How to get into the security field?
howiehandles
Member Posts: 148
I have a networking background, nothing heavy duty, but some decent expeience, but it doesn't float my boat.
What I'd really like to do is get into security.
My question is, would the Security+ open any doors for me?
I'm self studying for my CCNA, as I have no certs, but some exp with configuring 2500 routers, and figured with my bit of exp that I could find something, or at the very least, get an interview or two.
Obviously the CCNA has more weight than a Comptia cert in general, but as far as getting into security, would the Comptia cert give me any help? I know it wouldn't hurt, but I don't want to take time away from my Cisco studies if its a waste of time.
I do have Darryl's book too, which is excellent.
What I'd really like to do is get into security.
My question is, would the Security+ open any doors for me?
I'm self studying for my CCNA, as I have no certs, but some exp with configuring 2500 routers, and figured with my bit of exp that I could find something, or at the very least, get an interview or two.
Obviously the CCNA has more weight than a Comptia cert in general, but as far as getting into security, would the Comptia cert give me any help? I know it wouldn't hurt, but I don't want to take time away from my Cisco studies if its a waste of time.
I do have Darryl's book too, which is excellent.
Comments
-
ibcritn
Member Posts: 340
Security+ is one of the required certs for my role, but it didn't help me get into my role.
I would say as far as certs go Sec+ will help as it meets DoD 8570 IAT II/IAM I requirements.
Then there is Certified Ethical Hacker (CEH) which meets nearly all the DoD 8570 requirements for CND roles.
Are you looking to go Private or Public? This makes a huge difference I would say in both scope of work and what's required to jump in.CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+
Next Up: Linux+/RHCSA, GCIA -
howiehandles
Member Posts: 148
Security+ is one of the required certs for my role, but it didn't help me get into my role.
I would say as far as certs go Sec+ will help as it meets DoD 8570 IAT II/IAM I requirements.
Then there is Certified Ethical Hacker (CEH) which meets nearly all the DoD 8570 requirements for CND roles.
Are you looking to go Private or Public? This makes a huge difference I would say in both scope of work and what's required to jump in.
I would love to do Pen testing, but I have no background in programming, which I would believe one would need. I'm open to anything, but would to get into something to do with studying hackers, methods and such, more than just a NOC security job. At this point though, I'm willing to do whatever to get my foot in the door. Pen testing, or something along those lines sounds good. Is the CEH still relevant? I thought someone on these boards said it would be better to pursue GIAC, although those are a bit out of my price range. I would definitely do the CEH if it opens some doors for me. -
rob7278
Member Posts: 57 ■■□□□□□□□□
The company I work for currently has a posting for a Security Engineer. In reality the security manager told me this is really more of an associate level position.
In addition to the interview he has everyone take this 15 question evaluation, which is from the SANS website for people pursuing the GCFW - GIAC Certified Firewall Analyst. _https://www.sans.org/security-training/S502_evaluation_test.pdf
Obviously every employer will have different criteria - but to give you one example, if you wanted to break into security at my company you would need to score fairly well on this little quiz (at a minimum).
I actually felt like a learned a decent amount from studying for the Security+ exam. I think it's a good starting point as far as security certs go.
One thing you will notice when looking at various security certs is a lot of them have experience requirements working in IT Security - for example SSCP requires 1yr exp working in security, CISSP requires 5yrs, I think CEH requires 1yr.
The GIAC certs don't have experience requirements but as has already been mentioned - they cost a fortune. -
howiehandles
Member Posts: 148
The company I work for currently has a posting for a Security Engineer. In reality the security manager told me this is really more of an associate level position.
In addition to the interview he has everyone take this 15 question evaluation, which is from the SANS website for people pursuing the GCFW - GIAC Certified Firewall Analyst. _https://www.sans.org/security-training/S502_evaluation_test.pdf
Obviously every employer will have different criteria - but to give you one example, if you wanted to break into security at my company you would need to score fairly well on this little quiz (at a minimum).
I actually felt like a learned a decent amount from studying for the Security+ exam. I think it's a good starting point as far as security certs go.
One thing you will notice when looking at various security certs is a lot of them have experience requirements working in IT Security - for example SSCP requires 1yr exp working in security, CISSP requires 5yrs, I think CEH requires 1yr.
The GIAC certs don't have experience requirements but as has already been mentioned - they cost a fortune.
Yeah, it seems that breaking in is the hardest thing to do. I believe that I could knock out my Sec+ rather quickly, and hoping I can find one employer to give me a shot. I'm also hoping that employer provides some sort of financial assistance for future certs in the Security field. While I'd love to pursue the GIAC stuff now, the Sec+, along with some Cisco, and maybe some MS down the line, is probably the most realistic for me. Thanks for the info though.