Security Certification Dilemma. In need of good senior advice

I'm attempting to break into the Infosec career field. I recently passed my CCENT and Security+ certifications. I'm now trying to determine my next move in deciding which security cert to pursue. i no longer want to deal with ISP providers, troubleshooting circuits and I dont want to be locked into only Cisco. I'm looking at the following:

1) SSCP
2) CEH
3) CCNA Security

If you can offer any suggestions or opinions of the best possible path. I'm currently enrolled for an MS for Information Security Mgmt and my ultimate goal is to be either:

Intrusion Detection Specialist
Vulnerability Assessor
Security Analyst
Information Security Auditor

Since I'm married with (2) kids my time is precious and I cant quite devote so much of my time to an job working plus 80hrs a week all the time. I'm currently working in managed hosting and its open up a few different ideas for me. I have some basic Linux knowledge, basic Cisco networking, and some virtualization. But I'm trying to get that cert that allows me to stay somewhat technical but that's also recognized. I haven't done much routing and Im doing some VPN stuff and port security, but I've also read CEH books and Im reading another one and it's pretty awesome. Just need some firm guidance and advice...serious advice.

Thanks

Find more posts tagged with

Comments

JDMurray

I would suggest carrying through to the CCNA Security as the logical progression from CCENT and Sec+. That does not lock you into Cisco and will give you the most immediate bang-for-your-buck on your resume. On your list you should also consider CASP for security and the JNCIA-JunOS to round out your network device experience. You also won't need to bother with the Network+ either.

YFZblu

I agree, finishing your CCNA and completing CCNA Sec would be a good move. I also like the idea of moving into Juniper if you're concerned about being considered a Cisco guy.

Maybe JD can shed some more light on this, but I think you should stay away from C|EH. I'm constantly hearing annoyances about its governing body, and I once had a security person tell me C|EH cheapens a resume.

spicy ahi

I concur with completing your CCNA security. It's Cisco-centric, but there are general security concepts that you cover which translate well. Your next step after that really depends on what you want to do. If you have a specific portion of security you want to delve into (pen testing, IA and auditing, policy making, etc.) I'd mention it here and folks will probably be able to point you to certs that would be good for whichever particular interest you have.

Specifity aside, some good general security certs you can pick up to get your foot in the door (in my opinion) are CISSP, CISM, and GSEC. Having those on your resume will generally get you an interview for most any security related jobs as they are intermediate/high level security certs that cover a broad base of topics. Good luck on your quest!

docrice

I'd recommend learning traffic / packet analysis. This means using free tools such as tcpdump and Wireshark and learning how TCP/IP works. The CCNA and CCNA Security only vaguely glosses over this area but when it comes down to it, if you understand how traffic flows and the protocols work between hosts and routing points, you command a much better grasp and core ability to troubleshoot / dissect / fix problems. Knowing how things interact with each other through the perspective of a network microscope seems to be a trait lacking among many network engineers. Only knowing which buttons to push on network devices doesn't provide the full perspective.

Laura Chappel's Wireshark Network Analysis book is probably the best all-around introduction to the topic. The book isn't cheap, but achieving your goals to become an analyst or security engineer isn't either since everything consumes time. InfoSec covers a broad range of subject areas, but much of it still lies on top of the packets and data which traverse the wire and being able to drill-down to the bit level early on will solidify your fundamentals rather than a long list of certifications. Many of the advanced topics (such as intrusion detection) will lean on this quite heavily, so if you already have this skill it will make your life much easier.

In the interview room, we're going to be more impressed by attitude and actual understanding of these basics than just a laundry list of certs.

JDMurray

YFZblu wrote: »

Maybe JD can shed some more light on this, but I think you should stay away from C|EH. I'm constantly hearing annoyances about its governing body, and I once had a security person tell me C|EH cheapens a resume.

The C|EH is good information to learn, but the EC-Council has changed the target market of their certifications from individual certification consumers (that's you and me) to employers needing to certify their workforce. The major result of this is a major increase in the cost to obtain the C|* certifications, making them much less economical for finding a job. If you check Dice.com, you will see a lot of job postings that mention C|EH, but also mention a lot of other--more economical--certs as well. Unless having the C|EH will help you get a specific job or position, I would say wait to take it until someone else (i.e., you employer) will pay for it.

As as far "cheapening a resume" goes, over the past few years the C|EH has been the source of a lot of dissatisfaction in the InfoSec cert community. If a hiring manager who has a poor opinion of the C|EH decides to disregard any candidates with C|EH on their resume, there is not a lot you can do about that. Consider that there is no ethical requirement to list any cert you have on your resume.

flt0nujr

Thanks for providing great feedback everyone. Yeah, I've heard some conflicting testimonies surrounding CEH. Most have stated to me that it's not truly worth the $500.00 + $100(fee) to take. Most have suggested to take the OSCP and perhaps the CISA. It's taking me sometime to get a clear understanding of which direction to go regarding my IT Security path.The difficulty has been not truly knowing what some of the job roles encompass. I've read through keartron's threads and also his website, and he himself also stated that not all infosec job roles were listed in his thread.

At this time, for the sake of sanity I've decided to use my current job role (Managed Hosting System Support Engineer) has launchpad into Network Security Engineering. I'm pretty much 1/2 way there anyway with having the CCENT and the Security+ certifications down. In this job role I'll continue to do site ti site VPN connections, Firewall rule changes, port security, sticky port configs, etc. Perhaps theirs some Infosec auditing job roles for me surrounding networks I can grow in. Well, it's time to totally dedicate my readings to the ICND2 book, my CCNA Security CBT Nuggets DVD, and my Boson labsims tests to get started. I'm shooting to have the ICND2 and CCNA Security completed by the end of this year. It's amazing how you just cant escape Networking fundamentals in just about every facet of IT.

Thanks again for the advice