IT Security Questions

I am a Computer Information Systems major at a community college with a focus on IT support. I've been working at Geeksquad for about 5 years now but as I am coming towards the end of my school work and I am deciding on where I want to go. I've been giving alot of thought to IT security and have been researching alot of certifications. I'm not that great when it comes to programming but I'm fairly decent with Networking and I enjoy learning about it more. I am planning on getting my A+, Network+, Security +, and checkpoint from now till the end of fall 2014

My overall plan is to get at least 2 years as help desk support, try to move into a network admin position for 2-3 years and from that point, see if I can squeeze my way into an IT Security position as a network security engineer or security auditor. With all this being said,

1. Would this be a reasonable approach or unrealistic?
2. What are some other certifications I can take that are reasonably priced? I've notice alot of them are in the 4 to 5 thousand dollar range which is way too much for me.
3. Im also looking to get involved in some local groups who specialize in IT security so that I can network myself. Are there any websites that would show me local IT security groups?

Thank you in advanced to anyone who is able to answer my questions.

Sean

Find more posts tagged with

Comments

YFZblu

If your goal is to work in security, then that's what you should focus on. It would be a huge mistake to work in networking for two years if you don't need/want to. Many like to say you round back to security later in your career; however the field is changing and that may not be necessary for you. Attending infosec conferences / group meetings is a great idea. Don't be afraid to intern either if it's possible.

Learn other technologies, yes - But your goal needs to be a security job.

First though, you need to determine exactly what kind of security job you want.

SCL1419

YFZblu wrote: »

If your goal is to work in security, then that's what you should focus on. It would be a huge mistake to work in networking for two years if you don't need/want to. Many like to say you round back to security later in your career; however the field is changing and that may not be necessary for you. Attending infosec conferences / group meetings is a great idea. Don't be afraid to intern either if it's possible.

Learn other technologies, yes - But your goal needs to be a security job.

First though, you need to determine exactly what kind of security job you want.

I would like to acquire a job as a Network Security Engineer or a Security Auditor. The problem Im having is what certifications should I take? Also do companies hire entry level for these two types of positions?

docrice

Generally no, as you need some minimum experience to understand the general context of the environments you'd work in. While certs aren't always necessary, they can help with HR resume screening and also make you aware of things that don't always present themselves on the job. I'd recommend the CCNA and the general Cisco security track, CISSP, and GIAC certs as a general rule, but there's a lot of shifts in expectations these days.

Being good at security means being able to research well. We've covered this topic many, many times before so I'd check the threads here.

Cert Poor

You'll have a little better understanding after you finish your A+, Network+, Security+. Might want to then branch into SSCP/CISSP land and maybe get some CCNA and CCNA: Security action on the side. SANS/GIAC stuff seem really expensive if you're paying with your own money, so those might have to wait until an employer covers them.

I'd say revisit this question after you're done with Security+.

And honestly, I've met some people with "Security Engineer" in their title who weren't really that technical and mostly set up user accounts (so the "security" involved ACL and DAC/RBAC I suppose). But I'd say most Security folks have at least some entry-level experience first before moving into a Security role.

SCL1419

Cert Poor wrote: »

You'll have a little better understanding after you finish your A+, Network+, Security+. Might want to then branch into SSCP/CISSP land and maybe get some CCNA and CCNA: Security action on the side. SANS/GIAC stuff seem really expensive if you're paying with your own money, so those might have to wait until an employer covers them.

I'd say revisit this question after you're done with Security+.

And honestly, I've met some people with "Security Engineer" in their title who weren't really that technical and mostly set up user accounts (so the "security" involved ACL and DAC/RBAC I suppose). But I'd say most Security folks have at least some entry-level experience first before moving into a Security role.

Thank you for the advice and I'll see what happens after I take the Comptia exams.