Next steps

I just passed SEC+. I now have A+/NET+/SEC+.

I'm trying to figure out what to do next. I am starting in WGU's Health Informatics program uhhh... tomorrow. I was planning on doing one of their straight IT degrees, but that title caught my eye, intrigued me, and here I am. Anyone have an opinion on that? I still feel wierd being in their "health" program instead of their "IT" program.

Even though I'm going to be doing this Healthcare IT degree, studying for and passing the SEC+ really gave me an interest in IT security. Great field to be in going forward, and being a strong Health IT guy with strong security creds sounds pretty good.

I know SEC+ is base level, but hey you gotta start somewhere. I haven't really known much about higher level security certs, so I did some research tonight. CISSP seems the way to go, and I have Safari books online which instantly gives me access to reams of info. The problem is, I just don't have the required 5 years work experience.

My work situation has devolved into a joke. I've been with the company 20 years. It's an old school type company that provides communications services in high rises. Shared tenant services for you old time voice techs out there. We provide phone service via NEC PBX's, and offer ISP services as well. The last 10 years have been an utter nightmare. Don't want to get into the gore, but basically the owners are a couple of tin pot dictators who sit on a pile of gold and watch their people starve while gorging on piles of meat and downing snifters of brandy. Pay freezes, then 30% cuts. Welcome to the financial crisis.

I'm in charge of the internet operation, through sheer attrition of personnel as opposed to promotion. There is no security policy. Now that I have some security chops, I want to start implementing some of the stuff I've learned. But, I'm all alone, we have an outside consultant who set up the network and he's ok but a pain to get information from. And also I'm not gung ho about going above and beyond for a company that is paying me what I was making back in 1994.

But I want to be a security professional, and I have a network at my disposal. But I've only been in charge of the ISP portion for a few months, and my predecessors advice was to "leave it alone, its all setup".

I do IT related stuff, internet troubleshooting, etc. but IT security? Nah. With my newfound SEC+ knowledge, I am trying to pay attention to security issues, I'm learning Wireshark etc. But I still have a ways to go in all honesty.

The degree is going to be a lot of work, but I'm basically in gnome status these days, and I want to keep moving forward in security knowledge and training. CASP seems alright, would help me with this CE program CompTia has. But... SSCP and CISSP seem preferable, and I have all the study material I could want.

Should I puff up my credentials to ISC2 to get the CISSP/SSCP, (not honorable) or do CASP, or what?

Any comments or suggestions would be greatly appreciated. Thanks for reading this long post, too.

Find more posts tagged with

Comments

Darril

On WGU, you might like to check out this forum: IT Jobs / Degrees Forums. A lot of people post there on their WGU experiences.

CISSP is considered a premier security certification and many people pursue SSCP after CISSP as a stepping stone. SSCP only requires one year of experience in one domain and I would think that your work would qualify you in the Networks and Communications domain without puffing it up. After the SSCP, you could get the CISSP as an Associate without the experience.

This site has an active forum for SSCP and CISSP: (ISC)² SSCP and CISSP Forums

HTH, and best of luck with WGU.

DATV

Why don't you try CEH certification ?

You only require two years of experience in the case you study for yourself but if you don't have it, you can send a letter where you explain your reasons of why you want to get the CEH certifaction!

You also can take the official course given by many centers.

the_hutch

DATV wrote: »

Why don't you try CEH certification ?

You only require two years of experience in the case you study for yourself but if you don't have it, you can send a letter where you explain your reasons of why you want to get the CEH certifaction!

You also can take the official course given by many centers.

I'm gonna second this. If you are looking for security credentials, CEH is a good place to start. It will ensure that you have a good foundation in the technical side of security. CISSP is a whole different animal because it also includes the business side and the legal side of security. I haven't yet taken the CISSP yet, though that is the goal for me as well. But I am glad that I took CEH first.

the_hutch

Best of luck at WGU and congrats on the Sec+

Gomjabber

Thanks Hutch, DATV and Darril

Hutch your the 1st person that has congratulated me, and that includes friends and family. My co-workers have no interest at all. After A+, I realized people for the most part are disinterested if it doesnt have anything to do with them. But I digress.

CEH I had forgotten about that one. Hutch you mentioned CISSP includes business and legal, but that doesn't bother me, whatever they throw at me I take it on. What's your point there? CISSP aint for me right now, just don't have the 5 years.

So that takes it to CEH vs SSCP. I kind of lean towards SSCP, because it seems passing that gets me closer to CISSP, which is the main goal (plus only 1 year experience required). When I look at job postings, I see CISSP a lot, the others not so much. But CEH is cool too, a great idea.

CEH VS SSCP, what say you? What about CASP?

And thanks for the replies. I'm starting WGU today, Health Informatics you may recall, so I'll be busy. I haven't seen any postings by someone actually taking the course, so after a few months maybe I'll start one up.

Gomjabber

Darril wrote: »

On WGU, you might like to check out this forum: IT Jobs / Degrees Forums. A lot of people post there on their WGU experiences.

CISSP is considered a premier security certification and many people pursue SSCP after CISSP as a stepping stone. SSCP only requires one year of experience in one domain and I would think that your work would qualify you in the Networks and Communications domain without puffing it up. After the SSCP, you could get the CISSP as an Associate without the experience.

This site has an active forum for SSCP and CISSP: (ISC)² SSCP and CISSP Forums

HTH, and best of luck with WGU.

Thanks Darril

Your book was the 1st one I read (out of about 5) and I see why it's so highly regarded.

Ok I give up. What does HTH stand for?

Darril

Gomjabber wrote: »

Thanks Darril

Your book was the 1st one I read (out of about 5) and I see why it's so highly regarded.

Ok I give up. What does HTH stand for?

Thanks for the kind words.

Hope This Helps....

Gomjabber wrote: »

Thanks Hutch, DATV and Darril

Hutch your the 1st person that has congratulated me, and that includes friends and family.

Gomjabber. Congrats on the pass!

Gomjabber wrote: »

CEH VS SSCP, what say you? What about CASP?

CASP gets mixed reviews. It's a new cert and not understood or recognized by many people. If your master plan is to get a CISSP once you get the experience, I see that SSCP is a better next step compared with CASP. I don't have the CEH cert so can't say much about it.

the_hutch

Gomjabber wrote: »

Hutch your the 1st person that has congratulated me, and that includes friends and family. My co-workers have no interest at all. After A+, I realized people for the most part are disinterested if it doesnt have anything to do with them. But I digress.

Sorry to hear that man. Security + is a big accomplishment. Its certainly not the end of your journey, but it is a big milestone. Don't let other people's lack of enthusiasm get you down. You live in a world where most people are completely content with mediocrity.

Gomjabber wrote: »

CEH I had forgotten about that one. Hutch you mentioned CISSP includes business and legal, but that doesn't bother me, whatever they throw at me I take it on. What's your point there? CISSP aint for me right now, just don't have the 5 years.

If you are comfortable with the business and legal portions, that is great. These just happen to be the areas that tend to make myself and many others go for other more technical security certifications first...to make sure the tech side of security is completely cornered. I don't mean to discourage you from taking it. If that is the one you want to pursue, then I say go for it. And you actually might qualify to recieve the certification. A couple things to note:

1.) You only need 4 years of experience because Security + qualifies you for a one year exemption.

2.) ISC2 is very liberal on their interpretation of security related experience. And keep in mind, the scope of these 10 domains is HUGE. Even without a defined security policy, you can probably qualify. If you have HTTPS experience (even client side troubleshooting)...then you should qualify you in both the cryptography and telecommunications domains. Proxy server implementation would certainly qualify as network security (even client side configurations for proxy servers). Any types of VPN or secure tunneling solutions could qualify for both access control and network security (even client side configurations and troubleshooting). The biggest thing to remember is that if you have a full time job where you work with any kind of security devices or configurations (even level 1 client-side troubleshooting), you still have "direct" hands-on experience and can make claim to that experience. Some of these may sound like a stretch, but if you can touch any element of any two of the ten domains and can document it, ISC2 will approve your experience. **I haven't actually gone through the process, but I have seen several people recieve CISSP that their job experience was an even bigger stretch than these**

Hope that helps. And best of luck with whatever you decide.

BlkNinja

the_hutch wrote: »

I'm gonna second this. If you are looking for security credentials, CEH is a good place to start. It will ensure that you have a good foundation in the technical side of security. CISSP is a whole different animal because it also includes the business side and the legal side of security. I haven't yet taken the CISSP yet, though that is the goal for me as well. But I am glad that I took CEH first.

I would say if you looking to be just knowledge able of Hacking to a extreme level of definitions and tools CEH is the way to go. That CISSP is asked for everywhere. Even if you don't have all the time required for the exam just yet there is nothing stopping you from studying it and getting prep for it.

If you looking to become more hands on as a hacker in security then the Offensive Security Certified Professional certification. I have taken this exam twice and its a beast just 5 boxes to compromise but you have to use the techniques your were taught in the course. Even that's not enough to compromise the box.

Gomjabber

Hope This Helps....

I gave up too early.

Gomjabber. Congrats on the pass!

Couldn't have done it without you.

CASP gets mixed reviews. It's a new cert and not understood or recognized by many people. If your master plan is to get a CISSP once you get the experience, I see that SSCP is a better next step compared with CASP. I don't have the CEH cert so can't say much about it.

Great, thank you. I was wondering if you could briefly expound on this SSCP/CISSP relationship. Because it sounds the the two are interrelated somehow. I get the notion that a decent portion of the workload for CISSP would be covered with SSCP.

WGU has to be my 1st priority, but I'm into this Security thing now, and I want to fit it in where I can. On Safari books I'm all lined up. In fact I think the SSCP book I have there is authored by you. So I'm sure it's a great read.

Gomjabber

Hutch

Sorry to hear that man. Security + is a big accomplishment. Its certainly not the end of your journey, but it is a big milestone. Don't let other people's lack of enthusiasm get you down. You live in a world where most people are completely content with mediocrity.

Yeah man, I'm astonished. After A+ I stopped making a point to even inform anybody. But after you pass, you know, your proud. But when I would mention to a co-worker or friend.... I might as well have been talking about the price of coffee in Yugoslavia. When I started WGU and told my sister and brother, they barely registered recognition. Human nature? I don't know. But that aint me, not by a long shot.

Anyway, thanks I appreciate it.

Your points 1 and 2 is just great info. Self explanatory, and again thank you.

Gomjabber

Ninja

I would say if you looking to be just knowledge able of Hacking to a extreme level of definitions and tools CEH is the way to go. That CISSP is asked for everywhere. Even if you don't have all the time required for the exam just yet there is nothing stopping you from studying it and getting prep for it.

CISSP asked for everywhere is the truth. I haven't been seriously looking around yet, but just checking the Craig's List stuff, if security is mentioned at all (amongst the other 29 qualifications for a job paying $14/hr) it is CISSP.

If you looking to become more hands on as a hacker in security then the Offensive Security Certified Professional certification. I have taken this exam twice and its a beast just 5 boxes to compromise but you have to use the techniques your were taught in the course. Even that's not enough to compromise the box.

That sounds like a pretty manly test. Right now I can barely remember what Diffie Hellman does. But I have seen that one around (OSCP) and I will keep it in mind. Thanks Ninja.

Gomjabber

By the way, when I went to take the SEC+, I had the most unbelievable experience at the testing center. I should have taken someone's advice and brought some earplugs. The whole episode is chronicled here:

Career College Consultants - Eagle Rock - Los Angeles, CA

You have to go to the filtered reviews, and do CAPTCHA. One is long and negative, that's mine.

If you guys have any suggestions on what to do about the guy I talk about in my review, I'm all ears.

sh run

A real pity your review was filtered. People who use Yelp to find out about CCC should be able to see that warning. I had to hunt for the 'filtered' button, which was hidden at the very bottom and grayed out.

And congratulations on passing the Security+ despite the yappy officeworkers.

ahphoto

Gomjabber wrote: »

By the way, when I went to take the SEC+, I had the most unbelievable experience at the testing center. I should have taken someone's advice and brought some earplugs. The whole episode is chronicled here:

Career College Consultants - Eagle Rock - Los Angeles, CA

You have to go to the filtered reviews, and do CAPTCHA. One is long and negative, that's mine.

If you guys have any suggestions on what to do about the guy I talk about in my review, I'm all ears.

Sorry to hear (read) about your negative experience!!! I haven't used CCC before, and from the experience you've had, I won't be. Thanks for the review and input as to that location

I live in Pasadena and would much rather continue testing at the official Prometric Testing Center in Glendale. I think the actual center code is CA002. It's where I took both my A+ and N+, and where I plan on taking my S+ as well as the rest of the certs (until I'm not able to test there).

What are you going for now that you have your S+?

ahphoto

Gomjabber wrote: »

But... I do believe Prometric is no longer an option for CompTia exams. Thats why I had to go down to that dunghole in the 1st place.

From what I understand, Prometric is still a CompTIA exam location until July 8th 2012:
Customer Support Center

I'm going for my S+ before then. Who knows, might actually go for my Project+ too lol. I'm addicted to certs!