Security Analyst

notheorynotheory Member Posts: 31 ■■□□□□□□□□
Hi all,

I'm currently holding a CCNA and Security+ certification which I both got last year. I didn't study for any other certification since then because I didn't know what direction I want my career to head.

For what I now know, I'd like to get more in to the security field. InfoSec. Yes it is a broad term but I eventually would like to work as Security Analyst or sometimes called Systems Analyst. My career goal would be to become a Security Management professional.

Now to my question.... what certification(s) would you recommend to acquire? What would be the next higher after Security+?
Or maybe I should get an MCSA or MCSE first?

I'm totally stuck in regards to which certification I should pursue next. But I have to keep studying and want to continue studying as soon as possible.

I hold a computer science degree and have many many years of IT experience, I just need to keep the certification ball rolling to increase my chances to switch internal.

Thanks,


***EDIT***

I'm more and more leaning towards SSCP

Comments

  • redzredz Member Posts: 265 ■■■□□□□□□□
    Security Analyst is also a broad term; a lot of companies describe that job as different things. I've seen companies call everything from source code review to penetration testing to compliance auditing "Security Analysis".

    The SSCP is a good start, but I'd honestly recommend Associate of (ISC)2 - CISSP if you don't have the requisite relevant security experience, or CISSP if you do, to help meet your long term goal of Security Management. I won't debate the validity to the value it is given by hiring managers here, but it is highly valued for almost all information security positions.

    After that, I would go for MCSA/CCNP/RHCE or other platform-specific certifications, those would probably be your best bet.
  • notheorynotheory Member Posts: 31 ■■□□□□□□□□
    redz wrote: »
    Security Analyst is also a broad term; a lot of companies describe that job as different things. I've seen companies call everything from source code review to penetration testing to compliance auditing "Security Analysis".

    The SSCP is a good start, but I'd honestly recommend Associate of (ISC)2 - CISSP if you don't have the requisite relevant security experience, or CISSP if you do, to help meet your long term goal of Security Management. I won't debate the validity to the value it is given by hiring managers here, but it is highly valued for almost all information security positions.

    After that, I would go for MCSA/CCNP/RHCE or other platform-specific certifications, those would probably be your best bet.

    Let me see if I got this right.
    If I'd never worked in IT Security directly, you recommend Associate of (ISC)2 towards CISSP or SSCP?. The past 8 years, I've worked in many roles from Supporter to Systems Admin (which is my current role). It was never a "Security" role, but for example, I did and still do manage the Firewalls in my current role. Not sure if that's enough to count as "Security experience", though.

    My understanding is that after I acquire the Associate of (ISC)2 status, I have 6 years time to get the required work experience?

    Thanks again.
  • TechGuy215TechGuy215 Member Posts: 404 ■■■■□□□□□□
    You have to at least of worked 5 years in 2 of the 10 CISSP domains to qualify for the experience aspect. You'll also need a current CISSP member, in good standing to endorse your skills and experience.

    The Associate of (ISC)² toward CISSP designation is valid for a maximum of six years from the date (ISC)² notifies you that you have passed the exam, within which time, you'll need to obtain the required experience and submit the required endorsement form for certification as a CISSP.
    * Currently pursuing: PhD: Information Security and Information Assurance
    * Certifications: CISSP, CEH, CHFI, CCNA:Sec, CCNA:R&S, CWNA, ITILv3, VCA-DCV, LPIC-1, A+, Network+, Security+, Linux+, Project+, and many more...
    * Degrees: MSc: Cybersecurity and Information Assurance; BSc: Information Technology - Security; AAS: IT Network Systems Administration
  • redzredz Member Posts: 265 ■■■□□□□□□□
    I suggest the CISSP over the SSCP because it will provide more value long term. It has applicability to both your short and long term goals, and the market for it is much, much stronger (1200+ hits on dice.com versus 95). It will be a larger investment of time and money to attain this certification - but the return on investment will be worth it.

    Holding a Security+ makes it a four year full-time work experience requirement, vice a five year. The domains, however, are as broad as the exam. Having a non-"security" title does not necessarily mean you did not perform a full-time function within one of those domains. It's up to you to really analyze what your primary functions were at each position and whether it's applicable to one or more of the domains (as well as being endorsed for it).

    I am unsure of the time frame required for you to get full time relevant work experience for Associate of (ISC)2 to full CISSP, but with 8 years of information technology experience I would recommend the CISSP over the SSCP.

    I would definitely recommend taking a look at (I stole this link from someone else on here... so, thanks, whoever you are):
    CompTIA Career Pathways

    Personally, I would bump all their certification listings 1 step down ("Expert" -> "Advanced", "Advanced" -> "Intermediate"), however it does provide a great path for Information Security certifications.

    EDIT: Their "Specialist" section is for just that - specialized information security certifications, from RHEL to Cisco to Hacking to Incident Response.
  • j1mggj1mgg Member Posts: 45 ■■□□□□□□□□
    As far as I am aware the SSCP is a little harder that the security+, but not by much and with the security+ still fresh in your mind would be a good cert to further cement the domains. I also believe if you have one years expierence in IT security you will get the full recognition and it also knocks a year of the expierence required for a full pass on the cissp, meaning only requiring 4 years expierence.
  • redzredz Member Posts: 265 ■■■□□□□□□□
    j1mgg wrote: »
    knocks a year of the expierence required for a full pass on the cissp, meaning only requiring 4 years expierence.

    So does Security+, which notheory already has. It can only be brought down to a four year requirement - getting an SSCP now won't change that.
  • notheorynotheory Member Posts: 31 ■■□□□□□□□□
    I had a look at the CompTIA roadmap, I found that the CASP would be something reasonable to consider?
  • emerald_octaneemerald_octane Member Posts: 613
    I would recommend the CISSP or Associate CISSP just to get it out of the way, then work on the SSCP to actually get a credential while you hammer at the CISSP requirements.

    I only suggest Associate CISSP to folks who are already in the field and just need 1, 2 years more experience. You do not want to lay down the cash + effort for the associate title, only to have it expire on you. Of course, anyone who can pass the CISSP can do the security+ or other certs to shave off a year, so that's 6 years to get 4 years worth of experience. Still, I wouldn't want to be up against the clock.

    However you do not get a cert for the Associate CISSP title. You get an ISC2 number...and that's it. Invitations to conferences and such are available as well, however you won't get a cert nor will employers be able to verify you through the website (if that sort of thing is important).
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    "Associates of the (ISC)2" also pay a $35/year Annual Maintenance Fee.

    https://www.isc2.org/how-to-become-an-associate.aspx
Sign In or Register to comment.