My switch from IT Ops to IT Cybersecurity - Certification Roadmap for 2014
chopsticks
Member Posts: 389
Just some ranting.
I am currently in IT operation, and particularly, in Desktop Support. I have always yearned to become either a System Admin or a Network Admin, and have worked plans to achieve that. Somehow since last year, something in me has changed and my interest in pursuing as a System Admin/Network Admin has waned. I'm getting more and more tired by the day-to-day ops with the never-ending demand and requests from users, repeating the same stuff over and over again (maybe the boredom bored me out?)
On the other hand, I discover myself growing more and more interested in cyber-security. Whenever I surf the Internet, visiting to local libraries or bookstores, I will naturally pop over to the InfoSec section. So I decide to switch my focus to be in InfoSec and also to work on certification related to cyber-security. On top of that, if there is any specific area that will aid in my understanding for InfoSec, I will also consider to delve deeper into them and obtain the relevant certification as well (am I too ambitious?)
Nevertheless, this is my currently certification plan that is to achieve in 2014 (Edited):
1. CEHv8 - achieved
2. ECSA
3. eLearnSecurity PTS/PPT
4. CCENT-> CCNA Security
5. GSEC
Probably that will keep my hands full for this year, but if I manage to complete them before the end of 2014, and still have time left, then I will want to learn more. Is there any suggestion from you guys? Thanks in advance.
I am currently in IT operation, and particularly, in Desktop Support. I have always yearned to become either a System Admin or a Network Admin, and have worked plans to achieve that. Somehow since last year, something in me has changed and my interest in pursuing as a System Admin/Network Admin has waned. I'm getting more and more tired by the day-to-day ops with the never-ending demand and requests from users, repeating the same stuff over and over again (maybe the boredom bored me out?)
On the other hand, I discover myself growing more and more interested in cyber-security. Whenever I surf the Internet, visiting to local libraries or bookstores, I will naturally pop over to the InfoSec section. So I decide to switch my focus to be in InfoSec and also to work on certification related to cyber-security. On top of that, if there is any specific area that will aid in my understanding for InfoSec, I will also consider to delve deeper into them and obtain the relevant certification as well (am I too ambitious?)
Nevertheless, this is my currently certification plan that is to achieve in 2014 (Edited):
1. CEHv8 - achieved
2. ECSA
3. eLearnSecurity PTS/PPT
4. CCENT-> CCNA Security
5. GSEC
Probably that will keep my hands full for this year, but if I manage to complete them before the end of 2014, and still have time left, then I will want to learn more. Is there any suggestion from you guys? Thanks in advance.
Comments
Connect With Me || My Blog Site || Follow Me
What about CASP & SSCP? I have not come across them yet (sorry for my lack of reading on my part).
The SSCP is not really technically based, it is very similar to Security+. I believe it's more of an introduction to the CISSP. It introduces the topics you'll dig deep into when studying for the CISSP. That's only from what I've read and heard.
Cisco exams are good for networking, personally I'd go CCENT>CCNA R&S>CCNA SEC but not in a rush.
CISSP requires a certain amount of time in InfoSec, wouldn't bother with that one till after you obtained a job in InfoSec.
ECSA, if you learn stuff it's prob not a waste of time but I wouldn't bother with it myself. Same with CASP. Same with SSCP.
I have to agree here. Regardless of your infosec niche, the CISSP is key. It helps everyone. However, you do not seem to have the required experience for that. I wouldn't bother with SSCP. Might be better to become an associate of ISC by passing the CISSP and getting the full certification once you meet the experience requirements.
If your interests are in network security, the Cisco track will be great for you. Also, I doubt how much the ECSA will help you. From your list, I would only do GSEC(the GIAC certs are great) and Cisco. That is, if I am corrent in assuming that you are striving for a position in network security?
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Agreed. As far as I can tell...it hasn't really done anything for me. I only took it because EC-Council mistakenly included the study material in my CEH training package.
I agree, that and it isn't that difficult (From what my colleagues say. All of them got the certification in 3 and a half weeks). It just gives you an overall broad based view of security. I would choose someone with an OCSP over an CISSP any day if I was looking for a technical security individual.
Your colleagues are being disingenuous, or have plenty of experience in the CISSP CBK (I expect the latter).
Bachelors of Science in Telecommunications - Mt. Sierra College
Masters of Networking and Communications Management, Focus in Wireless - Keller
Bachelors of Science in Telecommunications - Mt. Sierra College
Masters of Networking and Communications Management, Focus in Wireless - Keller
Having done both, I have to say that there is truth to what each of you say. Bobloblaw is right...the CISSP exam is a beast...even for someone with significant experience in the industry. That being said...being good at test taking can go a long way with an exam like the CISSP (regardless of how tough it is)...and that isn't true of a practical exam like OSCP.
eLearnSecurity PTS/PPT
Known as the "3-in-1 Linux certification", consider the CompTIA Linux+ certification. Once you obtain it you can apply for LPIC-1 and SUSE Certified Linux Administrator (CLA) certifications without further testing. If you want to dive deeper at a later time, you can advance via LPIC-2 and LPIC-3.
Another point to consider, if you'll search for DoD Directive 8570 or 8140, you'll see an InfoSec advancement track well recognized by employers and government.
If I were in your position I would focus on these certs in addition to Linux+ and CCNA.
A decent track would be Network+, CCNA Security, GSEC, Linux+ (3-in-1)/GCUX, C|EH, MCITP/GCWN.
About that time you should have enough working experience to attempt the CISSP.
You may want to look into getting a BSIT degree from WGU, this will help you obtain some of these certs while earning your degree at the same time.
Online IT Security Degree | Information Security Degree | WGU College of Information Technology
My 2 cents.
For example, if you wanted to get into Malware Reverse Engineering, and were studying CCNA you might be able to spend you time more wisely. I know you may not know specifically what you want to do in security, but as you begin to dive into your studies, keep asking yourself that question.
so have you shifted from IT OPS to security..