Best Security Certification for newbie...
new2ITSecurity
Member Posts: 25 ■■■□□□□□□□
in SSCP
Hi there...
A little about myself. I just received my Master of Science in Cybersecurity from the UMUC (undergrad also from UMUC: Bachelor in Computer Studies). I have never worked in the IT Security field. I am currently studying for the CISSP but I am wondering if this is the best route for me to obtain a job. I would love any advice/direction! Thanks...Ali
A little about myself. I just received my Master of Science in Cybersecurity from the UMUC (undergrad also from UMUC: Bachelor in Computer Studies). I have never worked in the IT Security field. I am currently studying for the CISSP but I am wondering if this is the best route for me to obtain a job. I would love any advice/direction! Thanks...Ali
Comments
Blog: www.network-node.com
I would get your 5 years work experience before going for the CISSP. If you don't have any certifications yet, security+ is going to be the easiest to get, and it doesn't require any work experience. CCENT/CCNA will be a good way to get your foot in the door and start getting some related work experience. If you're interested in the penetration testing route, the Offensive Security certifications are great and require no work experience, as well as the eLearnSecurity certifications.
Blog: www.network-node.com
* Certifications: CISSP, CEH, CHFI, CCNA:Sec, CCNA:R&S, CWNA, ITILv3, VCA-DCV, LPIC-1, A+, Network+, Security+, Linux+, Project+, and many more...
* Degrees: MSc: Cybersecurity and Information Assurance; BSc: Information Technology - Security; AAS: IT Network Systems Administration
I agree with much of everything that has been said. Security+ is where to start from, however, you might be qualified to take the SSCP too. You mentioned you have no IT security experience but do you have any IT experience? Sometime people don't realize that they've actually be involved in security with other things they've done in IT. For instance if you're are a helpdesk analyst but also perform access control (AD, Permission settings, Password mgmt etc) you might already be qualified for Access Control domain, What about if you have been involved in Network & Telecommunication domain doing things like VOIP, Blackberry, Network configuration services etc, those could also qualify you for the Telecommunication domain, So I will say evaulate what you have done in your resume, take a look at the ISC2 qualification for any of the certs you're interested in, you might be qualified to take the test already, it all depends on what you've done. Not having a IT Security job title is not enough to disqualify you.
Here is the SSCP requirement: https://www.isc2.org/sscp-how-to-certify.aspx
By the way, I'm also a UMUC alumni of the Master's in IA. Good luck to you in your pursuit.
For technical roles I believe SANS and Offsec are the best certification paths one can take; obviously those paths cost a relatively large amount of money and aren't for everyone.
For individuals looking for technical roles in security but lack the deep pockets or ways to get SANS or Offsec training, I would start with Security+ and dive into information about mastering TCP/IP, IR methodologies, programming basics, Linux fundamentals, etc. A few books I recommend:
-TCP/IP Illustrated, Vol. 1 (1st edition)
-The Tao of Network Security Monitoring
-The Practice of Network Security Monitoring: Understanding Incident Detection and Response
-Counter Hack Reloaded
-The Network Security Bible
..regarding Linux and programming basics I would seek out material that fits your learning style. Good luck
WGU Indiana - BS IT Security (Started: August 1st, 2013)
Transferred: AGC1 CDP1 BVC1 CLC1 CVV1 DHV1 DJV1 GAC1 CIC1 CDC1 UBT1 IWC1 IWT1 TCP1 TJP1 TJC1 EBV1 WFV1 EUP1 EUC1 CJC1 UBC1 TBP1
Completed: CUV1 BOV1 DRV1 DSV1 CTV1 CJV1 COV1 CQV1 CNV1 TPV1 MGC1 TXC1 TXP1 BNC1 TYP1 TYC1
Required: SBT1 RGT1 RIT1
- beads