New in Information Security.. what should I do??

alandaleep

Hello everybody,, How are you all
I have a several question about the Information Security specialist; I just graduated in Information Technology and I want to take some courses in Information Security, so I decided to take these courses

• Security+ (OR) GSEC >>> which is better
• C|EH
• OSCP Offensive Security Certified Professional >>>> without the test
• SANS GPEN GIAC Certified Penetration Tester

Will these courses be Enough to success in the job field (if not) what else should I do to be professional in this specialization

chanakyajupudi

Congratulations on your graduation. I think you can avoid the Security+ cert. Take in the knowledge though.

Secondly CEH is a good place to start. Many companies in the EMEA and APAC look at CEH ( Including HP ) as mandatory.

OSCP Sounds good. But start with the CEH then you can choose to move in whichever direction you are interested.

GSEC is also a good option but is very expensive. So you will have to worry about financing that education !

GPEN is something that can be done later maybe when you have a job and a couple of years of experience on the job ( Infosec ).

First start looking for a job once you have the CEH and Sec+ knowledge. Experience trumps all other ways in the first couple of years of your career.

I assume you have a bit of experience with Networks / Operating Systems and Protocols.

Let me know if there is anything you need assistance with.

There are a lot of people here with the knowledge to guide you with !

Best of luck in whatever you want to pursue !

Chanakya

Master Of Puppets

GSEC is definitely better than Sec+ but I'm assuming you're not completely new so Sec+ should not be very hard(plus a lot cheaper). It can't hurt to have it on your resume. With the OSCP, what is expensive is the course. The exam was something like 60$ so you might as well go for it. Even if you fail it doesn't matter - it will be a nice experience and you'll learn a ton.

To succeed in the field you should have the knowledge, above all. Certs are important but focus on gaining the appropriate skill set, not paper that says you do. You should, by all means, get the certs. My point is that I've seen a lot of cases when they don't matter as much in infosec. It comes down to what you can do. Sadly even if you can do a lot, without experience it is hard to get the opportunity to prove it. In order to make it you may need to start at the lower levels.

alandaleep

chanakyajupudi wrote: »

Congratulations on your graduation. I think you can avoid the Security+ cert. Take in the knowledge though.

Secondly CEH is a good place to start. Many companies in the EMEA and APAC look at CEH ( Including HP ) as mandatory.

OSCP Sounds good. But start with the CEH then you can choose to move in whichever direction you are interested.

GSEC is also a good option but is very expensive. So you will have to worry about financing that education !

GPEN is something that can be done later maybe when you have a job and a couple of years of experience on the job ( Infosec ).

First start looking for a job once you have the CEH and Sec+ knowledge. Experience trumps all other ways in the first couple of years of your career.

I assume you have a bit of experience with Networks / Operating Systems and Protocols.

Let me know if there is anything you need assistance with.

There are a lot of people here with the knowledge to guide you with !

Best of luck in whatever you want to pursue !

Chanakya

Thank you Mr.Chanakya you really helped me I'm appreciating you
Since you are from India/Hyderabad I want you to suggest me about the best institutes in Hyderabad that give these courses

and I also want to know the different between network security and information security and which one is better.

chanakyajupudi

Oh you are from Hyderabad ?

PM for more !

YFZblu

Regardless of what you have on paper, IMO what you'll need to be successful in getting a technical job in infosec is:

-Thorough understanding of TCP/IP
-Programming fundamentals. You do not need to be a dev by any means, but you should be able to understand the broad strokes in source code - Better yet, learn some Python. It's everywhere in security and will give you a nice flexible language for your utility belt.
-Linux fundamentals - This is a must
-Incident Response methodology - ie SANS' PICERL
-Infosec news sources - You'll need to constantly follow up with information security news, blogs, talks, etc; and you'll want several sources you're reviewing all the time to keep the basics fresh and to remain updated on the current threat landscape.

Those are just a few things to get you started. Regarding C|EH - Unfortunately I have come across more negative perception of this cert than positive during my time in security. No offense to anyone, and I personally don't have an opinion of the cert, but it doesn't have much respect from what I have observed.

Good luck

alandaleep

chanakyajupudi wrote: »

Oh you are from Hyderabad ?

PM for more !

I don't have permission to enter to the PM yet

Humbe

If you are just starting in the Information Security field, I would recommend you to start with one of the basic certs such as Security+. Then, you can chose your career path to either be technical or more of a managerial.

Here is a list of certs I'd be looking at if I'm starting in the Security field:

1. Network+
2. Security+
3. CEH
4. SSCP
5. GSEC
6. CISSP

I hope that helps.

chanakyajupudi

Contact via my Blog.