+ Reply to Thread
Page 2 of 2 First 12
Results 26 to 45 of 45
  1. Member
    Join Date
    Dec 2006
    Location
    Berlin
    Posts
    52

    Certifications
    CISA, CISSP, CWNA, Network+, A+
    #26
    Hi kmcnees,

    about SAP R/3 - I was an internal in 2000-2005 (full five years), I shared the time between SAP and security. I realized that to become a good external SAP consultant you need to really focus on it. You cannot be jack-of-all-trades and a SAP guru. Soo I would have to stick to it, and I don't like SAP. I like security, I like networks, but - sorry, SAP is boring. I can learn about security and have fun, if I learn SAP - no fun at all.

    Programming - I used to code in C++. It was better than SAP, but the fun factor was still to low for me.

    You see, I'm a difficult case. It's very important for me that I truly enjoy my job. Just after my studies I was prepared to perform boring tasks for good money. Now I adopt the "no-money-principle". Activities which I would perform without getting paid for it (like learning about security, teaching about things I find interesting, consulting, etc.) - are good candidates to become a vocation (they pass the no-money-test). If my hobby had been say drinking beer or watching x-rated films, I probably would have to do something else for my living. But I like IT security (and diet coke instead of beer). Is it not a sign from above?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Nov 2006
    Location
    Silicon Hills, Texas
    Posts
    109

    Certifications
    CISSP, ITIL, Masters of Science in Information Assurance
    #27
    This is one of the best threads I've read on these forums. The positive vibes this thread contains...the inspiration...the stories...they advice...WOW! Any way to have a "best of the boards" forums or have this stickied?

    Thanks to everyone who has added input to this thread - I felt so motivated after reading it!!!!
    Reply With Quote Quote  

  4. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #28
    Sticky it is.
    Reply With Quote Quote  

  5. sporadic member shednik's Avatar
    Join Date
    Feb 2007
    Location
    Pittsburgh, PA
    Posts
    2,005

    Certifications
    CCNP, JNCIP-ENT, JNCIS-SP, JNCIA, JNCDA, CCNA, CCNA:Security, MCP, A+, N+, L+, MST:InfoSec, CNSS 4011-4015
    #29
    Quote Originally Posted by drakhan2002
    This is one of the best threads I've read on these forums. The positive vibes this thread contains...the inspiration...the stories...they advice...WOW! Any way to have a "best of the boards" forums or have this stickied?

    Thanks to everyone who has added input to this thread - I felt so motivated after reading it!!!!
    I have to agree this is a phenomenal thread that anyone pursuing an InfoSec related career should read. Never a dull post when reading something by keatron
    Reply With Quote Quote  

  6. Member
    Join Date
    Dec 2006
    Location
    Berlin
    Posts
    52

    Certifications
    CISA, CISSP, CWNA, Network+, A+
    #30

    Default an update - 4 years later

    Hello everybody,
    I'm glad to have started such a popular thread and I would like to give you some feedback after I tried to use these ideas in real life. I hope it will be a word of warning (or encouragement) for those looking for career advice.

    In Jan 2007 I became an IT Sec consultant. I realized pretty quickly that success depends on two skills:
    1. Either you are a very technical expert (pen tests, firewalls, networks), or
    2. You are a skilled salesman and communicator.

    (If your computer skills are limited to "writing emails, sending emails, receiving emails" but you are a superb salesperson, you can sell many consulting days to clients and become a well paid local hero.)

    Another basic skill is being a native speaker. Clients cannot evaluate your work (they lack specific knowledge), so they either count pages of your report or check your syntax / punctuation to see if your service is worth its price. It's common to see 70 pages of report which could be 5 pages long and not give less information.
    In either case you need to be a native speaker, otherwise you produce report pages slower or of worse language quality than your colleagues.

    The black belt of consulting is called "deescalation". It's the ultimate skill and it means that you can deal with angry client and make him calm. In corporate environment it's enough to be right and to be able to defend your position (e.g. by argumentation or proof). But in consulting an angry client can walk away to a competitor just to have the last word. If your employer loses a client and you can be somehow blamed for it you may be in trouble - depending on your employer.

    Be aware that consultants are used as change agents, i.e. you deliver rationale to fire someone. This someone is your deadly enemy and dreams of showing that you are an incompetent a**hole. And you can't be competent of every single system the client uses.

    There is one misunderstanding worth mentioning. When I started to work as a consultant I hoped to LEARN new things. The problem is - when you learn, you don't bill. If there is an assignment where you could learn, probably someone else gets it, who already has knowledge to solve the problem and bill for it.

    Now, back to my story. I know the rules now, in 2007 I didn't know them. After about 5 months I knew that something goes terribly wrong and that my skills are in huge mismatch with job requirements. After 10 months (Oct/Nov 2007) I really sorrowed the job change, I knew it will end in a disaster but I decided to stay till the end of 2008 (to be there 2 years, and not to ruin my resume). End of April 2008 I started looking for new job in the city. That was really hard! Toxic work environment changes totally the way you think and behave, you don't have patience, you just dream of being able to go away, have long holidays and never see the place again. You have a real problem to get out of the bed in the morning. Unfortunately the interviewers see it and it's a no-no (and they are right - you are unable to perform). Finding a new job is an uphill battle. After my third interview I learned to give the right answers to recurring questions (really by heart) and in Dec 2008 I was able to leave that "bad" job for a new, corporate one.

    So to sum up what went wrong and my advice to you guys:
    - if you are not a native speaker - the game is skewed against you - leave it,
    - if you have some certifications it's not enough. Become a Cisco God or learn to sell, that are two working paths (simplified, but you get what I mean),
    - if you are salesperson type you don't need profound technical knowledge. Everybody will kiss your hands for making successful sales,
    - if you are a "geek" type be a genius geek or leave it,
    - if you want to learn new things, consider another jobs. Learning at home after 12h of office work is not an option either,
    - consulting job is tougher and in many cases less paid than corporate jobs. Be really sure you want this kind of job before you switch.

    A word about my future plans. I stick to my boring office job, and enjoy its predictability. Last two years I learned a lot about investing (my M.A. was in business, so I didn't start from level zero) and improved my saving for an early retirement (I'm 35). I dropped my certifications (maintenance fees, CPEs and training are costs) and used this money for investments. Without my certifications I wouldn't be able to get where I am in terms of job, but now they can't push me forwards anymore.

    I hope to have helped someone with this (loooong) story
    seccie
    Reply With Quote Quote  

  7. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #31
    Thanks for the fascinating and very relevant post that you added to this already great thread. I'm glad to hear things got better for you.
    Currently working on: Resting
    Reply With Quote Quote  

  8. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #32
    We get a lot of posts from people trying to break into infosec (many which are essentially the same thing over and over). I came across a few blogs on this subject which hopefully will keep this sticky more up to date:

    Rafal Los:
    http://blog.wh1t3rabbit.net/2014/02/...comedy-of.html

    Little Mac:
    http://forensicaliente.blogspot.com/...t-joining.html

    Mandiant:
    https://www.mandiant.com/blog/raisin...-professional/

    Info for BSides:
    http://www.securitybsides.com/w/page/12194156/FrontPage
    Reply With Quote Quote  

  9. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #33
    Here's another presentation (slides and notes only) from DEF CON Atlanta by "adric":

    http://www.atlbbs.com/sharkin/breakin-dc404.pdf

    http://f.adric.net/index.cgi/wiki?name=Breakin
    Reply With Quote Quote  

  10. Senior Member teancum144's Avatar
    Join Date
    Jun 2012
    Location
    Pacific Northwest, USA
    Posts
    227

    Certifications
    CISSP, CISA, CPA (inactive), Network+, Security+
    #34
    The following is a great video on what it takes to break into the security field:
    https://www.youtube.com/watch?v=0MFfBS4KskY
    Reply With Quote Quote  

  11. Member
    Join Date
    Aug 2014
    Location
    Long Island, NY
    Posts
    83

    Certifications
    SSCP, Security+
    #35
    Thanks, these all seem like great blogs and videos.

    Out of college I got an entry level position in Forensics and then I left the position for a more involved role with security as a Support Engineer for security product. I now want to move from that to a more analytical role or network security role in a financial firm. I just scheduled my Security + exam next week, once I pass that I think I will move onto the SSCP or the CISSP.
    Reply With Quote Quote  

  12. Junior Member Registered Member
    Join Date
    Jun 2013
    Posts
    2
    #36
    Hi Guys,

    Im an IT professional with 12 yrs of exp. I have 7+ yrs of programming background and 5 hrs of Project Mgt. I am quite faschinated by the IT security auditing domain and have attempted for my CISA certifications. Needed advice on further certifications so as to move into this field.

    Request all your valuable advices please.

    Regards,
    Reply With Quote Quote  

  13. Member
    Join Date
    Mar 2013
    Posts
    37

    Certifications
    CFE, C)ISSO, C)PTE, CNSS-4011, 4012, 4013
    #37
    I personally would go through the Cisco Security track. Cisco is regarded... add security to that, you'll be in demand. With limited funds, you want to invest in the more technical track since you already have your CISSP.
    Reply With Quote Quote  

  14. Junior Member Registered Member
    Join Date
    Jun 2015
    Location
    BR
    Posts
    3

    Certifications
    CEH
    #38
    Hey guys, whatsup! I'm new to the forum, I was always seeing the posts but I have never registered until now!
    I want you guys to give me an advice..


    My background:
    5 years of experience working with Security in as a Consultant at PricewaterhouseCoopers in Brazil.
    Certifications: CEHv8
    My projects are more related to Penetration Testing and Security analysis.


    My goal: work abroad. I want to work in Europe (I'm from Brazil). What do you guys think I need to study or which certifications should I seek to complete this goal? I have paid for the ECPPT, I'm studying for it at the moment, but I'm not sure if this will be enough for being accepted in job interviews abroad. I want to complete this goal in the end of July 2016, so I have 1 year to prepare myself. Which advise you guys would give me to accomplish this?
    Reply With Quote Quote  

  15. Senior Member teancum144's Avatar
    Join Date
    Jun 2012
    Location
    Pacific Northwest, USA
    Posts
    227

    Certifications
    CISSP, CISA, CPA (inactive), Network+, Security+
    #39

    Default Cyber Security Career Roadmap

    Reply With Quote Quote  

  16. Senior Member diggitle's Avatar
    Join Date
    Jun 2013
    Posts
    115
    #40
    In my experience the easiest way into information security is to target small companies. Enterprise companies are in need of a person with 7+ IT years of experience with CCNP, MCSE, etc) and Info Sec experience with CISSP. Most small companies due to budget constraints want trainable entry to mid level folks.
    Reply With Quote Quote  

  17. Junior Member Registered Member
    Join Date
    Nov 2012
    Posts
    1
    #41
    Same questions, but I've been long term unemployed. I acquired Linux+ last year, A+ & Network+ before that, however, I would like to learn more and get CERTIFIED in something useful Networking related. I found that the A+ exam was changing when I was taking it and don't wish to purchase anything that is on the verge of being obsolete in 6 months, that is related to the study guides. Any advice.

    I was certified AIX UNIX administrator for IBM for many years and support 24/7 Admin services, familiar with TCP dumps,firewalls, etc, just never worked with switches and perimeter devices. So, just being humbled by all the chatter and hope someone can make a constructive suggestion. I'm am nearing retirement age as well, but I've always worked in IT.

    Seeking suggested entry point certification for Networking Security and Self Study guides.
    Reply With Quote Quote  

  18. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #42
    This is quite an old thread to be revived, but I'd say go read up on the CCNA. After Network+, CCNA is a pretty logical step. For labs you can eBay older equipment cheaply. Although I'm not a proponent of vendor-centric certifications which tend to drift off into teaching about equipment rather than security, I think the material in the CCNA is a good start even though it's not really security-focused.
    Reply With Quote Quote  

  19. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,614
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #43
    Looking at what education/certification/experience is requested on job positing that a candidate find desirable is the best due diligence. I work in NetSec Ops and I use the information in the CCNA R/S every day. The same is true of the Security+, which has quite a bit of networking stuff in it, as does the CEH. All of those certs are asked for by hiring managers. Eventually, it comes down to what your budget for certs is.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  20. Junior Member Registered Member
    Join Date
    Sep 2016
    Posts
    1
    #44
    Myself bhuvanesh from India. I'm a BE graduate and holding CCNA & CEH certifications with 5years of IT experience (NOC -3yrs & SOC -2yrs). Since i do not have the programming skills, I'm very much confused on chosing my further path. Whether to chose CISSP or go for forensics or go for Incident handler..
    Reply With Quote Quote  

  21. Member kaiju's Avatar
    Join Date
    May 2017
    Location
    3rd rock
    Posts
    44

    Certifications
    MCSA, NCIE, NCDA, CASP, Sec+, Server+, ITIL
    #45
    You will get better results if you create your own thread.
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 2 First 12

Social Networking & Bookmarks