New to IT Security

Hi,

I am new to IT security and was wondering if anyone could give me a break down of the different IT security areas I could work in?

Thanks!

Comments

  • NOC-NinjaNOC-Ninja Member Posts: 1,403
    Click the "Search" button first at the top right button.

    JDMurray has a link that lists security certifications.

    I don't want to be mean but how are you going to survive in IT if you cant even search on your own? You will have to Google/search any Security/networking/system problems that is not in the book.

    Now to answer your question, start with: "CompTIA Security +"
  • rob1234rob1234 Banned Posts: 151
    NOC-Ninja wrote: »
    Click the "Search" button first at the top right button.

    JDMurray has a link that lists security certifications.

    I don't want to be mean but how are you going to survive in IT if you cant even search on your own? You will have to Google/search any Security/networking/system problems that is not in the book.

    Now to answer your question, start with: "CompTIA Security +"

    Don't worry about being mean I am survivng in IT very well. I thought about the Security + but I am after a cert that will help me progress in the IT security world I have a lot of IT certs a few CompTIA ones but they are not that great I feel.

    I am thinking of doing the CISSP that looks a good security cert.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Which certs do you already have? You might want to list them in your profile so the rest of us can see where you're coming from. There are also a couple of stickies at the top of this forum which can shed some insight on this subject, as it comes up often.

    When I see people talk about "getting into security," I have the impression they often refer to the offensive side like pentesting, etc. which has its allure. You also have the usual areas like firewall / IDS / endpoint security, policy management, general risk assessment, physical security, code reviewing, malware analysis, design and architecture, etc..

    This will be based on what your current view of things are and where you see yourself going. The one common factor, however, is that no one is going to really hand you all the answers because many times you'll have to research on your own for your particular situation. Like in the real world, everyone's requirement is different and you'll have to tailor things to fit your needs. As a consultant would no doubt say, "It depends..."
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • SteveO86SteveO86 Member Posts: 1,423
    rob1234 wrote: »
    Don't worry about being mean I am survivng in IT very well. I thought about the Security + but I am after a cert that will help me progress in the IT security world I have a lot of IT certs a few CompTIA ones but they are not that great I feel.

    I am thinking of doing the CISSP that looks a good security cert.

    Perhaps if you could go into your background a bit more, we could provide better advise.
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
  • rob1234rob1234 Banned Posts: 151
    docrice wrote: »
    Which certs do you already have? You might want to list them in your profile so the rest of us can see where you're coming from. There are also a couple of stickies at the top of this forum which can shed some insight on this subject, as it comes up often.

    When I see people talk about "getting into security," I have the impression they often refer to the offensive side like pentesting, etc. which has its allure. You also have the usual areas like firewall / IDS / endpoint security, policy management, general risk assessment, physical security, code reviewing, malware analysis, design and architecture, etc..

    This will be based on what your current view of things are and where you see yourself going. The one common factor, however, is that no one is going to really hand you all the answers because many times you'll have to research on your own for your particular situation. Like in the real world, everyone's requirement is different and you'll have to tailor things to fit your needs. As a consultant would no doubt say, "It depends..."

    Hi,

    My current certs are:

    A+
    N+
    MCDST
    ITIL v3
    MCTS: Windows Vista
    MCTS: Windows 7
    MCSA
    MCITP: Enterprise Desktop Support Technician 7

    I also have a degree in Business Information systems.

    I have been working in second line IT Support for 5 years I am based in the UK. I am wanting to move in to the security side of IT and my security director told me I should go for the CISSP. I do not have the 5 years experience needed but I could become an assoicate and build up the experience from there I was thinking.
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,735 ■■■■■■■■■■
    rob1234 wrote: »
    Hi,

    My current certs are:

    A+
    N+
    MCDST
    ITIL v3
    MCTS: Windows Vista
    MCTS: Windows 7
    MCSA
    MCITP: Enterprise Desktop Support Technician 7

    I also have a degree in Business Information systems.

    I have been working in second line IT Support for 5 years I am based in the UK. I am wanting to move in to the security side of IT and my security director told me I should go for the CISSP. I do not have the 5 years experience needed but I could become an assoicate and build up the experience from there I was thinking.

    Another option is the SSCP which only requires a year of experience.
    Currently working on: Linux and Python
  • rob1234rob1234 Banned Posts: 151
    Another option is the SSCP which only requires a year of experience.

    I considered that but that looks more technical and I am wanting to move more to the management side of things like creating secuirty policies.

    Also in the UK SSCP is not that reconginised whereas the CISSP is.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,709 Admin
    rob1234 wrote: »
    I considered that but that looks more technical and I am wanting to move more to the management side of things like creating secuirty policies.
    How about ITIL and ISO 27001 certs?
  • kriscamaro68kriscamaro68 A+, Net+, Server+, Security+, Win7 MCP, Server 2012 Virtualization Specialist, MCSA 2012 Member Posts: 1,186 ■■■■■■■□□□
    Why not take something like the Security+ or, SSCP to see if you like what security has to deal with on a day to day basis. Also, they take 1 year of reuired experience off for the CISSP so I see no reason not to take one of them. Having a well rounded knowledge of security is only going to help you in management. If someone you manage on your security team comes to you asking to implement a network based IDS and, you have no idea what it is or how it works how then, will you be a good manager. Its not just knowing keywords and how to calculate risk etc. its also knowing how systems and networks are vulnerable and how to prevent attacks as well.
  • rob1234rob1234 Banned Posts: 151
    JDMurray wrote: »
    How about ITIL and ISO 27001 certs?

    I have got the ITIL V3 already, I did not know about ISO 27001 certs are they entry level certs? That is something I am intrested in.
  • rob1234rob1234 Banned Posts: 151
    Why not take something like the Security+ or, SSCP to see if you like what security has to deal with on a day to day basis. Also, they take 1 year of reuired experience off for the CISSP so I see no reason not to take one of them. Having a well rounded knowledge of security is only going to help you in management. If someone you manage on your security team comes to you asking to implement a network based IDS and, you have no idea what it is or how it works how then, will you be a good manager. Its not just knowing keywords and how to calculate risk etc. its also knowing how systems and networks are vulnerable and how to prevent attacks as well.

    I am considering the SSCP as don't need as much experience and like you said it takes a year off the CISSP but the thing with the thing with the secuirty + in the UK that is not really known or looked for in job adverts.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Based on your certs list, I would guess the Security+ would be relatively easy to obtain and maybe not worth the effort, especially if it won't command any additional attention for your resume. If management is your direction, I'd say start going through the CISSP. It's very recognized and the knowledge base would suit you well.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • SephStormSephStorm Member Posts: 1,732
    Why not take something like the Security+ or, SSCP to see if you like what security has to deal with on a day to day basis. Also, they take 1 year of reuired experience off for the CISSP so I see no reason not to take one of them. Having a well rounded knowledge of security is only going to help you in management. If someone you manage on your security team comes to you asking to implement a network based IDS and, you have no idea what it is or how it works how then, will you be a good manager. Its not just knowing keywords and how to calculate risk etc. its also knowing how systems and networks are vulnerable and how to prevent attacks as well.

    I agree this is critical. I've come up to our IAM several times with questions about specific attacks our company might face, and while hes always been a managerial type, its awesome that he either has the answer I need, or knows where to find it. That comes not from his CISSP, but from seeing these systems implemented.
  • rob1234rob1234 Banned Posts: 151
    Thanks for all your comments guys something I am going to haveto think about.
Sign In or Register to comment.