, then some of the best ones to get are from CompTIA, ISACA, and (ISC)2. Those are all vendor-neutral.

    Still, JDMurray's advice of finding the type of jobs you would find interest in, and making sure that you acquired those skills makes the most sense right now.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • Killj0yKillj0y Member Posts: 39 ■■□□□□□□□□
    Not sure if this helps but I found this on IronGeek:

    Hack the Hustle! Career Strategies for Information Security Professionals - Eve Adams (BSides Las Vegas 2013) (Hacking Illustrated Series InfoSec Tutorial Videos)

    Tips and information about infosec careers given by a technical recruiter. It is very informative and insightful. I would suggest following her also. I think she tweets about job offerings if you are currently looking.

    @HackerHuntress
    Certifications: GPEN, SMFE, CISSP, OSCE, OSCP, OSWP, Security+, CEHv6, MCSE+Sec:2003
Sign In or Register to comment.