Career Path Advice??

JamesITJamesIT Posts: 11Member ■□□□□□□□□□
Hi, I currently work as an IT technician however I'm really interested in cyber security, However I'm unsure on what path I should take? In next 1-2 years I want to try and get a job as an Information Security Analyst. I prefer the more technicial side of things so would ideally want to be securing systems/pen testing/exploiting ect. I've had a look at CEH, SSCP, GSEC, SEC+,OSCP however I'm not sure where to begin? My current certs: Comp Tia A+ Comp Tia Net+ 70-680: Configuring Windows 7 & (Studying 70-685 for MCITP status, Exam at end of month) After I've finsihed my 70-680 I'm thinking of starting with Security+ however I don't know what certification I should take after that? I'm thinking of possibely taking this path: Sec+ GSEC CEH Security Tube SPSE OSCP CISSP Could anyone please give me some advice on this? Thanks in advance, James
2014 Cert Goals: eCCPT (DONE), BSc Hons Ethical Hacking (In Progress)
2015 Cert Goals: CompTIA Security+ (Done), DVLA Driving License, Security Tube Python Expert


  • CannonTheRookieCannonTheRookie Posts: 4Registered Users ■□□□□□□□□□
    Hi James,

    I would like to join this thread if you don't mind. I have the same question as you. I need some advice on a career path in Information Security and what certs that will get me in the door.

    I currently have A+, Net + and Sec+ with a total of 3 years’ experience in the IT field (Helpdesk and Desktop Support). Just as you James the technical side of things is where I would like to be at this point. So any advice as to a path would be greatly appreciated guys.

  • da_vatoda_vato Posts: 445Member
    It sounds like your interested in both offensive and deffensive posture security. I would recommend finishing off the comptia triad (sec+) JamesIT.

    C|EH is popular with hiring managers so to get your foot in the door I think that would be a decent first move for both of you. To dig deeper and have proven skills in the offensive posture it is highly recommended on this forum to attend OSCP.

    Follow that up with CISSP and I believe you resumes will be pretty darn hard to beat.
  • j.petrovj.petrov Posts: 282Member
    I agree with da_vato.

    The sec+ cert is a pretty good foundational cert that will have knowledge that you can apply to any security certs you go after in the future. I just started a gig as a Security Analyst and it definitely helped me navigate the interview and is also proving to be pretty valuable for my CISSP studies as there is a lot of overlap. Once you have the foundation definitely go after the more technical certs, CEH and OSCP.

    I would also recommend you start using linux if you already aren't doing so.
  • CannonTheRookieCannonTheRookie Posts: 4Registered Users ■□□□□□□□□□
    Thank you guys for the advice. I will start with the CEH for now.I also was advice to check out for some local networking. Again thanks!
  • LionelTeoLionelTeo Posts: 526Member ■■■■■■□□□□
    The bulk of resume I came across for applicants applying for it security jobs are neither it security experince or certified. This is a good sign for you if you can get some certification that gives you over the edge of others. However, a single it security certification is nearly useless, even having cissp alone may not look as good as compare to a candidate with cissp, gcih. You will need a few to pack a punch in and stand out from others.

    taking that into consideration. You may want to iron out your path considering what path would you like to take. Then take a few certifications to reach that goal

    a few examples
    Pentester path: Ceh, Gcih, Gpen, Oscp, Gxpn, Ocse, Gwapt

    Forensic Path: Ceh, GCIH, chfi, gcfe, gcfa, grem

    Intrusion Analyst Path: Ceh, Gcih, Gcia, Gcfw

    Generic Path: Ceh, Gcih, Gsec, Gisp, Cissp, Cism

    Auditor Path: Ceh, Gcih, Gsna, Gisp, Cissp, Cisa

    Security Administrator/Incident Handler Path: Ceh, Gcih, Gcwn*, Gcux*, Gced

    *Optional for incident handler

    While it seems weird that I seems to be practically mentioning ceh and gcih for every path. I would like to emphasize it security may not required hacking skills at all. Take for example is the job of a bcp manager, whose role is mainly to ensure the bcp success and may not required to go in depth in any technical skills. However, for entry level, ceh and gcih should be able to cover the foundation required for most path.

    Ceh teaches the basics for hacking while gcih covers common possible security incident scenerios and how to handle them. After that you can choose to go into whatever specialisation you wish to.
Sign In or Register to comment.