Everclear05 wrote: » Thanks to all for your replies.I currently work at a military base as a helpdesk analyst trouble shooting servers, workstations and user account issues. I was previously in the military as an IT doing mostly the same thing I have not been a manager in terms of planning & development. I have already ordered the Security+ book you recommended from reading other posts in the forums.My 3-5 year plan is that I want to move into security policy or certification and accreditation. I just trying to make sure I get the proper foundation to understand how all the systems interconnect and how to view that from a security perspective.
pml1 wrote: » Epic post Chris. Thanks for all the info!
Chris:/* wrote: » Glad I could help. Cheers
Paul Boz wrote: » The sysadmins are under a tight deadline to get something implemented and they operate under a “fastest way to results” methodology. From a security standpoint this is wrong, but how do you convey that with the sysadmin while respecting their deadlines?
Chris:/* wrote: » Welcome to the forums, Most people that are Security Analysts have really are not required to have a specific certification but building on a myriad of skills. Those skills are used as a combined approach to understanding the purpose of the organization and what really needs to be protected. To do that you must have a working understanding of operating systems, wired and wireless networks, programming and scripting, current threats, policy management and training. Primer: You know A+ and you are moving to learn Security+ but you must also understand networking and Network+ can give you that base level knowledge. Programming & Scripting: Most really good Security Analysts need to know how to program and script. To take advantage of current known vulnerabilities and test them an Analyst often has to create custom test scripts. You do not have to start with programming, there are many mid-level and entry level Analysts that do not know how to program. To really move forward as an Analyst though you at least have to know Python and you are better off if you know Java and C++ in addition. Degree: You need to start your formal education, a BS in Computer Science or Computer Information Systems followed by an MS in Information Security and Assurance (or any form of that MS) will move you forward. You will rarely meet people in this field who do not have at least a BS. Companies typically do not put trust in someone who does not have a formal degree. Most companies like having that paper to back up your trust when we talk about security testing. Operating System experience: If you are going to be a Security Analyst you have to become the expert on your team of one OS flavor and have a working knowledge of other OS. You will be working on teams typically with people who will balance out your skills or lack there of market yourself to the rare skill sets and you can earn a better salary. Just be cautious if you type cast yourself you may have trouble finding work. You should practice with VMware Workstation or Virtual Player using different OS at home. Complete some Microsoft Certs, Linux+, Red Hat Certified Technician and even Sun Certified System Administrator. These administrator certifications will not only show you how to configure the OS properly by the company it will also help show you what things are often missed in terms of security. Networking: There is more to the world than Cisco Routers and Switches running just TCP/IP. You have to become familiar with wireless, ATM, TCP and UDP. Start with Network+ (since it sounds like you have limited networking experience), then move to CCNA, CWNA and possibly earn the security flavor of each. The knowledge you gain from pursuing these certifications will only help when examining networks. SAN: Most companies store lots of juicy data on the iSCSI for Fiber Channel storage device so at least get a working knowledge of these systems. Server+ will provide you the basic knowledge for SANs. If you want more knowledge look at EMC and NetApp. You cannot suggest means of protecting enterprise data if you do not understand how these systems work. Security: EC-Council and GIAC both offer fantastic certifications for a Security Analyst. EC-Council requires you to memorize a lot of information for a test and GIAC requires you to really understand and apply the information in an open book environment. You will find opinions on both sides of the aisle for or against these certifications. I believe each has its role and I myself am currently working through both paths. Start with GIAC Security Essentials Certification (GSEC) and Certified Ethical Hacker (CEH), followed by EC-COUNCIL Certified Security Analyst (ECSA) and GIAC Certified Incident Handler (GCIH), then move to Licensed Penetration Test (LPT) and GIAC Certified Intrusion Analyst (GCIA). Lastly GIAC Security Expert is really the top level application security certification. If you can earn that mark you will really understand what you are doing. These security certifications are your working certifications but you will need to know how to speak to the leadership within a company. The Certified Information Systems Security Professional (CISSP) is the cert that allows you to talk to MBAs and move into a consultant role after all the geek work is done. Roll Up: I am not suggesting to earn every one of these Certifications but this is a path of learning you can look at and generate ideas from. A Security Analyst does not have to earn a lot of Certifications he or she just has to have the knowledge and the certs that are required by the company he or she works for. To be an Analyst you have to understand the technology below the world in which you work otherwise you will not know how to secure it. Being an analyst is not all about hacking in fact that is a very small part of it, you are finding what is wrong with a situation and helping the organization figure out how to correct or mitigate the problem. This is a very big birds eye view of security analyst work and there is a huge amount of detail I skipped but it should give you an idea. Food for Thought: You have to love computers and know the security threats out there and how to duplicate them. Being a really good Security Analyst is about finding the problems that cause catastrophic damage before someone else does. That means you will spend an good portion of your time just staying up to date possibly more than any other IT career field.
veritas_libertas wrote: » @Paul: I know that your experience (at least this what I'm assuming) has been mostly Cisco. How has that benefited, or hurt you moving from Network Administration to IT security?
Bl8ckr0uter wrote: » If you had to restart today Paul, would you go for as many cisco certs would you go for SANS directly?
Bl8ckr0uter wrote: » I was just curious if you feel the cisco certs were "worth it".
Paul Boz wrote: » 100% worth it.
veritas_libertas wrote: » Thanks for answering my question Paul. One other question if I might, how respected do you think Cisco certifications are in the security world? I seem to see MCSE matched with C|EH or GIAC in security job listings than I do Cisco. This could just be my experience though.
Paul Boz wrote: » Cisco certs are highly respected regardless of the industry. No one's ever seen my list of Cisco certs and said "man, you're really lacking MS."
I think your experience has a lot to do with that as well. I was looking at entry level security analyst positions yesterday and most of them required S+ and/or SSCP and MCSE would be "nice to have". A lot fewer cisco infosec positions and most of them didn't even mention cisco certs, just cisco firewalls and such.
veritas_libertas wrote: » You may have a point. It's hard to say, and I wonder if has more to do with location, or if it's just the way it is in INFOSEC.
Bl8ckr0uter wrote: » I think it has to do with the fact that there are more windows servers than cisco routers, switches and firewalls. In most companies, AD is probably going to change more than firewall configs. Which is why I am going to be doing a lot of labbing of windows stuff for the GSEC and in general simply because AD is very important.
