Government InfoSec

Hi all, I am currently training for my CompTIA A+ certification this school year through an online training program called LabSim by Testout. (I'm a Sophomore in high school) I will hopefully pass both the 801 and 802 exams. When i pass them, I will be eligible to return my Junior year for CompTIA's Network+ certification. For my senior year, which InfoSec certification would give me the most benefit for a Government Job.(I will be applying for an Internship after high school with the NSA) Will i have the necessary prerequisites for the Certified Ethical Hacker or should I go for Security+ and SSCP? Is the SSCP worth getting?

Find more posts tagged with

Comments

NovaHax

Based on my years working in DOD...I can tell you that Sec+ seems a lot more prevalent than CEH. As far as difficultly, I'd say they are about the same. But Sec+ will probably give you a better overall introduction to security. I say go Sec+ and if you enjoy it, move on to CEH and beyond in InfoSec.

TByrd450

What do you do within the DOD NovaHax. I would love to advance in the ranks and eventually be a hacker or related within the NSA, and I didn't know what certification to start out with. Also, what school has a good computer science degree with concentration in either Cybersecurity or Information Security. John Hopkins and James Madison stuck out to me, but I would like input from people that have similar degrees and work for the government in similar areas.

MSP-IT

You'd most likely need to attend official training if you wanted to get the the CEH.

In order to be considered for the EC-Council certification exam without attending official training, candidate mustHave at least two years of information security related experience.
Remit a non-refundable eligibility application fee of USD 100.00
Submit a completed Exam Eligibility Application Form.
Purchase an official exam voucher DIRECTLY from EC-Council through Products | EC-Council Store

NovaHax

I work in private consulting now...doing pentesting, vulnerability assessments and compliance work. I got started in the Air Force though.

TByrd450

Thanks man. Which do you like better private sector or government jobs.

SephStorm

If you want to intern for NSA you will need to remain in school. I am not familiar with any internships from HS. One thing you may want to consider is attending a CAE2Y for your AS degree in a Infosec or CS discipline.

I will also advise you to keep your eyes open, DoD may move away from certs such as CEH eventually, towards practical certs like OSCP. So you may want to for for the Security+ in your Jr./Sophomore year. I can tell you that you may want to work as well, the Meade area is not cheap to live in.

My opinion on your last question? I'd say private sector. Better pay, more mobility, a wider variety of experiences, and you can still work for the government. Outside of personal reason, best thing about government is stability and benefits, both of which we've seen are not as guaranteed as we may have once thought.

NovaHax

TByrd450 wrote: »

Thanks man. Which do you like better private sector or government jobs.

I think better attention is paid to training and development on the private side. On the military side...I was expected to be 8570 compliant (i.e. have my security+) and that is all that was paid for. On the private side...I'm pretty much covered on any training as long as it is security/pen-testing related.

Also, I like consulting because you get to see a large number of different environments. As opposed to doing monotonous work in the same network environment day in and day out.

MrAgent

Unless you take the CEH class, you wont be eligible to take the exam. You have to have 2 years professional experience in order to self study. Like everyone else has said, go with the security+

TByrd450

Should I pick up my SSCP with my Security+ because the course I will take will prepare me for both. Since I will be in college after high school, will it be hard to get my CPE credits or whatever they are called to recertify with ISC2

TByrd450

@SephStorm Here his the link for the internship. I am just trying to make myself look as marketable as possible. (Student Programs at the National Security Agency (NSA) - High School Student Programs)

the_Grinch

Out of high school the NSA isn't going to be too concerned with certifications. Your focus right now is to get very good grades in math, science, and programming courses while in high school. If you want to get some certifications along the way that is fine, but without the real world experience you'll be a paper tiger. Definitely apply to their high school internship as that will get you closer to getting the scholarship for them to pay for college. School wise, just make sure it's a NSA CAE and you should be fine.

The thing to note is going to a school that has a good relationship with NSA. I know Drexel sent out an email to IT/CS/CE majors with contact information and how to apply to NSA when we were close to graduating. It provided a way to not get stuck in the normal application process through their website. Also, keep your nose clean because they will go through every inch of your life and then some. No music or software downloading, drugs, or crime in your background. As others have said, you won't break the bank working for the government, but if they pay for your schooling the salary is more then what you'll need getting out (expect $55k a year as a new grad). You'll be required to remain with the agency for four years and after that you could basically write your ticket (be it another agency or the private sector).

Also, there a plenty of programs for scholarship to pay for school and work at basically any agency within the government. Plenty of agencies that have a need for what you want to do and with various locations. NSA will stick you in Maryland for at least two years, where other agencies you have much more leeway to go to other parts of the country or perhaps the world depending on the agency.

TByrd450

Thanks for all the input. I will be going down to the local college to pick up some computer science classes as well as upper level math and sciences to further distinguish me from the crowd. I have talked with the NSA and they told me that many hundreds apply and few are accepted so wish me luck as I begin my journey.

nestech

MrAgent wrote: »

Unless you take the CEH class, you wont be eligible to take the exam. You have to have 2 years professional experience in order to self study. Like everyone else has said, go with the security+

EC-Council CEH Application Process Eligibility

nestech

TByrd450 wrote: »

Hi all, I am currently training for my CompTIA A+ certification this school year through an online training program called LabSim by Testout. (I'm a Sophomore in high school) I will hopefully pass both the 801 and 802 exams. When i pass them, I will be eligible to return my Junior year for CompTIA's Network+ certification. For my senior year, which InfoSec certification would give me the most benefit for a Government Job.(I will be applying for an Internship after high school with the NSA) Will i have the necessary prerequisites for the Certified Ethical Hacker or should I go for Security+ and SSCP? Is the SSCP worth getting?

For DOD if you are going to be working in the NSOC you will need ITIL, Sec+ and CEH.

https://secureninja.com/government/dod-m-government-training-certification-washington-dc-dulles-va-san.html?_kk=dod%2520certifications&_kt=2d46fe2e-2f43-4239-a6ec-8e81415ad3a9&gclid=CKjwudma4LsCFSvl7AodAxYAaA

NovaHax

nestech wrote: »

For DOD if you are going to be working in the NSOC you will need ITIL, Sec+ and CEH.

That is NOT correct. You need to change out that 'and' for an 'or'. There is quite a difference there. "That seems like a pretty crucial conjunction", lol

TByrd450

The training I will receive for security+ will also prepare me for my SSCP. is the SSCP worth getting? Will re certification be hard for me to do in college? Is it a marketable cert?

NovaHax

TByrd450 wrote: »

is the SSCP worth getting?

I think there are conflicting opinions on this. Sec+ and SSCP are probably close in value. The advantage of CompTIA is that it has the market for entry-level IT certs covered. Anyone in the industry should recognize CompTIA. So if you decide to do something other than security, any IT employer will likely recognize the cert. ISC2 on the other-hand, it probably less known in the industry as a whole, but is very well known in Info Security and seems to be more respected in our corner of IT. If you are absolutely sure security is what you want to do...you might lean towards SSCP.

TByrd450 wrote: »

Will re certification be hard for me to do in college?

Two points on this:

1. You don't have to re-certify...you just have to maintain your certification with continuing education.

2. And YES, it will be very easy to maintain the cert if you are going to school full time. Your classes give you CEUs (Continuing Education Units). I haven't verified this, but I'm pretty sure full time schooling will completely cover all your CE requirements for the duration of your schooling. You just have to keep a record of it and submit the time to ISC2.
**I can say for sure that it will definitely cover most of your CE requirements. Worst case scenario...you could do a few webinars online or read a book to fill in the gaps**

SephStorm

Thanks for the HS Intern link, I didnt see it on a brief look.

wikiget

NSA doesn't follow the DODD 8570. They are working directly toward NICE.

http://csrc.nist.gov/nice/framework/

smashedpumpkins

If your goal is to work for the government I HIGHLY recommend you seek out a school participating in the Scholarship for Service National Science Foundation. Some of the schools offer Bachelors and some offer Masters. (Very few Doctorates) The program will essentially pay for 2 years of school + offer you a monthly stipend of $1 to $2k. (You entire Masters or part of your Bachelors) They pay it as you go. My Masters was paid for completely.

This is a government program meant to train cyber security experts for the government. For every year you are given the scholarship you are required to work for the government for a year. All that means is you shoot them an email or fill out a survey as to where you work and what you do. They don't take your pay or find you a job. No biggy as that's your plan anyways.

I finished up my Masters and interviewed with the NSA, CIA, DHS, FBI, SEC, FRB, Treasury, DOE and several other agencies. (Many offered me jobs) The program pays to fly you and the other students to Washington DC for a job fair each year. You're required to complete an internship while in the program. In many cases, your internship leads you to your job. If not, it'll help you land one elsewhere. I've built some great connections and landed an awesome job. Every school runs their program differently. In my case, I spent 20 hours a week in a lab with other students working with/in pen testing, scada, windows admin, siem (IDS/IPS), FISMA, RMF and several other projects. We were also highly enoucraged to pass the SSCP and CISSP. Other schools might have you do research and some poorly run programs just give you a paycheck. Each school must have a Bachelors or Masters that meet CNSS standards. (Possibly NSA accreddited as well)

There are no drawbacks to the program. It pays for your education, cost of living, sends you to job fairs, teaches you how the government works, and hopefully you'll have an alumni system that assists in finding jobs or teaches you the ins and outs.

TByrd450

Thank you smashed pumpkins. Do you work with the NSA. A lot of the stuff you mentioned I have found on their websites and job applications. Please shoot me an email if you work in the Intelligence Community, I have some questions for you. Email is ********. Or you can keep it on the forum if you want.

SephStorm

My guess? No, he doesn't, based purely on the location on his profile.

If you have questions you can PM me through this board, i'll answer what I can. I don't work for the IC but I have a bit of knowledge of the arena. Also, it's generally advised for members of the IC to not identify themselves, or the fact that they are seeking employment with the IC. I don't think this thread would be held against you, but just an FYI.

TByrd450

Thanks for the tip, I didn't see his location. Also the main thing I'm looking for is stuff to help me seem a more desireable candidate for employment.