some advice for general networker

Hello

Network engineer here, 7+ years, doing senior roles, the usual Cisco alphabet soup (including CCNP Security), driven plenty of firewalls in my time, some basic server work (including linux) but no coding/programming experience.

Wondering what the Sec guys here think about SSCP, specifically how useful it would be for a network engineer, and how long it would take for someone with this kind of background? I was thinking as I want to be moving off the tools at some stage, that this is the kind of all round knowledge that could assist.

GSEC/CISSP seems out of reach as I have no plans to specialise in security (would love to tackle GSEC seriously, but unfortunately routers, switches, fabric and SDN are much more relevant to me LOL)

Comments

  • broli720broli720 Member Posts: 394 ■■■■□□□□□□
    I don't really know as I opted for CISSP instead. I do know that SSCP is a bit more technical. I would look at a few of the blogs that JD wrote on the certification. As for me, I think we're doing a little role reversal. I'm diving more into Cisco to keep my technical skills sharp and because I love networking, but my role is more on the policy and strategic portion of security. Having a nice balance between the two would probably be the perfect job for me.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Security is lot more mindset and in-depth, improvisational thinking which are generally based on principles conveyed in infosec books, classes, etc.. If you're planning to stay more networking-focused, I'd recommend possibly looking at classes like Network Threat Defense, Countermeasures, and Controls:

    https://www.blackhat.com/us-13/training/network-threat-defense-countermeasures-and-controls.html

    I was thinking of taking this since infrastructure security is part of my work, but I never see specialized classes like this except at events like Black Hat.

    The most important thing I recommend is to start looking at the network from an attacker's point of view. I find many network engineers understand the art of getting packets from one end of the world to another, but lack the insight on how malicious actors engage in abuse campaigns to intercept, manipulate, or intentionally reduce availability of services. Similarly, many firewall admins know how to enable features on security-centric appliances, but don't really understand what they're mitigating against, in which case they're just doing things based on vaguely-recommend best-practices and don't see beyond the tools.

    If anything, pick up some books like Counterhack Reloaded, Security Warrior, etc.. Knowing networking is solid, but understanding the hosts, applications, and other elements of the ecosystem is crucial if you want to be "see" how things work across different levels and how each piece can fall into harm's way.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • vasyvasyvasyvasy Member Posts: 68 ■■■□□□□□□□
    Context is everything... that being said, what are your plans for the future? Do you think you can use this certification to get a new position or a new job, with manager responsibilities?

    Of course, you should be aware that a certification is just a piece of paper that acknowledges that you were able to respond correctly to x% of their questions and you were a good monkey is reading books after books. The knowledge is gold, and what you do with it is even more valuable than just a mere certification (be it CISSP) :)
  • wintermute000wintermute000 Banned Posts: 172
    well just general knowledge really, as a networker you interface with security all the time. I have been offered network security roles before and its something I would consider had I studied something like this or GSEC.

    Obviously I know the packets and frames side down pat as well as general arch (DMZ layouts, demarcation designs etc.) but I thought it would be beneficial to gain a better understanding of the server stack (e.g. exactly how web server exploits work, SQL injections work, etc.), OS/client side and security in a holistic sense.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,667 Admin
    Probably the closest thing to a "Hacking+" cert is the CEH. It has a lot of good information to it, although the price of the exam is high and the quality of the exam itself might be a little lacking. The CEH material is worth studying even if you don't go on to tack the exam.
Sign In or Register to comment.