Best Security Certification for newbie...

new2ITSecuritynew2ITSecurity Member Posts: 25 ■■■□□□□□□□
Hi there...

A little about myself. I just received my Master of Science in Cybersecurity from the UMUC (undergrad also from UMUC: Bachelor in Computer Studies). I have never worked in the IT Security field. I am currently studying for the CISSP but I am wondering if this is the best route for me to obtain a job. I would love any advice/direction! Thanks...Ali


  • IristheangelIristheangel Mod Posts: 4,133 Mod
    I wouldn't consider the CISSP as an "entry-level" certification for a newbie. You might pass the test but without 5 years of security job experience, you're not really getting the CISSP. I would recommend picking up some certifications that you can put on your resume: Security+, CASP, etc
    BS, MS, and CCIE #50931
  • zxshockaxzzxshockaxz Member Posts: 108
    Iris hit the nail on the head.
    I would get your 5 years work experience before going for the CISSP. If you don't have any certifications yet, security+ is going to be the easiest to get, and it doesn't require any work experience. CCENT/CCNA will be a good way to get your foot in the door and start getting some related work experience. If you're interested in the penetration testing route, the Offensive Security certifications are great and require no work experience, as well as the eLearnSecurity certifications.
  • new2ITSecuritynew2ITSecurity Member Posts: 25 ■■■□□□□□□□
    Thanks Iris...would you recommend studying for the SSCP over Security +...
  • IristheangelIristheangel Mod Posts: 4,133 Mod
    You need at least 1 year of security experience still for the SSCP so you're in a "chicken before the egg" situation here. I would say to get your Security+ or even some more technical security-oriented certifications (CCNA:Security or whatever), get a job, work for a year, and then consider some more advanced certifications that require the experience behind them. Don't get me wrong, the SSCP is a great certification to get but you won't actually be able to put it on your resume before you get the experience. You'll have the lesser-known "Associate of ISC2" which employers and recruiters don't really know as well so it won't open as many doors. One of the hardest things for someone new to this industry is getting their foot in the door at that first IT job so to improve your odds and make yourself more marketable, shoot for those certifications that you can put on your resume and that recruiters can search for
    BS, MS, and CCIE #50931
  • TechGuy215TechGuy215 Member Posts: 404 ■■■■□□□□□□
    SSCP you need 1 year of experience. If you have no "real-world/work experience", take the Sec+ or CASP.
    * Currently pursuing: PhD: Information Security and Information Assurance
    * Certifications: CISSP, CEH, CHFI, CCNA:Sec, CCNA:R&S, CWNA, ITILv3, VCA-DCV, LPIC-1, A+, Network+, Security+, Linux+, Project+, and many more...
    * Degrees: MSc: Cybersecurity and Information Assurance; BSc: Information Technology - Security; AAS: IT Network Systems Administration
  • joebannyjoebanny Member Posts: 84 ■■□□□□□□□□
    Hi There,

    I agree with much of everything that has been said. Security+ is where to start from, however, you might be qualified to take the SSCP too. You mentioned you have no IT security experience but do you have any IT experience? Sometime people don't realize that they've actually be involved in security with other things they've done in IT. For instance if you're are a helpdesk analyst but also perform access control (AD, Permission settings, Password mgmt etc) you might already be qualified for Access Control domain, What about if you have been involved in Network & Telecommunication domain doing things like VOIP, Blackberry, Network configuration services etc, those could also qualify you for the Telecommunication domain, So I will say evaulate what you have done in your resume, take a look at the ISC2 qualification for any of the certs you're interested in, you might be qualified to take the test already, it all depends on what you've done. Not having a IT Security job title is not enough to disqualify you.

    Here is the SSCP requirement:

    By the way, I'm also a UMUC alumni of the Master's in IA. Good luck to you in your pursuit.
  • new2ITSecuritynew2ITSecurity Member Posts: 25 ■■■□□□□□□□
    Thanks for the info on SSCP joebanny! After reading your post, I ordered the SSCP All-In-One study guide by Gibson. Congrats on your Masters as well!
  • jez2cooljez2cool Registered Users Posts: 6 ■□□□□□□□□□
    I would go for the CISSP, You will gain more and there are not many places looking for an SSCP. InfoSec is not an easy field to get in, everyone wants experience and not many well give you a chance to gain that experience. I am apart of my local ISSA chapter and most of the CISSP's told me not to bother with the SSCP from there experience. Far as the best security cert for a newbie would be security +. If you are serious about security I would look in to the CISSP because even with out the experience you will be gain the CISSP-associate and 6 years to get experience to drop the tag and would not have to retake the test.
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    CISSP would be a nice marketing piece for your resume'. If that's what you're looking for, I would skip the SSCP all together. Obviously you will be an 'Associate' of ISC2 but listing the CISSP on your resume' at all will fulfill your goal of becoming a search result when hiring bots comb the web for resumes. Other than marketing, the certification choice you make totally depends on what you want to do in security. The CISSP is really a management certification and the material you learn there will not be super useful in a purely technical security role. Of course, if being in a purely technical role is not your goal, then the CISSP may be a perfect fit for you.

    For technical roles I believe SANS and Offsec are the best certification paths one can take; obviously those paths cost a relatively large amount of money and aren't for everyone.

    For individuals looking for technical roles in security but lack the deep pockets or ways to get SANS or Offsec training, I would start with Security+ and dive into information about mastering TCP/IP, IR methodologies, programming basics, Linux fundamentals, etc. A few books I recommend:

    -TCP/IP Illustrated, Vol. 1 (1st edition)
    -The Tao of Network Security Monitoring
    -The Practice of Network Security Monitoring: Understanding Incident Detection and Response
    -Counter Hack Reloaded
    -The Network Security Bible

    ..regarding Linux and programming basics I would seek out material that fits your learning style. Good luck
  • CoolAsAFanCoolAsAFan Member Posts: 239
    SSCP and CISSP are more intermediate/advanced certs, also without the required work experience you just get the associate designation. I agree with what others have said, Security+ then CCNA:Security would be a great start. Good luck!
    IvyTech - AS CINS (Completed: May, 2013)
    WGU Indiana - BS IT Security
    (Started: August 1st, 2013)
    Required: SBT1 RGT1 RIT1
  • new2ITSecuritynew2ITSecurity Member Posts: 25 ■■■□□□□□□□
    Thanks for the advice everyone!! Looks like I have my work cut out for me :) At least it will be totally worth it!
  • KaineKaine Registered Users Posts: 2 ■□□□□□□□□□
    It will be worth it friend and good luck. I work for the DOD as a Server Admin and am working on my CISSP now.
  • joebannyjoebanny Member Posts: 84 ■■□□□□□□□□
    Agreed, it is a lot of work, it took me 3 intensive, sleep-deprived, time- away-from-family months, to work on my CISSP, a month after passing, the payoff came big time, I can assure you, it is worth the trouble. All the best to you!
  • beadsbeads Member Posts: 1,525 ■■■■■■■■■□
    Security+ followed by CCNA Security would be much more believable than suddenly posting an advanced/mid career level certificate. Shows rational progression. Seeing too many "sudden CISSP" in the market from folks in there mid to late 20's and next to no real experience in the field.

    - beads
Sign In or Register to comment.