Paths?

Hi all,

Looking at Networking or Security and trying to get a basic idea of fields within each. I've heard people mention different offensive VS defensive paths I could take. Offensive being something like Pen Testing while defensive would be like Application Vulnerabilities...if I'm even right about that.

Does someone know a site (or could explain) some paths or jobs available in Security? Maybe something like the CompTIA roadmap they have showing example jobs per certification, but not necessarily as exact?

Thanks and sorry for being confusing!
Goals for 2014: CCNA: Voice / CCNA: Security

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I think the SANS roadmap poster gives a good general idea of some of the subdivisions of InfoSec.

    http://www.sans.org/media/security-training/roadmap.pdf
  • the_hutchthe_hutch Banned Posts: 827
    A few off the top of my head...

    Vulnerability Management - Certifications for Nessus/Retina/Nexpose etc... (I know Nessus has one, not sure on the others)
    Forensics - EnCE, CHFI, GCIH
    Penetration Testing - CEH, OSCP, GPEN
    Boundary / Firewall - CCNA-Sec, CCSA, CCSE
  • widget101widget101 Member Posts: 29 ■■■□□□□□□□
    I believe the ENSA by EC Council is a defensive cert and a suggested prerequisite for the CEH, but I do not know anyone who has obtained one and thus cannot comment on its value.
  • NytrocideNytrocide Member Posts: 225
    So to start off, would Security+ and GSEC be the best two entry level IT Security certs?
    Goals for 2014: CCNA: Voice / CCNA: Security
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    That's a nice choice! Whichever direction you choose, those will be of benefit. I think that as far as network security is concerned, the Cisco track is great. Yes, I know it is vendor specific but regardless of that you will learn a lot. They do a great job of explaining the concepts and the knowledge from there can be applied to other vendors and equipment.

    I feel like it's important to point out that in case network security is your choice, it is quite vital to learn networking first(IMO). Many security enthusiasts overlook the fact that you can't really protect a network unless you understand how it works. It is not uncommon to run into security guys that know how to operate the firewall but have no idea what happens beyond that. Sometimes that can be a problem and a burden on the other members of the staff. I think the best security guys are the ones who know routing, switching etc. and can easily do an admin's job. Of course, you don't need to be a CCIE but you gotta know something.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
Sign In or Register to comment.