Starting A Networking/Security Career

Shadow Realm

Hello, I'm currently 17 and I'm working full time to support myself and I'm looking to study IT (As that's the job I'm looking for) so I'm using this year as kind of a gap year. I'm looking to start these courses and have them finished by my 18th birthday (In ~10 months) so then I can move to a capital city and find a job (I'm from Australia)

So the courses I was looking @ taking are these, in this order

Note: I can take any IT course from Skillsoft

CompTIA Network+ 2012
CCENT
CCNA
CompTIA Security 2011
CCNA Security
CompTIA Linux+
RHCE (I don't really know if this is worth it though)

I'm doing the Network+ in front of CCNA as I've heard it's more introductory course whereas CCNA is more in depth.

Also, I'm thinking about doing a Microsoft course as well but I don't know which one I should take. I heard Sharepoint admins are "Wanted" at the moment but I would overall rather Networking/Security over a DB admin.

And how hard would it be to get a job in a capital city in Australia, I would be 18 at the time I finished the course and with hardly any worthy work experience (1 month in a Computer Repair shop) and yeah.

sadfjlfdo24

From that list, I'd take these and add CompTIA Security+

Shadow Realm wrote: »

CCNA
CCNA Security
RHCE

DoubleNNs

I think the list looks good. It'd be a struggle t finish them all within 10 months. But hey, even if you get 6 of the 7 within that time frame, it'd still be an impressive accomplishment.

Shadow Realm

sadfjlfdo24 wrote: »

From that list, I'd take these and add CompTIA Security+

I haven't had any experience with Cisco before, I've mostly used Netgear and Linksys routers and that's only for home connections. That's why I'd add N+ and CCENT. I'm pretty much looking to do as much of them as possible as I'm paying $4.5k to do any IT courses from this website www.seaklearning.com

And Security+ is that CompTIA Security 2011

DoubleNNs wrote: »

I think the list looks good. It'd be a struggle t finish them all within 10 months. But hey, even if you get 6 of the 7 within that time frame, it'd still be an impressive accomplishment.

I'm not what you would call amazing with the Security but I know most of it (As theoretical knowledge) and I can pick up anything IT related fairly quickly so that doesn't bother me. But I'll give it my best shot

YFZblu

The Cisco stuff will be good, and being comfortable with Linux is a must in security, I don't think you need to come close to RHCE level however. Don't neglect studying / learning incident response methodologies either.

Shadow Realm

I wouldn't mind RHCE but yeah. Linux+ I'm 100% going to do. Might switch out the RHCE for CISSP though so yeah

tjh87

Shadow Realm wrote: »

I haven't had any experience with Cisco before, I've mostly used Netgear and Linksys routers and that's only for home connections.

Having no experience with Cisco and no real networking experience, I would say you are going to be extremely hard pressed to get your CCENT, CCNA, and CCNA Security within 10 months. My suggestion would be to concentrate on Network+ and Security+ as they are easier and broader certifications. That alone will probably take 3-4 months if you are really studying and UNDERSTANDING what you are studying. Then you can move onto CCENT/CCNA. With zero experience, this will probably take at least 4 months of real studying. Once again, the goal should be to UNDERSTAND and be able to apply what you are learning, not just having a certification. There is a difference and your potential employers will quickly pick this up in an interview. Either way, studying for all of these certifications will help strengthen your core knowledge. I commend you for your ambition and hope everything works out.

BGraves

Agree with thj87, build your foundational level of understanding with the CompTIA exams first A+/NET+/SEC+ and build off them. I would hold off on CCNA Security unless you have a spare ASA around to play with, let that one be an on the job experience one as many companies use cisco firewalls. You can figure out CCNA/CCENT switching/routing for the most part with some test equipment or a program like Cisco Packet Tracer and some study.

If you are going for linux/unix admin, then pick the tests that are appropriate Linux+,RHCSE. If you are going networking, then pick those tests CCENT/CCNA/CCNP/etc. Security exams like Sec+, CASP, GSEC, CISSP are all good choices but I'd hold off on a CISSP till you have a few years of experience in security as it's more manager related than technical/hands on like the others.(plus, you have to be able to prove you have the sec exp in a job to get the full CISSP anyway) Microsoft exams are alright if you are working in a mainly Microsoft environment, a MCSA isn't a bad start. An ITILv3 wouldn't be a bad one to consider also, excellent for helpdesk and above personnel.

Definitely agree that the point of the certs is the learning/knowledge gain which translates (hopefully) in to real world skills that employers value over pieces of paper that say you passed something. Excellent goals though, wish people I knew/worked with were this motivated to succeed. Good luck!

YFZblu

Shadow Realm wrote: »

I wouldn't mind RHCE but yeah. Linux+ I'm 100% going to do. Might switch out the RHCE for CISSP though so yeah

Starting with the CompTIA exams is a good idea. And yes, eventually the CISSP will be a good marketing piece for the resume' and will have lots of visibility by the recruiters. But you don't need it just yet, and it won't really do much for you if you aren't well-rounded already. I feel like this thread neglects the meat and potatoes of network security.

-TCP/IP
-Linux
-Incident Response methodologies
-Programming / scripting

Lots of people put the programming/scripting off until later (myself included). But you're so young, you can really get ahead of the game by starting this early. Learn the fundamentals of Object-Oriented Programming, and pick up the syntax/logic of a couple high-level languages, like Perl/Python/JavaScript, just pick one and go. I guarantee you it will set you apart from other candidates.

BGraves

YFZblu wrote: »

I feel like this thread neglects the meat and potatoes of network security.

Ah? Hmm...I think we were mostly trying to give advice based on the courses he lists out in his first post. Although I believe TCP/IP is covered in Net+ and CCNA yes? Linux in Linux+/RHCE? Incident response methodologies might be in Sec+ or A+?

I do agree with YFZblu about programming/scripting. Knowing how to generate your own scripts can be a lifesaver and make you a very valuable asset to a company! Powershell is being pushed hard on the Microsoft side of things these days and YFZblu lists out other ones above that are good to learn as well!

YFZblu

BGraves wrote: »

Ah? Hmm...I think we were mostly trying to give advice based on the courses he lists out in his first post. Although I believe TCP/IP is covered in Net+ and CCNA yes? Linux in Linux+/RHCE? Incident response methodologies might be in Sec+ or A+?

Network+ and CCNA don't cover the depth of TCP/IP required to be a good security practitioner. And neither A+ or Sec+ cover any standard security Incident Response model (NIST, PICERL, etc.)

My point is, the certifications are good things - But make certain to branch out to expand on what the certification covers.

BGraves

YFZblu wrote: »

Network+ and CCNA don't cover the depth of TCP/IP required to work in the field. And neither A+ or Sec+ cover any standard security Incident Response model.

@ YFZblu, what level of depth would you recommend for a 17 year old who just started studying IT to secure a position? lol

YFZblu

BGraves wrote: »

@ YFZblu, what level of depth would you recommend for a 17 year old who just started studying IT to secure a position? lol

Did you not suggest the RHCE??

So here's the deal - He plans to enter the workforce within a year, right? I'm simply planting the seed for future projects he may consider to increase his stock. I could do the same thing everyone else does, which is recommend a bunch of arbitrary sysadmin certs and default to the CISSP every time the word 'security' is uttered, but that doesn't provide any real insight.

docrice

I'll put in my opinions from several different angles...

First, be careful of rushing through and finishing courses. While completing them and their respective certifications is fine, the general reality is that networking and other IT concepts don't easily sink in and all the pieces won't mentally fall into place until you've spent enough time doing the actual work, which itself takes years to build a practical skill. Book knowledge doesn't necessarily easily translate to practically applying your abilities to achieve real results, especially in complex, dynamically-changing environments.

Second, you don't want to be someone who has a bunch of certifications without demonstrated, progressive experience behind it. Having the paper achievements is fine, but there tends to be skepticism on candidates who have been able to attain a ton of certifications but no hands-on experience, implying naiveness. Achieving the certifications themselves aren't a bad thing, and we all have to start somewhere, but we're wary of prospective candidates that have the education but is essentially experience-hollow. Some hiring managers might view them as attempting to misrepresent ability due to the fact that there are so many in the job market trying to make the impression on paper and going overboard but then turning up short in interviews. I've talked to a number of these candidates myself.

Third ... and this is regarding network security for the long-term perspective for your career ... there are two ways of looking at this: on the obvious front there's the vendor-centric network security which is essentially learning to configure devices like firewalls and other specialized appliances. This is a start, but I don't see this as real network security at all. It's a real sore point for me. Simply learning how to configure devices which have a security-related purpose does not mean you're actually looking at threats, risk, and being able to manage those sorts of issues for the organization which employs you. I've met too many firewall admins who aren't much more than just network engineers who understand ACLs. They lack an understanding of the attack lifecycle - how the threats work, the methods and tools used, the mindset, potential pivot points, and data exfiltration processes.

Network security has to be beyond simply configuring tools in order to add real value to the business. The vendors may suggest otherwise with seemingly-simple point-and-click operation, but these days real infosec work requires a lot of digging, mining data, keeping up to date constantly, constantly monitoring, and finding the needle in the haystack in a timely manner. This isn't something Cisco or other security appliance vendors will typically teach you. You'll need to expand your training (formal or otherwise) beyond pushing buttons within the device administration interface.

Proficiency doesn't come overnight and takes years to grow. There are rare exceptions, but I just want to emphasize the danger in rushing to capture certification flags in the hopes of attaining employment. Enthusiasm and ambition are good and will serve you well if you harness them properly, but simply finishing classes and getting the certs will achieve varying results in employability depending on the positions you're looking for, the job market, where you're located (or willing to relocate), and other factors.

wes allen

If you want to gain a bit more then just some certs, carve out 30-50 percent of your study time and devote it to listening to good infosec podcasts, following links on twitter, learning *side* technologies, like wireshark, and hacking stuff in your lab, or one of the many online labs. That will balance things out a bit, and has the advantage of being free/cheap.

If you get ccna:sec then you can talk configs, but if you spend a year listening to podcasts, doing real world hacking in a lab, and reading blog posts, you can have a conversation on security, rather then just firewall acls. Personally, doing that has been way more valuable to me then getting my CISSP.