Advice for security certifications

Gattsu · January 2018

Hi guys, I have some questions. I would really appreciated if you can help me or give me some advice and tips.

Which certificates do you guys recommend for a job in security?
Where should I start first.

At the moment I don't have a job and it is really hard to find jobs in security. Do you think certification would help?
Should I still apply for jobs in security or should I apply for other jobs?

I am really frustrated, I don't know where to start.

TechGromit · January 2018

Security+ is the entry level security certification, the exam isn't too hard and it's not that expensive exam ($320) to pay for. You just need to get a book and study it. From there is really all depends on what area of security you want to specialize in.

As for a job in security, any job in IT would be beneficial expereince, while help desk might suck, everyone has to start somewhere.

Gattsu · January 2018

I have already experience with help desk and it really sucks i don't like it. I am thinkig about the get a normal job and do selfstudy at the same time for certs. And then apply for security jobs? I don't know what to do man. I am really stuck.

GirlyGirl · January 2018

Gattsu wrote: »

Hi guys, I have some questions. I would really appreciated if you can help me or give me some advice and tips.

Which certificates do you guys recommend for a job in security?
Where should I start first.

At the moment I don't have a job and it is really hard to find jobs in security. Do you think certification would help?
Should I still apply for jobs in security or should I apply for other jobs?

I am really frustrated, I don't know where to start.

Getting a job in security is difficult. Difficult because it is so competitive.

I have one question that's going to help me help you..

What city and state do you live in?

That is the golden question. Location is everything. Someone can't live in Willow Canyon, Arizona or Magnet Cove Arkansas and expect a plethora of opportunities.

Second question, since I have time. How much do you have to spend or credit on a card to obtain a certification?

Thanks,

GG

Ok Ok third question.

Do you have IT experience? What is it in? (Yes that is the forth question)

yoba222 · January 2018

I suggest getting on a job board and typing in some security related keywords. Look at the job post descriptions and see what kind of work experience/college/certs they ask for. Then make a plan to obtain that.

I think you'll find that most, if not all security-related tech jobs require tech work experience at a minimum and preferably security related. Non security tech experience, meaning like sys admin stuff or even software, but there is a much wider range than those two examples. I also think you'll find it much harder to break into tech security from a non tech job.

You might have just had a bad help desk job. The most perfect position in the world can suck if the company/work environment/culture is toxic.

Gattsu · January 2018

I can't post a reply to your questions it says that my reply is a spam?
Can i PM ur or something?

Danielm7 · January 2018

Honest question, not trying to be mean, but looking from the other side of the fence... Can you explain why someone should hire you for a security role? What makes you want to work in security specifically?

Gattsu · January 2018

I have already experience in some fields and I am willing to learn futher and I know this is not enough motivation for a employer to hire me. But one thing I am 100% sure is if I want something really bad. No matter what it takes I will get it even it is impossible.

Gattsu · January 2018

I live in the Netherlands, the state where I currently live is Utrecht.

At the moment I don't have a job so I have a lot of free time but I want to get a job ASAP. Actually it doesn't matter if its IT related or not what do you think about it? And I am willing to spend money on cert.'s.

Yes I have IT experience on helpdesk it was a first line job I was working with tickets etc 99% Windows related. Trough my job I got an MCP cert Windows server. But I don't want to focus on that direction because I don't like it. I want to focus on security related.

Trough curiosity I have a lot of gained experience in security (not professional experience). Like following a lot of security related forums / youtubers.
And testing things out in a VM environment with Kali Linux and learning web app pentesting. I am definitely far away from a professional still learning.

That's why I am really interested in security if I can make it my job, it would be a dream to come true for me.

TheFORCE · January 2018

Gattsu wrote: »

I have already experience in some fields and I am willing to learn futher and I know this is not enough motivation for a employer to hire me. But one thing I am 100% sure is if I want something really bad. No matter what it takes I will get it even it is impossible.

You might want something really bad but just talking about it doesn't mean it will happen. You need to put effort and work into the things you like.

Certificates alone are not the golden ticket to securing a job. You said you would do anything it takes but then on your previous post you said you dont like Helpdesk type job. Saying you already have experience in some fields gives us no real evidence of what type of experience that you could use for a security job.

Bottom line, stop talking and wishing and wanting and start doing, start putting more effort, more work and dont complain. Take every opportunity as a step for another opportunity you cant go from 0 to 100 without first going from 0 to 40.

Gattsu · January 2018

You are right. I am going to make a roadmap for myself what i want to do and what i want to achieve in the next months. The problem with helpdesk functions are they ask you to get certs like MCSA/ITIL etc. But i don't want to get that certs. That's why i am hesitatin to take a job in helpdesk. I am thinking to get a normal job (not IT related) and then do selfstudy at the same time. And when i get enough experience, i can apply for a security job. I don't know if that's a good idea.

[Deleted User] · January 2018

Security+ for starting off if new to security space. After that, focus on getting your CCNA. Having networking knowledge to an extent is important. After that, it depends on if you want to get into network security, incident response/handling, penetration testing/red teaming, forensics etc. Depending on your answer, you can do research for certs based on that. Good luck.

TechGromit · January 2018

Gattsu wrote: »

I have already experience with help desk and it really sucks i don't like it. I am thinking about the get a normal job and do self-study at the same time for certs.

Not quite sure what you mean about a "normal" job, If I was hiring for a security position, I'd be more likely to hire someone working in Help desk / IT with certifications, then someone working in a Non-IT related job with certifications.

If it's true you would be willing to do "anything", then I suggest you take a serious look at an overseas job with something like Vectrus. Something like this.

https://vectrusjobs.taleo.net/careersection/vectrus.external/jobdetail.ftl

Something with low requirements for educational and certifications in an undesirable part of the world. A year or two overseas, return with some experience and an active secret clearance, you could easily side into a government contractor job security position in the DC area.

Gattsu · January 2018

TechGromit wrote: »

Not quite sure what you mean about a "normal" job, If I was hiring for a security position, I'd be more likely to hire someone working in Help desk / IT with certifications, then someone working in a Non-IT related job with certifications.

Most of the help desk are focused on Microsoft related stuff Windows server/office365 etc. and they ask you to get certifications in that field.
Let's say i have worked 5 years in Help desk, first, second or third line. And then i decided to apply for a security job. What did i gained from a help desk function? Only what i can see is the real life work experience not technical stuff to security related. And i want to avoid that because that's waste of time imo.

TheFORCE · January 2018

Gattsu wrote: »

Most of the help desk are focused on Microsoft related stuff Windows server/office365 etc. and they ask you to get certifications in that field.
Let's say i have worked 5 years in Help desk, first, second or third line. And then i decided to apply for a security job. What did i gained from a help desk function? Only what i can see is the real life work experience not technical stuff to security related. And i want to avoid that because that's waste of time imo.

You spend enough time on the Helpdesk you should be gey enough security related skills. You get exposed to different type or errors, incidents, issues and change management, patching, updates, networking related issues etc. on top of that, having Microsoft certs will help you in understanding what it takes to secure Windows systems. Say that the Helpdesk experience is a waste of time shows how much you still have to learn.

By the way, I spend 3 years on the Helpdesk as my first corporate job. Since then I've been the lead of a security team, I'm been an assistant vice president and I've been a vice president attending meetings with board members and management. Guess what I have to thank for that, thats right, the first Helpdesk job that I spend 3 years in and taught all the different things that came into those 80-100 tickets on a daily basis. Then when they needed a security guy in the company i went for it. and guess who the company promoted, thats right. Its easier to move from the inside than from the outside with a non-IT job and 2 certifications.

TechGromit · January 2018

Gattsu wrote: »

Let's say i have worked 5 years in Help desk, first, second or third line. And then i decided to apply for a security job. What did i gained from a help desk function?

While not directly applicable to your career in Security, some of the same concepts are. Interacting with users, managing a ticket queue, solving technical problems. This is what you gain and what a potential employer might look for.

Gattsu wrote: »

Only what i can see is the real life work experience not technical stuff to security related. And i want to avoid that because that's waste of time imo.

While skipping the boring entry level help desk crap is desirable, unless you have a good educational foundation, and perhaps have a good contact in the industry, your going to have to put your time in, no matter if you feel it's a waste of your time or not. Where I work we have a couple of interns that went from College right into a job more suited to there education, but they were lucky, most people, even those with degrees don't go right into there desired field. Another good example would be a Lawyer or Doctor.

Hey Graduated from Law school, passed the bar, now I want to get right into into representing clients! Unfortunately your most likely going to be doing a lot of grunt work for the more experienced and senior lawyers in a practice. Pretty much low pay, long hours is what you have to look forward for the first couple of years.

Your desire to avoid "wasting time" is understandable, but it's pure fantasy. Without education, connections and a bit of luck, your going to have to face facts, and be realistic.

kaiju · January 2018

Gattsu wrote: »

Most of the help desk are focused on Microsoft related stuff Windows server/office365 etc. and they ask you to get certifications in that field.
Let's say i have worked 5 years in Help desk, first, second or third line. And then i decided to apply for a security job. What did i gained from a help desk function? Only what i can see is the real life work experience not technical stuff to security related. And i want to avoid that because that's waste of time imo.

A well-rounded Security Analyst should have knowledge of both systems and networking that will complement his/her security skillset. With that being said, an entry-level applicant with CCENT, MTA (or MCSA), and an entry-level cert is much more attractive than someone with a just a Sec+. Those Certs can be waived with the caveat to obtain them within 6 months of hiring IF the applicant can pass an interview that pertains to the aforementioned level of certifications.

Advice for security certifications

Comments