+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 43
  1. Junior Member
    Join Date
    Feb 2007
    Posts
    7

    Certifications
    A+, Network+, Security+, Project+, CIW Foundations
    #1

    Default Need helping chosing Security Certification

    I'm looking for a security certification that will actually enable me to land a security related job. I have the Security+, and while it's nice, its basic enough that I'm still doing tech support (ugh) and not security (which is what I want to be doing). I know some certs require you to have security experience (which I don't have). I want a certification that will let me get my foot in the door into the security area.

    Any suggestions?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Aug 2003
    Location
    Pittsburgh
    Posts
    1,948

    Certifications
    MCSE (old), SSCP, CCA, Sec+, P+, L+, and N+
    #2
    My plan is to do Sec+, then MSCA:Security. I aleady have already taken a Citrix related security exam and i'm looking at another one next year.
    Andy

    2017 Goals: 1 of 5 courses complete, 0 of 2 exams complete
    Reply With Quote Quote  

  4. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #3

    Default Re: Need helping chosing Security Certification

    Quote Originally Posted by cyberblade3001
    I want a certification that will let me get my foot in the door into the security area.
    Information Security is a very broad field containing many specializations and certifications. The kind of InfoSec job(s) that interest you will determine what types of certifications you should pursue.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Feb 2007
    Posts
    7

    Certifications
    A+, Network+, Security+, Project+, CIW Foundations
    #4

    Default Re: Need helping chosing Security Certification

    Quote Originally Posted by JDMurray
    Information Security is a very broad field containing many specializations and certifications. The kind of InfoSec job(s) that interest you will determine what types of certifications you should pursue.
    Long term I want to information security consulting (as in, go to a company, take a look around and suggest a plan for them to improve their security). I know that I can't expect to start there, so I'm looking for something that will allow to start working in the security area.
    Reply With Quote Quote  

  6. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #5

    Default Re: Need helping chosing Security Certification

    Quote Originally Posted by cyberblade3001
    Long term I want to information security consulting (as in, go to a company, take a look around and suggest a plan for them to improve their security).
    The full business continuity planning consulting or risk assessment and management? Or do you only want to specialize in a particular area, such as physical security or network security?
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Feb 2007
    Posts
    7

    Certifications
    A+, Network+, Security+, Project+, CIW Foundations
    #6

    Default Re: Need helping chosing Security Certification

    Quote Originally Posted by JDMurray
    The full business continuity planning consulting or risk assessment and management? Or do you only want to specialize in a particular area, such as physical security or network security?
    I'm trying to focus more on just Information Security. I know that is a part of Risk Management, but I'd like to focus on just that. Also, I don't see choosing between physical and network security, as I feel that both are crucial elements to total Information Security. So both, as far as those two options are concerned.

    Does that help at all?
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Feb 2007
    Posts
    7

    Certifications
    A+, Network+, Security+, Project+, CIW Foundations
    #7
    Quote Originally Posted by ajs1976
    My plan is to do Sec+, then MSCA:Security. I aleady have already taken a Citrix related security exam and i'm looking at another one next year.
    In order to get the MCSA:Security do you do the MCSA, then specialize or is it another route? Would this be a viable option for me to pursue given my goals?
    Reply With Quote Quote  

  9. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #8
    You need an idea of the specific kind of infosec work that you are looking for. Just saying "I'm interested in information security" is really too general of a statement from which to determine the direction in which you need to proceed from the Security+. I don't want to point you to the CISSP/CISM/CISA path if you are more inclined towards the MCSE/CCSP/CEH route, and visa versa. There isn't a single, "best track" for security certs. It all depends on what your infosec career aspirations are.

    You need to do work looking around on the information security-related job sites to get an idea of what kind of infosec work appeals to you. Once you know that, we can help you determine what security certifications are the best one for you to pursue.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  10. Johan Hiemstra Forum Admin Webmaster's Avatar
    Join Date
    Jun 2002
    Location
    52n31, 6e06
    Posts
    10,383
    Blog Entries
    3

    Certifications
    MCSE NT4 MCSA 2000/2003 Security+ (expired: CWNA, CNA, CCNA)
    #9
    Quote Originally Posted by cyberblade3001
    I'm trying to focus more on just Information Security. I know that is a part of Risk Management, but I'd like to focus on just that.
    It's the other way around, Risk Management is part of InfoSec. The latter is - just like "I want to work in IT" - too general to focus on. Something you could do to get a better idea of what jobs fit in Information Security, or more important: jobs that would fit you, you could try one of the many online jobsites and search for available jobs (i.e. using certifications or typical infosec terms as keywords).

    Quote Originally Posted by cyberblade3001
    I'm looking for a security certification that will actually enable me to land a security related job.
    Without experience to back up the certification that is very hard. The reality is that most people don't start out in information security without having years of experience in general information technology - the systems that you want to secure. For example, many full-time firewall and IDS/IPS admins were once network administrators, the same goes for system admins becoming penetration testers.

    But, it's not like you have an unlimited number of choices:

    CISSP - definitely a certification that can lead to a job, but it's impossible to get the certification without having years of experience. If you would meet the requirements for this one, it would have been your best bet.

    SSCP - Unfortunately not that well known as the CISSP nor as the following certs and will unlikely lead to a job, but also requires a year experience.

    CEH - a specialist cert that can lead to a job but again only when you have plenty of relevant experience.

    As you found out already, Security+ won't make you a security professional. It's a good one to have for virtually anyone in IT though and a good one to start with.

    CCSP - Even though it's niche, Cisco's market share is huge. Especially CCSP is hot right now. Not as golden as CISSP, but definitely a winner if you want to enter the security arena. CCSP is a track of 5 exams plus you need to be a CCNA (1 or 2 exams) which would give you some time to 'gather' experience. If you are a CCNA or CCNP for example this is in my opinion your best bet. Obviously it focusses on the more practical aspects of information and network security so it may not suit the type of job you're looking for.

    ajs1976's plan is also a good option. Although it can just as well be MCSE, or a current or future MCTS or MCITP. The reason why this is a good option is the experience issue I mentioned above - with several years of experience with Microsoft systems (or Cisco networks) your chances of getting a security professional job with the help of infosec certs will be much better.

    There are others, such as SANS (expensive, good one if your employer wants to sponsor it). And Checkpoint certifications, which is also more suitable as an 'addition' to other certifications and experience rather than an entry ticket to the security arena. There's really no such thing, it's road you need to travel, with likely jobs and certifications along the way that aren't infosec-only.

    Good luck with your decision!
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Feb 2007
    Posts
    7

    Certifications
    A+, Network+, Security+, Project+, CIW Foundations
    #10
    Quote Originally Posted by JDMurray
    You need an idea of the specific kind of infosec work that you are looking for. Just saying "I'm interested in information security" is really too general of a statement from which to determine the direction in which you need to proceed from the Security+. I don't want to point you to the CISSP/CISM/CISA path if you are more inclined towards the MCSE/CCSP/CEH route, and visa versa. There isn't a single, "best track" for security certs. It all depends on what your infosec career aspirations are.

    You need to do work looking around on the information security-related job sites to get an idea of what kind of infosec work appeals to you. Once you know that, we can help you determine what security certifications are the best one for you to pursue.
    Of the two tracks you listed I'd much prefer the former (the CISSP/CISM/CISA track). What would be a good starting place for that track? I realize that where I am right now (tech support) isn't going to help me much with that.
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Feb 2007
    Posts
    7

    Certifications
    A+, Network+, Security+, Project+, CIW Foundations
    #11
    Thanks for your reply Webmaster.

    I'm really hoping to avoid vendor specific certifications (if possible) though if thats what it takes to break into the security field I'll do it. It seems from looking around that the EC-Council certifications (CEH, ECSA, etc.) are probably my best option to start with-as they don't require experience in security. Should CEH, ECSA, etc. plus several years of general IT work be enough to get me into a security related position?
    Reply With Quote Quote  

  13. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #12
    Quote Originally Posted by cyberblade3001
    Of the two tracks you listed I'd much prefer the former (the CISSP/CISM/CISA track). What would be a good starting place for that track?
    Those certifications are typical in the management side of information security. Each of those certification requires actual industry experience to earn. You can study the objectives of the certification exams to get an idea of the type of knowledge required for a career in those field(s). You will also find that other, non-infosec learning, such as project management and accounting, will help you on the management side of infosec.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  14. Junior Member
    Join Date
    Feb 2007
    Posts
    7

    Certifications
    A+, Network+, Security+, Project+, CIW Foundations
    #13
    Quote Originally Posted by JDMurray
    Those certifications are typical in the management side of information security. Each of those certification requires actual industry experience to earn. You can study the objectives of the certification exams to get an idea of the type of knowledge required for a career in those field(s). You will also find that other, non-infosec learning, such as project management and accounting, will help you on the management side of infosec.
    Well, I'm planning on starting my MBA (probably with an MIS emphasis) within the next couple years. So that should help. I think for now I'll work with the EC-Council certifications that don't require experience.

    Thanks for your help.
    Reply With Quote Quote  

  15. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #14
    As JD pointed out already, we have to start looking at security just like we look at the medical field. Just saying I want to be a doctor is just the start, you also have to eventually decide what you want to specialize in (unless you want to be a general practitioner). In Infosec, you can view CISSP as somewhat of your "license to practice" kinda like having a license to be doctor. Then from there you'll need to decide what you want to specialize in, as it's almost impossible to be a master and regular practitioner of even the 10 domains. Now with those 10 domains, you can take one, like network and telecom security and even that one domain has it's own specialty areas.

    IDS specialist, firewall specialist, penetration tester, forensics investigator, security assessments (not to be confused with penetration testing because they are different), just to name a few. Most people hear the term Infosec, and they automatically associate that with network and telecom security, but in reality it's much broader than that. I know people who do nothing but design and test physical security, they break biometric mechanisms, social engineer the heck outta people, and do tons of other things that require little or no knowledge of network or telecom security. The fact is, in most small and medium sized companies, the security team usually consists of one person (if they have that much), so this person by default becomes a general practitioner. This is good for getting "exposure" to different areas of security, but in most cases you won't be exactly proficient in either area. For example, there's not a lot of general security people (one man security teams), that can properly do a complete forensics investigation from start to finish. It requires in depth knowledge of certain tools, extremely in depth knowledge of operating systems, and file systems, and considerable knowledge of local, state, and federal laws and regulations. You'd be hard pressed to gain and maintain all of this without doing it on a regular basis. But in the real world there are common trends to how these different areas are broken up.


    Network Security policy guys: Manager, CISO, sometimes the CIO (CISSP, CISM, CISA, other security management certs)
    They usually come up with network security policies. They come up with policies that best protect the network and company resources. It is often mistakenly said that these guys don't have to know much about the actual technical side of things as they only make policies, but this is not always the case. In order to make policies that can actually be implemented on a technical level, you have to be aware of what's possible at the technical level. The best way to gain this knowledge is by actually "doing" it on a technical level. This is why I'm a fan of the policy guys being guys that have spent some time in the trenches. Often times you end up with wasted time as proposed policies go back and forth before something actually doable is produced. An example: Network Security Policy dude says "I think all TCP traffic from the outside should be blocked at the firewalls". Network Engineer says "Ahhhh, are you sure you mean ALL traffic?" The policy guy also has to be concerned with how security implementations affects functionality and availability as well (look up the CIA triad).

    Network Security Engineer guys (CISSP, CEH, other vendor specific security certs)
    They take policies or security requirements and engineer or design technical solutions that will make these policies an enforced methodology. This is the person that usually sends stuff back to the manager saying it's not possible, or it's not feasible. The security engineer will usually be very well versed and know a lot about current/available technologies. He would also be wise to have skills needed to test the strength of his designs before rolling them out in production. It's also helpful (if not a requirement) that this person have some vendor specific certs not security related. For example, if the company uses Cisco equipment, then this person needs to be very familiar with how this equipment works, and how it is configured. So CCNP, CCDA, CCSP would be helpful and probably even required if it were my decision.

    Network Security Jr engineers, technicians, etc (Security+, Network+, Vendor specific security certs)
    These are the people that will either be implementing or assisting with whatever implementation the engineer comes up with. If he's smart he'll always be wondering and asking why a certain design is this way or that way (so he can one day be an engineer). Or just blindly implement without having a clue as to why and never progress beyond assisting (in some circles it is required that you don't ask why, due to seperation of duties and "need to know" type situations).
    Same goes here for the Cisco entry and mid level certs.

    Network Security Analysts. (ECSA, Vendor specific IDS certifications and IPS certifications)
    They might actually touch stuff and implement a little bit, but they mostly analyze logs (loganalysis), tweak IDS rules (remember a true IDS is passive so they can't screw up communications here much), decide when there's a breach or potential breach and other similar functions. Again, if Cisco equipment is in use, then the entry level certs that aren't related to security would be paramount here.


    So now let's pretend your company has all these people in place, and IDS guys report a potential breach has happened. Now comes the other side, forensics and incident response guys.

    Forensics Investigator (EnCE, CHFI, and other vendor specific forensics certs)
    Since the IDS guys think there's an incident, but can't prove it, they need to forensics guys to pretty much 1. decide if there's indeed been a breach, 2. prove there's been breach, and 3. if there has been take steps forensically to ensure that a forensically sound investigation can actually take place and ensure that if prosecution turns out to be the desire of the company owner/owners, the case is not thrown out of court because of not following commonly accepted rules of evidence. This person might have to communicate and work with all the folks above to actually obtain certain logs (because the person configuring a router or firewall is the best person to ask where they configured the logs to be stored). He will certainly have to work closely with the CISO in order to get permission to get all this information in the first place. The days of the CISO saying to everyone on the security team "give this guy whatever he asks for" are long gone. In actuality the process is much more granular and tedious than that. In this person's case, knowing where logs are stored will only help his case and might even speed up the process if he can tell the security guys exactly where to look for what he needs. So knowledge of equipment logging and storing procedures can only help. Which is why I would again recommend knowledge of Cisco equipment if that's what the company uses.

    Forensics analyst/examiner (EnCE, CHFI, and other vendor specific forensics certs)
    This person would usually be in a forensics lab and would actually be the one examining all the collected information (or actually copies of it). He would be performing data carving, file system analysis, log validation and all kinds of other functions that would locate evidence to prove or disprove what the IDS guys initially thought happened.

    Now keep in mind this is just the scratch of the surface of the network and telecom side. There might be an entire risk assessment or risk management team that does nothing but try and keep these things from happening by using quantitive and qualitive data to decide based on occurences and potentials what to spend on what, and where things need to be tightened down more. There might also be an incident response team or person that is responsible for deciding who deals with what and how it's dealt with when it happens. So the fact that the IDS guys report to the CISO he engages the forensics team should be something already planned by the incident response team in coordination and with the help of the rest of the security team. Often times the incident response person is temporarily called upon to be the "quarterback" of the entire security team as a whole, because during an incident they will probably become part of what's known as an incident response team that includes not just IT Security but other areas of the company as well (HR, PR, Accounting, Loss Prevention, etc.). Once this breach is contained, there could be an effort to get someone unbiased, that's not part of the company to regularly assess the security posture of the organization in hopes of minimizing the changes of a breach happening again. Enter the Penetration testers, security consultants, and security assessment guys. Understand these roles can all be carried out internally as well, but just like with auditing of financial records, it holds more weight when a third party does it.

    This is certainly not intended to be a comprehensive post that spells out every possible position in Infosec, but it is intended to give you an idea of "how deep the rabbit hole goes".

    Keatron.
    Reply With Quote Quote  

  16. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #15
    Keatron:

    That last post of your belongs in a sticky or FAQ on Secuirty Certifications. Great post.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Aug 2003
    Location
    Pittsburgh
    Posts
    1,948

    Certifications
    MCSE (old), SSCP, CCA, Sec+, P+, L+, and N+
    #16
    Quote Originally Posted by sprkymrk
    Keatron:

    That last post of your belongs in a sticky or FAQ on Secuirty Certifications. Great post.
    I second that. Thanks for the info.
    Andy

    2017 Goals: 1 of 5 courses complete, 0 of 2 exams complete
    Reply With Quote Quote  

  18. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #17
    Done!!
    Reply With Quote Quote  

  19. Member
    Join Date
    Sep 2007
    Location
    Boston, MA
    Posts
    56

    Certifications
    Network+, CCNA, Security+
    #18

    Default This thread is _exactly_ what I was looking for!

    I'm in a similar situation to cyberblade3001.

    I've only worked peripherally in IT for years now... I just recently left a finance job at a corporate-level hosting provider with the intention of starting a career in InfoSec. After years of finding the technology-related aspects of my job infinitely more interesting than the finance aspects I finally decided to go for it and try to change careers (again - I have a music degree)

    My plan is to start with Network+ (I'm pretty close to knowing that material already), then move on to Security+, then CCNA. From there I'm not sure whether it's more prudent to go for another vendor-specific InfoSec-related cert, like Checkpoint, or focus more on a specific OS track. I'm far more interested in the "big picture", than in narrowing my scope of expertise to a specific OS.

    Anyways, thanks again for this thread. I have a lot of decisions to make, but I'm excited about the possibilities! I haven't felt like that in too long...
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Aug 2003
    Location
    Pittsburgh
    Posts
    1,948

    Certifications
    MCSE (old), SSCP, CCA, Sec+, P+, L+, and N+
    #19
    Quote Originally Posted by cyberblade3001
    Quote Originally Posted by ajs1976
    My plan is to do Sec+, then MSCA:Security. I aleady have already taken a Citrix related security exam and i'm looking at another one next year.
    In order to get the MCSA:Security do you do the MCSA, then specialize or is it another route? Would this be a viable option for me to pursue given my goals?
    You work on the MCSA with the plan of getting the specialization. The MCSA requires a client exam, to Windows server exams and an elective. the specialization requires the same first three exams and two 'restricted' electives. Any of these restricted electives will count as the elective for the MCSA.
    Andy

    2017 Goals: 1 of 5 courses complete, 0 of 2 exams complete
    Reply With Quote Quote  

  21. Member
    Join Date
    Mar 2008
    Posts
    38

    Certifications
    SCJP,OCA
    #20
    Wow Keatron,Great post man. (I was referred by schluep)
    It will really help me in understanding my future goals.
    Reply With Quote Quote  

  22. Junior Member
    Join Date
    Apr 2008
    Location
    Florida
    Posts
    4

    Certifications
    CISSP, A+, Network+
    #21

    Default Great post keatron

    Great post keatron! Was refered by shednik.
    Reply With Quote Quote  

  23. Junior Member
    Join Date
    Oct 2008
    Location
    clearawater florida
    Posts
    12

    Certifications
    98 a+ four core mcp net +
    #22

    Default Re: Need helping chosing Security Certification

    Quote Originally Posted by JDMurray
    Quote Originally Posted by cyberblade3001
    I want a certification that will let me get my foot in the door into the security area.
    Information Security is a very broad field containing many specializations and certifications. The kind of InfoSec job(s) that interest you will determine what types of certifications you should pursue.
    What are your views on ISC2 and ITIL. I hope this is relevant. I am new to the security arena of certification but highly interested.
    Reply With Quote Quote  

  24. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #23

    Default Re: Need helping chosing Security Certification

    Quote Originally Posted by robertguess
    What are your views on ISC2 and ITIL. I hope this is relevant. I am new to the security arena of certification but highly interested.
    ITIL is very strongly related to security management. I can see the CISSP, CISM, and ITIL being very good complementary certs to have. I've heard that the next revision of the CISSP exam will have ITIL questions on it too.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  25. Member
    Join Date
    Jan 2009
    Posts
    46
    #24
    Quote Originally Posted by Webmaster View Post
    CCSP - Even though it's niche, Cisco's market share is huge. Especially CCSP is hot right now. Not as golden as CISSP, but definitely a winner if you want to enter the security arena. CCSP is a track of 5 exams plus you need to be a CCNA (1 or 2 exams) which would give you some time to 'gather' experience. If you are a CCNA or CCNP for example this is in my opinion your best bet. Obviously it focusses on the more practical aspects of information and network security so it may not suit the type of job you're looking for.
    The equipment costs will be high if you go after the CCSP, and you're going to have to learn new technology and cabling. You can also do this with virtual equipment, but again, the learning curve will be steep if you're not already familiar with it.
    Reply With Quote Quote  

  26. Senior Member onesaint's Avatar
    Join Date
    May 2011
    Location
    Los Angeles
    Posts
    781

    Certifications
    CCNA, RHCSA
    #25
    Quote Originally Posted by JDMurray View Post
    You need an idea of the specific kind of infosec work that you are looking for... You need to do work looking around on the information security-related job sites to get an idea of what kind of infosec work appeals to you. Once you know that, we can help you determine what security certifications are the best one for you to pursue.
    Sorry for bringing this thread back from the depths.

    JD, can you list a few of those search boards? I'd like to nail down a direction into infosec as well, but with the vastness of positions its hard to know what to get into and frankly, what those positions actually entail (the example being the pentesting paper pusher).
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks