How many entry level Security certifications should I get?

reubs6 · December 2014

From talking with a lot of people in the industry, I've been told that it'd be a good idea to get some system admin experience, so I plan on starting to study for the MCSA cert at some point next year. Many system admins I've spoken to and many sites have said most start out as system admins first, which is good so that you really understand what it is you're trying to secure. I got my Security+ last month. My question is, how many entry level Security certifications should I get? Some get as many certs as they can, some just pick one entry level cert and then move on to server certs or CISSP if they have experience. One of the security analysts at my job got her Sec+ in March and is going for CISSP next. She's looking to get in forensics. I'm struggling to figure out my next move. I'm still not sure exactly what path I want to go down in Security, I just know I'd rather not do coding. I was considering doing SSCP next, but I heard most of the Security+ stuff crosses over, and I don't want to take the exam if I really don't have to. Same with SANS GSEC, I don't know if there's a point in having multiple entry level certs. Any suggestions are welcome.

Thanks.

si20 · December 2014

I don't know why your friend is wasting time doing security certs when they're trying to get into forensics. I highly doubt they'll help (this is coming from someone who was offered a job at two of the biggest forensic firms in the UK).

I don't think entry level certs are a bad thing - but you shouldn't aim to collect every single one. For example, one of my weaker areas is networking, so I started with the MTA so that it helps me in my job, so I know about various different protocols and network configurations etc. In my opinion, you should do a cert because it helps you, not just for the sake of it.

So get 1-2 entry certs out the way and then get yourself a mid-level cert along with experience and then aim for the big ones. I only felt comfortable starting the OSCP once i'd been working in IT for 5 years, studied a degree for 3 years and worked in security for 6 months, that's 8 yrs 6 months experience before I took on the OSCP.

In the future i'm going to get the MTA Server Fundamentals, then the MCSA then MCSE. It's all about your learning and where you want your career to go. Ultimately, I see myself as a server admin with a strong background in security. Ask yourself where you want to go, and choose certs that'll get you in that direction.

Hope this helps!

reubs6 · December 2014

Cool, great advice thanks. I'm slowly starting to see myself leaning in the same direction as you.

docrice · December 2014

Some places might give you points for being certified, but the security community in general give candidates little more than a pat on the back for them. While certifications are nice, what's really important is someone's ability to stay abreast of new updates in the field, adaptability, harnessing multiple data sources and finding the need in the haystack, mindset, ability to research a problem in-depth, and so on. It all comes down to knowing the lower-level things about systems, networking, risk, threats, data, applications, business processes, business drivers, and all the other things which make up the ecosystem.

Becoming certified certainly can add to your overall knowledge and I encourage continuously learning, but go for quality over quantity. As someone who has quite a few certifications, I'll be the first to say it doesn't necessarily demonstrate real technical competence for "qualification."

thatguy67 · December 2014

However many your job requires. If you are looking for an entry-level job, then the Security+ should be good.

reubs6 · December 2014

dorice, I totally understand and agree, which is why I'm not trying to just grab everything under the sun. I have the Security+, and really I just want to do whatever I can to progress my career and really get noticed and taken seriously. I can stay abreast on every millimeter of security with or without certifications, but no potential employer will know that since I don't have specifc InfoSec experience to speak to. I just hear a lot of different things, I want to just get my foot in the door. I know from experience certifications don't always mean anything. At my first IT job one of the guys in my training class in the first week had A+ and Net+ and a couple others, but he didn't even know how to click and drag to highlight cells in Excel lol, and that's because he used braindumps to pass his certs. So I guess all in all, I'm not looking for the "fast-track" by getting as few certs as possible, like someone that wants to lose 25 lbs in 2 days to fit into some clothing, but I also don't want to be redundant and just take certifications because they're there. At the end of the day, experience is king, so I'm trying to substitute for that in any way I can.

colemic · December 2014

thatguy67 wrote: »

However many your job requires. If you are looking for an entry-level job, then the Security+ should be good.

I'd take that a step further, and go for the ones required for the job you want in the future... we all know there's a conundrum between experience/certifications, but planning ahead a little can really pay off.

reubs6 · December 2014

Yea, thats the issue I have. I'm still figuring that out. It's hard to choose one lol.

docrice · December 2014

One of the best investments you can make towards a technical security career is to start looking at things in-depth. Keep probing as to why something happens rather than just take the textbook or knowledgebase document for granted which usually only dishes out superficial information. Often this means doing a lot of exploring, a ton of extra researching/reading, asking questions, and replicating things yourself. This is where a break/fix lab at home really helps.

A random example - how does a typical client workstation get an IP? What is DHCP? How does the server side function? How many packets are involved? What are the contents of those packets? How does the server side get configured and what options are there for it and what do they mean? What happens if there is more than one DHCP server? What happens if you place an unauthorized DHCP server in the same broadcast domain as the client host? Is there an implementation difference between a Microsoft-based and Linux-based DHCP service? What port(s) does this service run on?

Once you start understanding these seemingly-minor and take-for-granted things at a deeper level, then you can start thinking about how someone with malicious intent could do sneaky things. You have to go out of your way to expose yourself to new things to gain that insight. If you're working with Windows everyday, pick up Windows Internals and skim through that. Much of that may be over your head, but you'll start seeing how the engine under the hood works and the complexities involved.

Security certification studies only touches on these things and the culmination of long years of reading and experimenting is ultimately going to be the driving factor to your success. The certifications are there to help prove you have some grasp of security practices, but seeing past the UI or terminal interface will help distinguish you from the rest of the general pack. A good security team interviewing candidates will weed out those with just certification knowledge and those that go far beyond that extra mile.

JDMurray · December 2014

Job-wise, certifications get you a first-round interview and that's it. Once you are in that first interview, you are judged on on your knowledge and presentation only; your certs will just be a brief topic of conversation during the interview.

How many entry level Security certifications should I get?

Comments