21 y/o Needs a little help

Hi TE, need a little help.

I really want to get into I.T security as the demand is high and I find it to be an extremely interesting,

I was told I should complete CISSP, learn Java, and Linux system administration (looking briefly at shell, pearl and phython) as well as the Microsoft cert MCITP.

Problem is I read that you need 5 years experience in 2 of the 10 domains to sit the CISSP exam, if this is true how do I go about completing the exam without experience, was told not to do the ccna course.

Really I just need advice on the best way to get into I.T Security, don't want to take courses which are not going to benefit my future career, I was just about to buy the CISSP all in one book off amazon, I am currently not employed so I would be able to study pretty much full time 7 days a week.

This is the career path I really want to pursue for the rest of my life, I am still young and want to be successful, so really, just need some help from those who are already in the position that I want to be in.

Thanks for taking the time to read, hope I made myself clear and welcome any replies,

Dan.

Find more posts tagged with

Comments

jvrlopez

You can attain a designation of "Associate of ISC2" that you can hold until you accumulate the 5 years experience required if you pass the CISSP exam..

However, the certs themselves will not get you into an IT security job that I feel you have in mind. That takes time, experience, education, as well as the corresponding certs. It just doesn't happen overnight once you get the CISSP.

in7eL

Thanks, I understand your point completely, Which is why I asked about the other certs and if they would be worth completing as well, I need to know the best route/ if there is a specific route to take in order to get into this type of career.

Thanks,

dan

teancum144

The CISSP is not an intro level certification. It is a management-level certification. You needs some foundation first. The CompTIA certifications are vendor neutral and provide an excellent foundation to get an IT job or supplement your IT knowledge. I'd start with the following:
Here's a good path:

CompTIA A+
CompTIA Network+
CompTIA Linux+ (LPIC-1)
CompTIA Security+

By the time you've finished the above, you'll hopefully have worked a couple of years in an IT job. Then, I'd try to get a job as a Linux Admin. The following certifications will help:

LPIC-2
LPIC-3
RHCE

At this point, you'll well prepared to study for and pass the CISSP, and will have much of the experience required.

in7eL

Thanks for the reply tean, helpful, so your don't think it is possible or beneficial to sit the CISSP associate exam, get the qualification and then find some sort of work placement, do the basics first and then move onto the more advanced certs?

My question really is, are the compTIA really worth/necessary,

thanks once again

If the accosiate CISSP is passed, it states you require 5 years experience before you get the full qualification? I take it you don't have to resit if you pass within this 5 years?

teancum144

in7eL wrote: »

Thanks for the reply tean, helpful, so your don't think it is possible or beneficial to sit the CISSP associate exam, get the qualification and then find some sort of work placement, do the basics first and then move onto the more advanced certs?

My question really is, are the compTIA really worth/necessary,

thanks once again

Depends on your knowledge/experience. For example, a couple of years ago, I started working on the RHCE certification and found it difficult because my networking knowledge was lacking. I skipped the A+ certification (because I'd built PCs since my youth) and obtained the Network+ certification. I learned more studying for that certification than any of my others. After mastering the Network+ material, everything (Sec+, CISSP, Linux, etc.) seems easier. In fact, many who lack networking knowledge, struggle most with that CISSP domain. If you don't have the foundational knowledge (and experience), but still manage to pass the CISSP, you'll be a paper tiger.

I believe a career in information security is a process and not a destination. If you don't enjoy the process and want to take a shortcut to the destination, you probably won't enjoy it when you get there.

in7eL

teancum144 wrote: »

Depends on your knowledge/experience. For example, a couple of years ago, I started working on the RHCE certification and found it difficult because my networking knowledge was lacking. I skipped the A+ certification (because I'd built PCs since my youth) and got the Network+ certification. I learned more studying for that certification than any of my others. After mastering the Network+ material, everything (Sec+, CISSP, Linux, etc.) seems easier. In fact, many who lack networking knowledge, struggle most with that CISSP domain. If you don't have the foundational knowledge (and experience), but still manage to pass the CISSP, you'll be a paper tiger.

I believe a career in information security is a process and not a destination. If you don't enjoy the process and want to take a shortcut to the destination, you probably won't enjoy it when you get there.

Nice one mate, Like i said, I know its not going to be a walk in the park/overnight thing, just want the best possible route to take in order to accomplish my goals.

emerald_octane

With the Associate of ISC^2 toward CISSP you actually have six years to get the required experience. Yes, you can submit your resume for the full CISSP designation after five years of experience are obtained.

Having been an Associate and later fully certified, I suggest you do not pursue this particular credential except under two separate conditions:
1) You work for the DoD. There, the Associate of ISC^2 toward CISSP holds *equal* weight to a bonafied CISSP as it relates to 8570.1 requirements.
2) You are currently in an infosec related capacity. As mentioned above, you have six years to get the required experience. If you pass no other certs, this effectively gives you one year to find a full time, security related job for which to gain the required experience, and this is slim odds. You can substitute one year of experience for having a college degree or certification (I highly suggest both).

The associate title really doesn't garner much respect because recruiters don't know what it is. The best mileage for CISSP holders are job postings that mention the CISSP as either preferred or required, hence CISSPs (who will oft have more experience) will apply for these positions and will generally be preferred over Associates. It is not enough to be an associate. Given the same resume, my response rate increased exponentially when I became fully credentialed.

So, are you in school or employed currently? I'd get both if possible. It's perfectly fine to start studying now and everything but you have to keep in mind that there's alot of variables that goes into the credentialing process and staying competitive. If you don't plan it out properly you will just end up wasting money on the test and never achieve it's full benefit.

in7eL

emerald_octane wrote: »

So, are you in school or employed currently? I'd get both if possible. It's perfectly fine to start studying now and everything but you have to keep in mind that there's alot of variables that goes into the credentialing process and staying competitive. If you don't plan it out properly you will just end up wasting money on the test and never achieve it's full benefit.

School is not an option, I currently live in the UK but will be moving to Malta where my dad lives, so I am free of any distractions and can study my nuts off, I suppose the suggested route which seems fairly viable would be completing all the compTIA courses, including the linux stuff, playing about on vmware, finding a job relevant to the completed qualifications and then start working towards my CISSP.

Open to any suggestions really, I'm guessing the CompTIA qualifications are not very desirable, however do provide you with an introduction to the basics, in which you can find a job, gain the xp and start progressing?

CyberfiSecurity

The technical support or help desk would be where to start. You need to work your way up the ladder. While doing help desk you can claim for your security experience as you might do ACCESS CONTROL by creating username/password, account verification, reset password, and etc. I don't know about others, but I started out with CompTIA A+ and Network+ in 2002, and MCP, MCSA, and MCSE. Now, I see those certifications are useless; which regret to spend time and money on them. Since CCNA does not require experience, I think you should start there, then CCNA security, then Ethical Hacker, Security+, then CISSP.

LionelTeo

Mention many times.

SEC+, CEH, SSCP, GCIH, GISP, CISSP, CRISC, CISA, CISM.

I had listed the certs accordingly in terms of years of experience.

dustervoice

Try to get some working experience first. Passing a test doesn't really mean much it has to be backed by some sort of experience.

teancum144

Here's a relevant thread on this topic:

http://www.techexams.net/forums/security-certifications/112239-isacas-new-csx-cyber-security-nexus-certifications-roadmap.html#post953741

ansel1261

Hey Dan,
I would suggest having a decent understanding of Linux. For example, one of the hot tools in the field of security today is the Cisco FireSight IPS (Sourcefire, which is built on Snort re-branded). The management console (Defense Center) is built on Linux. Most of the Security tools in use today are built on some form of Linux. Even networking appliances are built on operating systems very similar Linux/Unix or Linux itself.
We have been doing some custom work with SIEM and Python is being used a great deal. We are writing a lot of simple programs to automate functions in Python. Python is a simple programming language for entry into the field.
CERT Wise- There is a lot of demand for SOC Analysts today. GCIH is like a roadmap into what you would be doing in a SOC. With a GCIH under your belt and an understanding of the attacks and process for handling the attacks you would be a good candidate for a SOC analyst Level 1 position. With some experience (put to work practically) you would be a good SOC Analyst Level 2 candidate.

BTW You mentioned Java, IMO there are a lot of security issues as well as performance issues with Java. A lot of companies are shying away from Java these days.