My switch from IT Ops to IT Cybersecurity - Certification Roadmap for 2014

Just some ranting.

I am currently in IT operation, and particularly, in Desktop Support. I have always yearned to become either a System Admin or a Network Admin, and have worked plans to achieve that. Somehow since last year, something in me has changed and my interest in pursuing as a System Admin/Network Admin has waned. I'm getting more and more tired by the day-to-day ops with the never-ending demand and requests from users, repeating the same stuff over and over again (maybe the boredom bored me out?)

On the other hand, I discover myself growing more and more interested in cyber-security. Whenever I surf the Internet, visiting to local libraries or bookstores, I will naturally pop over to the InfoSec section. So I decide to switch my focus to be in InfoSec and also to work on certification related to cyber-security. On top of that, if there is any specific area that will aid in my understanding for InfoSec, I will also consider to delve deeper into them and obtain the relevant certification as well (am I too ambitious?)

Nevertheless, this is my currently certification plan that is to achieve in 2014 (Edited):

1. CEHv8 - achieved
2. ECSA
3. eLearnSecurity PTS/PPT
4. CCENT-> CCNA Security
5. GSEC

Probably that will keep my hands full for this year, but if I manage to complete them before the end of 2014, and still have time left, then I will want to learn more. Is there any suggestion from you guys? Thanks in advance. :)
«1

Comments

  • stryder144stryder144 Posts: 1,565Member ■■■■■■■□□□
    Have you considered studying for CASP, SSCP, or CISSP?
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • chopstickschopsticks Posts: 389Member
    I have heard of CISSP and know it is pretty in demand now.
    What about CASP & SSCP? I have not come across them yet (sorry for my lack of reading on my part).
  • TByrd450TByrd450 Posts: 65Member ■■□□□□□□□□
    I am probably 100% wrong but I am still going to speak. I have no certs right now, but I want to take some that you have listed. I see SSCP as a less known cert, and not as highly sought after. Isn't the SSCP more technically based. And personally I wouldn't waste my time with CASP. If I'm wrong please correct me
  • JasminLandryJasminLandry Posts: 601Member
    TByrd450 wrote: »
    I am probably 100% wrong but I am still going to speak. I have no certs right now, but I want to take some that you have listed. I see SSCP as a less known cert, and not as highly sought after. Isn't the SSCP more technically based. And personally I wouldn't waste my time with CASP. If I'm wrong please correct me

    The SSCP is not really technically based, it is very similar to Security+. I believe it's more of an introduction to the CISSP. It introduces the topics you'll dig deep into when studying for the CISSP. That's only from what I've read and heard.

  • bobloblawbobloblaw Posts: 228Member
    Not sure on the ROI for the ECSA. It gets zero hits on job boards.
  • N2ITN2IT Posts: 7,483Inactive Imported Users
    From my perspective (which is very little knowledge in security) the CISSP is the end game and everything else is icing. Just my perspective from what I have seen on these boards and other IT boards.
  • YFZbluYFZblu Posts: 1,462Member ■■■■■■■■□□
    Practically speaking, CISSP is moreso the end-game for Management / Risk. Not for technical positions.
  • BGravesBGraves Posts: 339Member
    I'd go Sec+ or GSEC if you can afford it and then try to find a position in infosec to start out.
    Cisco exams are good for networking, personally I'd go CCENT>CCNA R&S>CCNA SEC but not in a rush.
    CISSP requires a certain amount of time in InfoSec, wouldn't bother with that one till after you obtained a job in InfoSec.
    ECSA, if you learn stuff it's prob not a waste of time but I wouldn't bother with it myself. Same with CASP. Same with SSCP.
  • Master Of PuppetsMaster Of Puppets Posts: 1,210Member
    N2IT wrote: »
    From my perspective (which is very little knowledge in security) the CISSP is the end game and everything else is icing. Just my perspective from what I have seen on these boards and other IT boards.

    I have to agree here. Regardless of your infosec niche, the CISSP is key. It helps everyone. However, you do not seem to have the required experience for that. I wouldn't bother with SSCP. Might be better to become an associate of ISC by passing the CISSP and getting the full certification once you meet the experience requirements.

    If your interests are in network security, the Cisco track will be great for you. Also, I doubt how much the ECSA will help you. From your list, I would only do GSEC(the GIAC certs are great) and Cisco. That is, if I am corrent in assuming that you are striving for a position in network security?
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • chopstickschopsticks Posts: 389Member
    Glad to see more discussion coming :)
  • the_Grinchthe_Grinch Posts: 4,142Member ■■■■■■■■■■
    I'd agree that taking ECSA off your list as it does not hold any weight. OSCP should definitely be on your list since learning to think the way those who wish to break into your network/system is definitely important. You can't go wrong with CISSP for sure. I always point people in the direction of having a firm foundation in the technology you are trying to secure. Thus if you are thinking network security, CCNA should be on your list.
    WIP:
    Assembly
    Data Structures
    Javascript
    Work stuff
  • NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
    bobloblaw wrote: »
    Not sure on the ROI for the ECSA. It gets zero hits on job boards.

    Agreed. As far as I can tell...it hasn't really done anything for me. I only took it because EC-Council mistakenly included the study material in my CEH training package.
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAPosts: 5,735Member ■■■■■■■■■■
    This is (and what I'm currently doing) what I think is the best path when you are starting out: CCNA -> MCSA -> CISSP (or another well rounded security certification). Whether you begin with the CCNA or MCSA really doesn't matter. I'm currently struggling on the job because I don't have the Microsoft server knowledge that many experience before moving into a security role. As TheGrinch says, it's hard to secure what you don't understand. I'm not discounting on-the-job experience or your ability to search on Google for answers, but having a knowledge baseline is a big advantage.
    Currently working on: Linux and Python
  • bobloblawbobloblaw Posts: 228Member
    True. I've repeated this ad nauseam, but I don't expect anyone to know how to secure a network, Windows domain, linux servers, etc. when they haven't ran them.
  • N2ITN2IT Posts: 7,483Inactive Imported Users
    @ Bob no question about it. My statements were directed towards the certification path. I honestly believe if you have experience in half of the technologies you mentioned then a CISSP would snap in perfectly into your resume/CV/Portfolio of skills.
  • higherhohigherho Posts: 882Member
    YFZblu wrote: »
    Practically speaking, CISSP is moreso the end-game for Management / Risk. Not for technical positions.

    I agree, that and it isn't that difficult (From what my colleagues say. All of them got the certification in 3 and a half weeks). It just gives you an overall broad based view of security. I would choose someone with an OCSP over an CISSP any day if I was looking for a technical security individual.
  • bobloblawbobloblaw Posts: 228Member
    higherho wrote: »
    I agree, that and it isn't that difficult (From what my colleagues say. All of them got the certification in 3 and a half weeks). It just gives you an overall broad based view of security. I would choose someone with an OCSP over an CISSP any day if I was looking for a technical security individual.

    Your colleagues are being disingenuous, or have plenty of experience in the CISSP CBK (I expect the latter).
  • higherhohigherho Posts: 882Member
    That may be but three of them passed the CCIE (written and lab) so when they told me they did the CISSP in that period and said it wasn't that difficult I tend to believe them. They have a great deal of exp in both Networking and Systems. Honestly its not a technical certification (I consider it a managerial type cert ) so I would expect technical experts to pass it without a major issue.
  • bobloblawbobloblaw Posts: 228Member
    Clearly the latter. CCIE are a rare breed. I'm sure most things aren't difficult for them.
  • filkenjitsufilkenjitsu CCNA R&S, CCNA SP Posts: 558Member ■■■■□□□□□□
    I moved onto Service Provider from SWITCH because of relevancy. I am enjoying my studies much more now!
    Bachelors of Science in Telecommunications - Mt. Sierra College
    Masters of Networking and Communications Management, Focus in Wireless - Keller
  • filkenjitsufilkenjitsu CCNA R&S, CCNA SP Posts: 558Member ■■■■□□□□□□
    Oops! Wrong thread!
    Bachelors of Science in Telecommunications - Mt. Sierra College
    Masters of Networking and Communications Management, Focus in Wireless - Keller
  • chopstickschopsticks Posts: 389Member
    Hi all, I'm happy to say, I'm going to start my ECSA study this week. Hope to learn more with this certification. icon_study.gif
  • NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
    bobloblaw wrote: »
    Your colleagues are being disingenuous, or have plenty of experience in the CISSP CBK (I expect the latter).

    Having done both, I have to say that there is truth to what each of you say. Bobloblaw is right...the CISSP exam is a beast...even for someone with significant experience in the industry. That being said...being good at test taking can go a long way with an exam like the CISSP (regardless of how tough it is)...and that isn't true of a practical exam like OSCP.
  • chopstickschopsticks Posts: 389Member
    Added one more along the way:

    eLearnSecurity PTS/PPT
  • chopstickschopsticks Posts: 389Member
    Learned that in the world of InfoSec, knowledge in Unix/Linux is a must.. so I added general Linux learning as my supplement learning and reading. Decided to follow the Fedora/Red Hat distro.
  • supergsuperg Posts: 14Member ■□□□□□□□□□
    chopsticks wrote: »
    Learned that in the world of InfoSec, knowledge in Unix/Linux is a must.. so I added general Linux learning as my supplement learning and reading. Decided to follow the Fedora/Red Hat distro.

    Known as the "3-in-1 Linux certification", consider the CompTIA Linux+ certification. Once you obtain it you can apply for LPIC-1 and SUSE Certified Linux Administrator (CLA) certifications without further testing. If you want to dive deeper at a later time, you can advance via LPIC-2 and LPIC-3.

    Another point to consider, if you'll search for DoD Directive 8570 or 8140, you'll see an InfoSec advancement track well recognized by employers and government.

    DOD%208570%20Chart%281%29.png

    If I were in your position I would focus on these certs in addition to Linux+ and CCNA.

    A decent track would be Network+, CCNA Security, GSEC, Linux+ (3-in-1)/GCUX, C|EH, MCITP/GCWN.

    About that time you should have enough working experience to attempt the CISSP.

    You may want to look into getting a BSIT degree from WGU, this will help you obtain some of these certs while earning your degree at the same time.

    Online IT Security Degree | Information Security Degree | WGU College of Information Technology

    My 2 cents.
  • cli_ninjacli_ninja Posts: 1Registered Users ■□□□□□□□□□
    After you get some of the baseline certifications out of the way you may want to consider what you want to do in InfoSec and tackle some more specific certs/training in that area.

    For example, if you wanted to get into Malware Reverse Engineering, and were studying CCNA you might be able to spend you time more wisely. I know you may not know specifically what you want to do in security, but as you begin to dive into your studies, keep asking yourself that question.
  • chopstickschopsticks Posts: 389Member
    Thanks superg and cli_ninja for your great suggestion icon_thumright.gif
  • shajeershajeer Posts: 13Member ■□□□□□□□□□
    Well done , congrats chopstics..

    so have you shifted from IT OPS to security..
  • chopstickschopsticks Posts: 389Member
    shajeer, no no yet, because I have to build my InfoSec knowledge base first. :)
Sign In or Register to comment.