Infosec Career options, opportunities at work

Good evening, I’m currently a Network administrator for a small MSP and have been for over a decade. I have about 8 MCP certs in areas like 7 / Server 2008 / Exch 2010.

I’ve expressed my ambition to my Employer that I’d like to alter my career path and go into InfoSec. Now, I currently don’t have much knowledge about infosec and neither does the MSP I work for. My Employer has said he would be happy for me to do any course that would mean I could then be qualified / knowledgeable in infosec area’s so we could then apply it to our customers. Particularly relating to replacing all of our customers routers / security appliances with another brand that I would be able to support. This would be good for my employer, and be good CV filler for me as this would be my project! (FYI I’ve been reading up about CISSP / CCSP)

I think in an ideal work my employer would like me to do something Cisco related, however I would like to go into an area that would also provide me with enough knowledge and experience to go on to do a role either outside of this particular company or within this company as a separate entity which would provide security consulting to our current client base.

I would very much like to forge a path into infosec. However, I also need to consider if spending 4months+ studying for the 70-417 upgrade exam so I can attain the MCSA server 2012 will be worth my while if I want to go into Infosec?

Thank you for reading.

Find more posts tagged with

Comments

adrenaline19

Why do you want to get into infosec? Do you want a raise? Vendor specific certs are good for what you want. Any SANS certs are good too if your employer is willing to pay for them.

londonlad

I take a very keen interest in Infosec - it isn't about a raise at all. Its something the company want, and something I want too.

TheFORCE

londonlad wrote: »

I take a very keen interest in Infosec - it isn't about a raise at all. Its something the company want, and something I want too.

What is it about Infosec that has impressed you the most?
Infosec is mostly about putting controls in place that will protect whatever system your company might be using. Those controls can be a policy or a technical control.
You might want to get your hands on ISO 27002:2013 and NIST SP 800-53 and read some of these framework controls. Also a good idea would be for you to get ITIL. I know ITIL is not taken seriously buy individuals but companies do take it seriously.
Also, continue for your MCSA 2012 it will help you down the road.

636-555-3226

Ditto read up on ISO 27002:2013 (relatively cheap to buy) and NIST SP 800-53 (free to download, but LONG).

if you want specific technical training, SANS is recommended if your employer will pay for it.

CISSP won't give you a lot of hands on technical things-to-do-at-work-right-now type of knowledge.

Some self-study courses like OSCP or the Cisco security track would be suitable.

OSCP or any hacker-related coursework will help because it gives you insight into how you'd ever get attacked. Knowing how to secure something is one thing, knowing how you verify you've secured it is entirely different.

Cisco-track would be good to help secure network devices, assuming you have Cisco @work

E Double U

GSEC would be a great place to start if your employer will pay for SANS training.

If you have access to Cisco equipment then you can self study for CCNA/P Security.

londonlad

I enjoy the technical aspect, working out different methods to block different threats on the LAN, through email or web browsing.

My primary objective would be to find a cert I could do, which would help to enable me to then implement a solution that I would be comfortable in implementing to secure clients networks from internet gateway point of entry.

IronmanX

londonlad wrote: »

My primary objective would be to find a cert I could do, which would help to enable me to then implement a solution that I would be comfortable in implementing to secure clients networks from internet gateway point of entry.

Sounds like you want to implement IPS/IDS and a SOC.

Check Point offers products and training/certification. This will probably only really be useful to you if your company planes on using Check Point products.
Security Administration (Check Point Certified Security Administrator (CCSA) R77.30) | Check Point Software

If I was you I would start off with Sans GSEC. Then your going to have to learn a lot about IDS/IPS (Snort maybe?). Then your going to have to hire a 24x7 team for this SOC.

adrenaline19

I love the OSCP but it doesn't seem to be what you are looking for. I seriously think some of the SANS courses are perfect for your desire.

Cisco has some vendor certs too that would be great.

Hell, you could always go get your Sec+ from Comptia just to get a taste of the environment and decide where to go from there.
With your networking background, you could knock that cert out with less than a week of studying, and it'd give you direction on what to pursue next.

londonlad

Thanks for the replies. When you refer to SANS, do you mean the GIAC SANS - there seems to be loads of certs to go for?

adrenaline19

Yeah.

SANS has a whole buffet of courses. Find the one that best fits your desire and go for it!

They are expensive but well worth the money from what I've read.