Advice on choosing security path

Zoovash

Hello,I recently achieved CCNP and I’m thinking what to do next. I’m very interested in security and I want to pursue a career in InfoSec. At the moment I’m responsible for testing security features on L2 Switches with limited L3 capabilities. The experience in security is great but I don’t want to do QA for a long period of time, so I’m thinking what to do next in order to fulfill my dreams.I’ve already made plans for Security+ and Linux+ but I have no idea beyond that. I have some experience in C/C++ programming from high school and early college, although I haven’t written any piece of code for about 2 years, so I’m strongly considering PenTesting. On the other hand I’m also interested in the Security track from Cisco, I know that sooner or later I will get that CCNP Sec, and hopefully CCIE Sec by the time I’m 30 The problem is that lately I’ve been reading up on other technologies, like wireless and data center, and the Cisco Data Center track is getting very appealing to me.What do you think is a better combo, OSCP + CCNP Security or CCNP Security + Data Center ?Any advice is much appreciated!Thanks!

ptilsen

It sounds like you've got some great options anda great start, to me. Low-level programming certainly won't hurt you in pentesting, but a lot of pentesters operate almost entirely in interpreted functional languages. Python and Ruby are big. If you got anywhere with C and C++, they should be a piece of cake to pick up.

CCNP Sec won't hurt, and OSCP is really the pentesting cert to get. CISSP is also highly recommended, no matter what area of security most interests you.

redz

ptilsen wrote: »

CISSP

Exactly this. It's not really the high-level extravaganza it's made out to be, but it's a check-in-the-box for almost every security-related job. Having it will infinitely help your career progression, no matter the area. Easily the best ROI of any cert I've gotten, even if it is functionally only ~30-40% useful.

Be honest, CISSP's, how many times have you needed to know the fence height to stop a casual intruder?

Zoovash

Thanks for your reply!

I know CISSP is a must have for any serious security jobs but I didn't mention it because I have a long way before I can be endorsed for that. Not too long ago I got in charge of security features so I only have a few months of InfoSec experience. As preparation for CISSP I will try to get SSCP in 2014, after having enough experience for it.

LarryDaMan

redz wrote: »

Be honest, CISSP's, how many times have you needed to know the fence height to stop a casual intruder?

...and if the casual intruder did go over the fence, I'll also know the class of the fire extinguisher that I am going to hit him with.

The CISSP is very useful and has good ROI, but if the experience requirements are properly followed, this can't be one to recommend for a first security position.

Master Of Puppets

It really looks like you have some solid opportunities. I would have to agree with the others and of course my best friend, redz, on getting the CISSP It should be a long term goal. I also don't meet the experience requirements but I have it in mind. As far as the combo question goes, it would probably depend on the area of security - for pen testing oscp + ccnp:sec and for a network security gig, you might find it more useful to have two CCNPs. Ultimately, almost every area of security calls for in depth knowledge of networking so you can hardly go wrong. These certifications will complement each other. If you are at a CCNP level, the network stuff on the OSCP should be of no concern to you.