Is CCNA overkill for a career in IT security?

uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□
Hi,

Some background about myself:
I have a Bachelor in Computer Science over 10 years ago. I've been working as  manual software QA tester for couple of years.

Currently, I want to transition into IT security career. (Preferably blue team, defense side of thing. So no pentesting) and wonder which cert I should get?

Should I start with CCNA (The new 200-301 merged CCNA Security in it i believe)? I started studying for CCNA for a few days and seen some topic about configuring routers....It's kinda feel weird to me because it seems too much networking and maybe unnecessary for a career in Security?  Ultimately, I want to get CISSP as long term goal.

Also, another question, would it be easier to find a security job if having:
CCNA, Security+
or 
Security+, CySA+

Please advise,
Thanks

Comments

  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    edited March 2020
    When I first obtained CCNA routing and switching I did not work in security but logged into Cisco gear daily. The knowledge from the cert was very useful. Now I'm in security and haven't touched Cisco equipment once since the transition. Overkill, no. But probably way less useful/relevant than the knowledge you'd gain putting those study hours towards CySA+. Problem is every HR knows CCNA but not so much with CySA+.

    So to answer your question, I think it would be easier to find a job in security (generally) with CCNA and Sec+. But you'd be a stronger candidate with CySA+ and Sec+.

    That said, I have almost no interest in pursuing further Cisco certification. Too many other things way more security-related to learn instead.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□
    edited March 2020
    Yeah, i feel CCNA is pretty network heavy to me. Won't get CCNP for sure...
    I wonder if I should have start with Security+ first? and then CCNA or vice versa?
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    I would get the Security+ first, as it will set a baseline of knowledge for you (or at least fill in holes that you didn't necessarily know you had).  If you want to get Cisco's name on your resume, they have the Cisco Certified CyberOps Associate cert.  Like the CySA+, it won't get much name recognition by HR/hiring managers, but the Cisco name on the cert may at least get some notice.  It will cover much the same knowledge needed for the CySA+, but with a heavier emphasis on Cisco products (without the requirement to truly learn them like you would need for the CCNA).
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • MarioKart64MarioKart64 Registered Users Posts: 15 ■■■□□□□□□□
    Have you looked into the SSCP? It is roughly at the same level as the Security+ but it is more respected in the security industry and it helps you to prepare for the CISSP by getting you familiar with some of the material and how ISC2 words their questions. 
  • uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□
    I would get the Security+ first, as it will set a baseline of knowledge for you (or at least fill in holes that you didn't necessarily know you had).  If you want to get Cisco's name on your resume, they have the Cisco Certified CyberOps Associate cert.  Like the CySA+, it won't get much name recognition by HR/hiring managers, but the Cisco name on the cert may at least get some notice.  It will cover much the same knowledge needed for the CySA+, but with a heavier emphasis on Cisco products (without the requirement to truly learn them like you would need for the CCNA).
    I initially want to do the CCNA Cyberops, but they are going to discontinued that in June and renamed it to CBROPS(No "CCNA" keyword on resume).  I heard Security+ exam is pretty tough.  Just wonder if it is going to be even harder in the future? I heard the new Security+ is releasing soon.

    Have you looked into the SSCP? It is roughly at the same level as the Security+ but it is more respected in the security industry and it helps you to prepare for the CISSP by getting you familiar with some of the material and how ISC2 words their questions. 
    Yes, but SSCP required 1 year of security work experience....so I can't go for that :(
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    You might want to consider the CSSLP - Certified Secure Software Lifecycle Professional certification from (ISC)2.

    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • MarioKart64MarioKart64 Registered Users Posts: 15 ■■■□□□□□□□
    I would get the Security+ first, as it will set a baseline of knowledge for you (or at least fill in holes that you didn't necessarily know you had).  If you want to get Cisco's name on your resume, they have the Cisco Certified CyberOps Associate cert.  Like the CySA+, it won't get much name recognition by HR/hiring managers, but the Cisco name on the cert may at least get some notice.  It will cover much the same knowledge needed for the CySA+, but with a heavier emphasis on Cisco products (without the requirement to truly learn them like you would need for the CCNA).
    I initially want to do the CCNA Cyberops, but they are going to discontinued that in June and renamed it to CBROPS(No "CCNA" keyword on resume).  I heard Security+ exam is pretty tough.  Just wonder if it is going to be even harder in the future? I heard the new Security+ is releasing soon.

    Have you looked into the SSCP? It is roughly at the same level as the Security+ but it is more respected in the security industry and it helps you to prepare for the CISSP by getting you familiar with some of the material and how ISC2 words their questions. 
    Yes, but SSCP required 1 year of security work experience....so I can't go for that :(
    Thats true, you would have to be an "Associate of ISC2" until you have the exp but it is still a possibility. I agree that you should look into the CSSLP based on your background. 
  • uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□
    I thought about CSSLP too, but unfortunately, in my area, Software Security jobs are almost non-existent. Most security jobs are IT Networks related, SOC analyst,  IT Audit, Info Sec or Pentesting....


  • MarioKart64MarioKart64 Registered Users Posts: 15 ■■■□□□□□□□
    edited March 2020
    I thought about CSSLP too, but unfortunately, in my area, Software Security jobs are almost non-existent. Most security jobs are IT Networks related, SOC analyst,  IT Audit, Info Sec or Pentesting....


    I think you may be overthinking this, just about any infosec certification will help you to obtain an entry level infosec job and the CSSLP is a lot higher level and respected than the Security+, CySA+ or SSCP. 
  • uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□
    edited March 2020
    I thought about CSSLP too, but unfortunately, in my area, Software Security jobs are almost non-existent. Most security jobs are IT Networks related, SOC analyst,  IT Audit, Info Sec or Pentesting....


    I think you may be overthinking this, just about any infosec certification will help you to obtain an entry level infosec job and the CSSLP is a lot higher level and respected than the Security+, CySA+ or SSCP. 

    I think I'll focus on CCNA/Security+ for now.  My odom ccna book is already here and I started watching some ccna videos...not sure if I could switch to security+ now or continue with ccna. 
    If I continue with CCNA. I'm expecting myself to take another 6 months to prepare at least.  Not sure about the difficulty of Security+ exam and how long it takes to be ready for the exam. 

    But then I could probably change my whole plan and drop ccna (sell those books) and do security+ and maybe get a AWS/Azure cert route instead of CCNA?


  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    A lot of security job would need the networking knowledge from the CCNA without the proprietary aspect of this. So, if you have some real world exp with Cisco equipment, I would do it, then Sec+. If you dont have real work exposure to Cisco equipment, you are better doing a Network+ then Sec+, or SSCP (1 year of experience is rather easy to justify). 
  • MarioKart64MarioKart64 Registered Users Posts: 15 ■■■□□□□□□□
    I would get the Security+ first, as it will set a baseline of knowledge for you (or at least fill in holes that you didn't necessarily know you had).  If you want to get Cisco's name on your resume, they have the Cisco Certified CyberOps Associate cert.  Like the CySA+, it won't get much name recognition by HR/hiring managers, but the Cisco name on the cert may at least get some notice.  It will cover much the same knowledge needed for the CySA+, but with a heavier emphasis on Cisco products (without the requirement to truly learn them like you would need for the CCNA).
    I initially want to do the CCNA Cyberops, but they are going to discontinued that in June and renamed it to CBROPS(No "CCNA" keyword on resume).  I heard Security+ exam is pretty tough.  Just wonder if it is going to be even harder in the future? I heard the new Security+ is releasing soon.

    Have you looked into the SSCP? It is roughly at the same level as the Security+ but it is more respected in the security industry and it helps you to prepare for the CISSP by getting you familiar with some of the material and how ISC2 words their questions. 
    Yes, but SSCP required 1 year of security work experience....so I can't go for that :(
    Thats true, you would have to be an "Associate of ISC2" until you have the exp but it is still a possibility. 
  • MarioKart64MarioKart64 Registered Users Posts: 15 ■■■□□□□□□□
    I would get the Security+ first, as it will set a baseline of knowledge for you (or at least fill in holes that you didn't necessarily know you had).  If you want to get Cisco's name on your resume, they have the Cisco Certified CyberOps Associate cert.  Like the CySA+, it won't get much name recognition by HR/hiring managers, but the Cisco name on the cert may at least get some notice.  It will cover much the same knowledge needed for the CySA+, but with a heavier emphasis on Cisco products (without the requirement to truly learn them like you would need for the CCNA).
    I initially want to do the CCNA Cyberops, but they are going to discontinued that in June and renamed it to CBROPS(No "CCNA" keyword on resume).  I heard Security+ exam is pretty tough.  Just wonder if it is going to be even harder in the future? I heard the new Security+ is releasing soon.

    Have you looked into the SSCP? It is roughly at the same level as the Security+ but it is more respected in the security industry and it helps you to prepare for the CISSP by getting you familiar with some of the material and how ISC2 words their questions. 
    Yes, but SSCP required 1 year of security work experience....so I can't go for that :(
    Thats true, you would have to be an "Associate of ISC2" until you have the exp but it is still a possibility. 
  • uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□
    edited March 2020
    After hours of studies for CCNA during the weekend. Some thoughts just came up my mind this morning.

    The further I study CCNA, the more I realize that I may not have interest in networking. Especially learning from one of my friends that networking career may start by doing cabling, pulling cables through walls and heavy works. (I'm a weak physically with some long term back pain )

    I wonder if it would be a better plan to self study CCNA or Network+ cert WITHOUT taking the exam just to gain the appropriate level of networking knowledge. Meanwhile, I'll be working toward sec+,cysa+ certs and maybe pick one cloud cert like azure or aws?  Probably I could land a system admin job like that and move to security eventually? Kinda want to skip the networking engineer job and do system admin/cloud path then to security but not sure if it is a feasible plan?

    By not taking CCNA exam, then I can switch to passive mode studying for the CCNA materials and instead I can focus on more relevant certs like the Sec+ , Cysa or cloud certs. 

    Please advise if this is a good plan or not? Thanks 



  • mels65mels65 Registered Users Posts: 4 ■■■□□□□□□□
    uchihadave depending on where you start you networking career will determine if you have to manually run cables as part of a networking job. I have been working for large corporate companies the last 15 years and all the cabling run have been handled by contractors who specialize in running data lines, the network team may in a emergency situation re-terminate an end or build a special cable. All the networking is done in house so the most physical part of the job is just racking the equipment.

    Currently I have been working in IT security for the last 6 years and have found most of my peers focus on Windows systems, most know nothing of Cisco equipment. They are blinding trusting the network team secured the devices, and collecting the logs not really knowing what they are looking at so I do think there is a value in knowing Cisco, but I think the Security+ will help open more doors initially.
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    I think that is one of the most enduring myths out there:  that you HAVE to start at a particular point.  For instance, most network engineers I know did not start out building or pulling cables.  They got certified, they found a job in a NOC or with a small business, and they never once had to do more than minor cabling (as in, connecting a computer to the wall or a switch to the patch panel).  Most companies that I know of here in the Denver area will contract out for the cable pulling jobs so that their engineers can focus on more important stuff.  The CCNA will open way more doors for you in the tech industry than not having it will. 

    Just my two cents.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□
    mels65 said:
    uchihadave depending on where you start you networking career will determine if you have to manually run cables as part of a networking job. I have been working for large corporate companies the last 15 years and all the cabling run have been handled by contractors who specialize in running data lines, the network team may in a emergency situation re-terminate an end or build a special cable. All the networking is done in house so the most physical part of the job is just racking the equipment.

    Currently I have been working in IT security for the last 6 years and have found most of my peers focus on Windows systems, most know nothing of Cisco equipment. They are blinding trusting the network team secured the devices, and collecting the logs not really knowing what they are looking at so I do think there is a value in knowing Cisco, but I think the Security+ will help open more doors initially.
    Good to hear that pulling cables work are handle by non-networking team.
    So your peers can somehow get into security job without knowing Cisco..hmm..but then yeah I understand that networking knowledge is important.  

    I think that is one of the most enduring myths out there:  that you HAVE to start at a particular point.  For instance, most network engineers I know did not start out building or pulling cables.  They got certified, they found a job in a NOC or with a small business, and they never once had to do more than minor cabling (as in, connecting a computer to the wall or a switch to the patch panel).  Most companies that I know of here in the Denver area will contract out for the cable pulling jobs so that their engineers can focus on more important stuff.  The CCNA will open way more doors for you in the tech industry than not having it will. 

    Just my two cents.
    Again, glad to hear that most network engineers don't pull cables.  I'm fine with minor cablings.

    Seems like both of you suggest Cisco is something good to know. 
    Maybe I have to suck it up and memorize all those ios commands :S...
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    edited March 2020
    For the 6 or so months that I studied for CCNA, that's all I lived and breathed for the 100-200 hours of studying/labbing I ended up putting in. I had little to no capacity to pick up other things during that time as CCNA is not trivial knowledge. I probably studied longer than average though.

    It takes a dedication beyond 3 or 4 weekends to grind through the boring intricacies of Learning Cisco's iOS syntax quirks. Cisco's exams are worse than CompTIA when it comes to trivia testing too in my opinion -- not an easy exam.

    What I'm getting at is that obtaining CCNA is going considerably beyond impulse buying a Udemy course that catches your interest for only a few days (oh how I know this :) ). You may have to shut the CompTIA books and keep them shut for many weeks.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□
    yoba222 said:
    For the 6 or so months that I studied for CCNA, that's all I lived and breathed for the 100-200 hours of studying/labbing I ended up putting in. I had little to no capacity to pick up other things during that time as CCNA is not trivial knowledge. I probably studied longer than average though.

    It takes a dedication beyond 3 or 4 weekends to grind through the boring intricacies of Learning Cisco's iOS syntax quirks. Cisco's exams are worse than CompTIA when it comes to trivia testing too in my opinion -- not an easy exam.

    What I'm getting at is that obtaining CCNA is going considerably beyond impulse buying a Udemy course that catches your interest for only a few days (oh how I know this :) ). You may have to shut the CompTIA books and keep them shut for many weeks.

    Damn, by the time I'm done with CCNA, Security+ exam will be changed to SY0-601...I hope it won't be harder than the SY0-501 exam...
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    They typically change about 10% to 25% of the Security+ exam when they update it.  Thankfully, there is about a six month overlap between the old and new, meaning that you can select either exam until the old one is retired.  If you want a cheap "practice exam", keep an eye out for the beta for 601.  Oftentimes, when the betas come out there is an announcement here.  It will have the same value/weight as the official exam when it comes out, as CompTIA doesn't differentiate between tests in any meaningful way (meaning that an employer, for instance, wouldn't know which version you took).

    Also, have you considered attaining the RHCSA certification?  If you work with Linux and/or Unix in any way in your QA job, getting the RHCSA could be considered a bridge between developer and IT.  Not to mention, a lot of cybersecurity jobs want familiarity with Linux.  As far as Linux certs go, Red Hat is considered the gold standard, more or less.  This one might take a bit to study for, depending on your familiarity with Linux, as the entire exam is hands-on, no multiple choice questions.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□
    They typically change about 10% to 25% of the Security+ exam when they update it.  Thankfully, there is about a six month overlap between the old and new, meaning that you can select either exam until the old one is retired.  If you want a cheap "practice exam", keep an eye out for the beta for 601.  Oftentimes, when the betas come out there is an announcement here.  It will have the same value/weight as the official exam when it comes out, as CompTIA doesn't differentiate between tests in any meaningful way (meaning that an employer, for instance, wouldn't know which version you took).

    Also, have you considered attaining the RHCSA certification?  If you work with Linux and/or Unix in any way in your QA job, getting the RHCSA could be considered a bridge between developer and IT.  Not to mention, a lot of cybersecurity jobs want familiarity with Linux.  As far as Linux certs go, Red Hat is considered the gold standard, more or less.  This one might take a bit to study for, depending on your familiarity with Linux, as the entire exam is hands-on, no multiple choice questions.

    Yeah, but the thing is, if I buy the Gibson book for security+ now, the feel that this book is gonna be outdate soon kinda leave a bad taste....

    RHCSA Cert? Oh yeah, this sounds pretty good.  Maybe I can do the RHCSA instead of CCNA and then do security+ afterward? 
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    I only recommend Cisco certifications for individuals that are in roles which require hands-on with Cisco products. Even though I went as high as CCNP Security, I prefer vendor agnostic certifications. 

    For ease at finding a job, I would say start looking at security roles in your area and see what skills/certifications (heavy emphasis on skills) are desired. The knowledge from Security+ could be valuable, but I have no idea how desirable it is in your job market. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□
    I only recommend Cisco certifications for individuals that are in roles which require hands-on with Cisco products. Even though I went as high as CCNP Security, I prefer vendor agnostic certifications. 

    For ease at finding a job, I would say start looking at security roles in your area and see what skills/certifications (heavy emphasis on skills) are desired. The knowledge from Security+ could be valuable, but I have no idea how desirable it is in your job market. 
    Comptia certs aren't popular in my area. We barely find any job results from network+ or security+.  However, we get lots of results from "CCNA" or "CISSP"(But hey, that is not a beginner cert!)....But then I'm not sure if lack of job search results from those certs should affect my decision on whether to take network+ or security+ or not.
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□

    Yeah, but the thing is, if I buy the Gibson book for security+ now, the feel that this book is gonna be outdate soon kinda leave a bad taste....

    RHCSA Cert? Oh yeah, this sounds pretty good.  Maybe I can do the RHCSA instead of CCNA and then do security+ afterward? 
    As I don't know how long it would take to get the RHCSA, maybe it would be a good idea to get the Security+ first.  Something to consider, reference the Security+:  it takes awhile for quality training material to catch up with new exams.  Since the 501 is going to be changing in the next several months, it might be a good idea to buy Gibson's book and practice tests, study for a month or two, take the exam, then move on to the CCNA or RHCSA exams.

    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • uchihadaveuchihadave Member Posts: 16 ■■□□□□□□□□

    Yeah, but the thing is, if I buy the Gibson book for security+ now, the feel that this book is gonna be outdate soon kinda leave a bad taste....

    RHCSA Cert? Oh yeah, this sounds pretty good.  Maybe I can do the RHCSA instead of CCNA and then do security+ afterward? 
    As I don't know how long it would take to get the RHCSA, maybe it would be a good idea to get the Security+ first.  Something to consider, reference the Security+:  it takes awhile for quality training material to catch up with new exams.  Since the 501 is going to be changing in the next several months, it might be a good idea to buy Gibson's book and practice tests, study for a month or two, take the exam, then move on to the CCNA or RHCSA exams.

    Sounds like a good plan. 
    But my only worry is that what if I failed the security+ exam and it's gonna expired soon...the pressure is a bit high, but I guess I need to learn how to manage stress somehow.
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    Consider that the exam won't retire for approximately six months.  In the past, the exams didn't retire exactly on the date they went live.  Since you can take the exam more than once between now and then, I would think about putting together a study plan for the next three months.  Take the exam.  If you fail, then you have another three or more months to sharpen your knowledge and skills.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
Sign In or Register to comment.