My switch from IT Ops to IT Cybersecurity - Certification Roadmap for 2014

chopsticks

chopsticks wrote: »

Just some ranting.

I am currently in IT operation, and particularly, in Desktop Support. I have always yearned to become either a System Admin or a Network Admin, and have worked plans to achieve that. Somehow since last year, something in me has changed and my interest in pursuing as a System Admin/Network Admin has waned. I'm getting more and more tired by the day-to-day ops with the never-ending demand and requests from users, repeating the same stuff over and over again (maybe the boredom bored me out?)

On the other hand, I discover myself growing more and more interested in cyber-security. Whenever I surf the Internet, visiting to local libraries or bookstores, I will naturally pop over to the InfoSec section. So I decide to switch my focus to be in InfoSec and also to work on certification related to cyber-security. On top of that, if there is any specific area that will aid in my understanding for InfoSec, I will also consider to delve deeper into them and obtain the relevant certification as well (am I too ambitious?)

Nevertheless, this is my currently certification plan that is to achieve in 2014 (Edited):

1. CEHv8 - achieved
2. ECSA
3. eLearnSecurity PTS/PPT
4. CCENT-> CCNA Security
5. GSEC

Probably that will keep my hands full for this year, but if I manage to complete them before the end of 2014, and still have time left, then I will want to learn more. Is there any suggestion from you guys? Thanks in advance.

Unsure why am I not able to edit my first post. Hence quoting my original post. As of now, ECSA is done. Next I'm looking forward to conquer CCENT/CCNA and CHFI (a new member) :>


My progressing certification plan to achieve in 2014 (Edited):

1. CEHv8 - achieved
2. ECSAv4 - achieved
3. CHFIv8
4. CCENT-> CCNA Routing & Switching, CCNA Security
5. eLearnSecurity PTS/PPT
6. GSEC

LionelTeo

Depending on your preference.

Opt for the Strong & Easy Path to make yourself seems strong by gobbling up these relatively possible via self study certs.

Sec+, CEH, GCIH, GSEC, G2700, GISP, CISSP

chopsticks

Hi Lionel, thanks for providing your guidance, I will search more info on them. :>

gbdavidx

JasminLandry wrote: »

The SSCP is not really technically based, it is very similar to Security+. I believe it's more of an introduction to the CISSP. It introduces the topics you'll dig deep into when studying for the CISSP. That's only from what I've read and heard.

this is correct. i am going to start studying for this. I may have a lead on a federal contracting job, unfortunately I have to get network+ before getting hired so I scheduled it next week. They also recommend the SSCP it definitely is entry level before the CISSP

NovaHax

gbdavidx wrote: »

this is correct. i am going to start studying for this. I may have a lead on a federal contracting job, unfortunately I have to get network+ before getting hired so I scheduled it next week. They also recommend the SSCP it definitely is entry level before the CISSP

CISSP is not a very technical cert either.

cmitchell_00

CISSP is God in the security world. Also this certification is the best way to move into management.

chopsticks

I too see a lot of job openings have CISSP as one of the requirements.

chopsticks

resgde wrote: »

Do you use the VCE ****? Recommend me, I am preparing the CCNA exam.

For me, no. I intend to use the practice questions by ExamPrep books, and those included in Odom's and Todd's books and CDs :>

higherho

OSCP >>>> CISSP if you want to be part of the Red team / Technical

http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

CISSP is the general requirement for any info sec position. Soon its going to become the next security +. However I've been hearing they will be adding the CCNA security to be IAT level 3 soon.

veritas_libertas

@Higherho: I wouldn't go that far. It does make it easier to acquire a position in Information Security, but it's far from a requirement. Also, it's geared towards management, so it's not going to be the next Security+ by any means.

LionelTeo

chopsticks wrote: »

I too see a lot of job openings have CISSP as one of the requirements.

While a lot of job openings has CISSP as a requirements, it also shows that a lot of recruiter simply copy and paste stuff without actually thinking through about the relevant skill let for the particular job. CISSP is very useful in terms of risk management and business perspective, in this two areas, it has a really good coverage in some ways, one example would be a pentester who understand the concepts taught by CISSP would write a report gear towards business perspective to make it more outstanding as compare to a pure technical report.

However, you should be aware of organization who took the CISSP certification too far in looking for candidates, you could see for yourself on how many job posting that ask for CISSP looking for candidate with 3 or less years or experience; which is literally impossible. Sometimes you can also see technical roles requiring CISSP.

Bear in mind, you as a prospective candidate should also evaluate the organization as much as the organization evaluates you. The interviewer would be your future direct manager, and if he really specialise in IT Security, he would understands the different certifications and where it applies, as compare to one that mistaken CISSP is everything. As such, other certifications would also weigh a great chance in not only you getting a job, but as well as getting into a great organization to works in.

A very specific example, let's say if you hold a GSE certification, and your future employer do not know what is it and deem that CISSP is more worthy, you would roughly know if this employer is worth to work for.

chopsticks

Hi Lionel, ya that's some good pointers, thanks :>

bobloblaw

higherho wrote: »

CISSP is the general requirement for any info sec position. Soon its going to become the next security +.

Sorry, no to both.

bobloblaw

resgde wrote: »

Thanks for your recommend, i just found some useful study materials from ExamPrep books and orderd one set of vce **** from PassLeader for preparing my CCNA exam, hope pass it with good luck.

You're doing yourself a disservice by using ****, and you're cheating. Tech Exams is not **** friendly.

higherho

bobloblaw wrote: »

Sorry, no to both.

Sorry, I should have explained myself a bit more. The certification will turn out like the security + in the government world in the sense that every IA person needs to have one even Jr people coming into the gov IA world. Working in this field now for 5 years (gov sector) and I'm just starting to see saturation in the certification because of the 8570 requirement's. Thankfully they are changing the 8570 around a lot in the upcoming year or two. Granted the certification is not easy like the security + I did not mean it like that.

chopsticks

resgde wrote: »

Thanks for your recommend, i just found some useful study materials from ExamPrep books and orderd one set of vce **** from PassLeader for preparing my CCNA exam, hope pass it with good luck.

I agree with bobloblaw, because it will definitely do you no good. Imagine with this cert you have, you are trusted with a real production router/switch, do you think you have the confidence to handle it?

bobloblaw

higherho - Gotcha. Still, have you taken the CISSP? No way it's going to be a requirement for Jr level. Jr level can't even obtain it (besides associate status) based on isc2 requirements. Now you might be able to take it and use it for a lower level on the 8570, but the easiest and most likely route would probably end up being the SSCP or CASP.

GarudaMin

chopsticks wrote: »

I agree with bobloblaw, because it will definitely do you no good. Imagine with this cert you have, you are trusted with a real production router/switch, do you think you have the confidence to handle it?

CISSP is not a technical cert. It's about the breadth, not depth. It requires one to know or assume one to have experience in all those things that it covers under its domains. If your experience is limited to only one thing (let's say securing Windows servers), then that's all you get out of CISSP. Systems are interconnected and security is a broad subject. You truly need to understand and have experience in many things in order to cover end-to-end.

But sadly, a lot of CISSPs out there have the cert just because it's being looked for in a resume. The question you ask about whether one has confidence to handle it when trusted with a real production router/switch, it would depend on the person's experience. If the person has worked as network admin, have experience, or hold certs like CCNA, CCNP, or CCIE, then I am sure he/she will have confidence.

Basically what I mean is one shouldn't be hiring a CISSP just because he/she has a CISSP. One shouldn't also get CISSP without getting one's feet wet. But in this economy, everyone just jump on a CISSP bandwagon without real experience that can support the credential. It's a shame to the cert and to the community of CISSP who actually gave blood and sweat to get the credential.

mokaiba

Master Of Puppets wrote: »

Might be better to become an associate of ISC by passing the CISSP and getting the full certification once you meet the experience requirements.

Even as an associate, you would have still passed the CISSP. Id imagine to most employers that is all they would care about.

chopsticks

Hi GarudaMin, thanks for chipping in your opinion on CISSP. :>

chopsticks

Right now, I'm studying for CCENT (100-101), using Odom and Lammle books. On top of that, I'm currently going through CBT Nuggets video too, and I realise it is good! It helps to fill in gaps for those topics that I already know and I've all the while been pondering while learning from the books. Thumbs up! :>

chopsticks

chopsticks wrote: »

Unsure why am I not able to edit my first post. Hence quoting my original post. As of now, ECSA is done. Next I'm looking forward to conquer CCENT/CCNA and CHFI (a new member) :>


My progressing certification plan to achieve in 2014 (Edited):

1. CEHv8 - achieved
2. ECSAv4 - achieved
3. CHFIv8
4. CCENT-> CCNA Routing & Switching, CCNA Security
5. eLearnSecurity PTS/PPT
6. GSEC

My new progressing certification plan to achieve in 2014 (Edited again):

1. CEHv8 - achieved
2. ECSAv4 - achieved
3. CHFIv8 - achieved
4. CISSP - Working on it
5. CCENT-> CCNA Routing & Switching, CCNA Security - Working on it
6. eLearnSecurity PTS/PPT/WAPT/PWD - Working on it
7. GSEC

Expect

Are you working on all of those simultaneously ?

chopsticks

Yes but there are priorities given to each. I put CISSP with first priority (due to an exam claim I may get but will expire in the mid of next year), follow by PTS as second (due to lab expiration date) and then CCENT.

Expect

Alright, if that works for you then good luck

chopsticks

Hi Expect, thanks

John-John

I am just starting out doing network security for the government as a new grad but I can say the certs they look for are Security+ and an OS cert like MCSA or MCTS. Eventually CISSP is something everyone wants to see on your resume but 1.) it is really expensive and not something you want to pay out of pocket for and 2.) requires at least 4 years experience in the security industry with a degree. CCNA is also something everyone likes to see, but it is not really required to start out. But that is just from the point of view of DoD jobs. I am thinking if you had at least the CCENT and applied for a job that required it they would give you about 6 months to finish it.

chopsticks

Hi John-John, thanks for sharing your thought.