+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 74
  1. Member
    Join Date
    Jan 2006
    Location
    Cape Town, South Africa
    Posts
    33

    Certifications
    MCP, MCSA +Messaging, MCSE, CNA, Network+, I-Net+, CIW-A, Linux LPI 101 & 102, CCNA, CCNP
    #1

    Default Security certification - where to start?

    Hi

    I want to get more involved in security. I currently have the following qualifications:

    A+
    MCP
    MCSE
    MCSA +Messaging
    Network+
    INet+
    CIW-A
    CNA
    Linux LPI 101 & 102

    Whats a good security certification to start with?

    Thx.
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Senior Member
    Join Date
    Aug 2003
    Location
    Pittsburgh
    Posts
    1,751

    Certifications
    MCSE, MCTS, CCA, Sec+, P+, L+, and N+
    #2
    Security+ or because of your Windows background MCSA: Security.
    Andy


    2014 Goals: 3 of 4 courses complete, 0 of 4 exams complete
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Mar 2007
    Posts
    12,320
    #3
    Agreed. Security+ is the typical starting point for security certifications. You can apply it towards your MCSA:S and MCSE:S, which you will need one and two additional exams for, respectively. It's really up to you want to do after that. There are several Cisco and Linux security certifications. You can also look into CEH, CHFI, SSCP, CISSP, etc. Read through the InfoSec forum to get a better idea of your options and go with what interests you.
    Reply With Quote Quote  

  5. Member
    Join Date
    Jan 2006
    Location
    Cape Town, South Africa
    Posts
    33

    Certifications
    MCP, MCSA +Messaging, MCSE, CNA, Network+, I-Net+, CIW-A, Linux LPI 101 & 102, CCNA, CCNP
    #4
    The MCSA: Security and Security+ seems a bit too basic and the CISSP too advanced, what's available inbetween those?
    Reply With Quote Quote  

  6. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,182
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #5
    The SSCP would be the next one up from the Security+ cert. The GSEC is also between the Sec+ and CISSP, but it's a very expensive cert, so I rarely mention it.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  7. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,225

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #6
    Quote Originally Posted by Spoonroom
    The MCSA: Security and Security+ seems a bit too basic and the CISSP too advanced, what's available inbetween those?
    Be careful with this assumption. I've had many people sit my CEH class and realize they should have had Security+ level knowledge under their belts first. I by have it, I actually mean have it, not just pass the test.

    I would say probably Sec+ (even if you do it self study).
    Then MCSA:Sec
    Then CEH
    Then SSCP
    At this point I'd suggest getting some Cisco in there. And you must start with CCNA, Then work the CCSP route (will not be easy, but worth it).

    By this time you should be very ready to start preparing for the CISSP.
    Reply With Quote Quote  

  8. Member
    Join Date
    Mar 2008
    Posts
    38

    Certifications
    SCJP,OCA
    #7
    Great Keatron , I learned a lot from you.
    Reply With Quote Quote  

  9. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Location
    Melbourne, Australia
    Posts
    1,932

    Certifications
    B.Sc, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #8
    Quote Originally Posted by keatron
    Quote Originally Posted by Spoonroom
    The MCSA: Security and Security+ seems a bit too basic and the CISSP too advanced, what's available inbetween those?
    Be careful with this assumption. I've had many people sit my CEH class and realize they should have had Security+ level knowledge under their belts first. I by have it, I actually mean have it, not just pass the test.

    I would say probably Sec+ (even if you do it self study).
    Then MCSA:Sec
    Then CEH
    Then SSCP
    At this point I'd suggest getting some Cisco in there. And you must start with CCNA, Then work the CCSP route (will not be easy, but worth it).

    By this time you should be very ready to start preparing for the CISSP.


    Hmmm, isn't this tooo long a way to earn a CISSP ??
    Reply With Quote Quote  

  10. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,182
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #9
    Quote Originally Posted by UnixGuy
    Hmmm, isn't this tooo long a way to earn a CISSP ??
    keatron is a world-class certified (ISC)˛ instructor who professionally teaches CISSP and SSCP classes and proxies (ISC)˛ exams. His advice for "CISSP success" is probably the best you will ever hear.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  11. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Location
    Melbourne, Australia
    Posts
    1,932

    Certifications
    B.Sc, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #10
    Quote Originally Posted by JDMurray
    Quote Originally Posted by UnixGuy
    Hmmm, isn't this tooo long a way to earn a CISSP ??
    keatron is a world-class certified (ISC)˛ instructor who professionally teaches CISSP and SSCP classes and proxies (ISC)˛ exams. His advice for "CISSP success" is probably the best you will ever hear.

    Yes, I really enjoyed his previous posts, and the certs he has obviously speak for themselves


    The thing is, It sounds like a pure academic route. I mean, where's the work experience in that ? the kind of experience that will make you a good candidate for CISSP ? or do we really have to go down the road of getting all these previous certs ?



    thanks JD Murray
    Reply With Quote Quote  

  12. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #11
    Quote Originally Posted by UnixGuy
    Quote Originally Posted by JDMurray
    Quote Originally Posted by UnixGuy
    Hmmm, isn't this tooo long a way to earn a CISSP ??
    keatron is a world-class certified (ISC)˛ instructor who professionally teaches CISSP and SSCP classes and proxies (ISC)˛ exams. His advice for "CISSP success" is probably the best you will ever hear.

    Yes, I really enjoyed his previous posts, and the certs he has obviously speak for themselves


    The thing is, It sounds like a pure academic route. I mean, where's the work experience in that ? the kind of experience that will make you a good candidate for CISSP ? or do we really have to go down the road of getting all these previous certs ?



    thanks JD Murray
    I don't think Keatron was in any way saying that practical experience is not a key factor in earning the CISSP, or any cert for that matter. He was simply showing a "Certification ladder" of progression. The OP asked for an intermediate certification between Sec+ or MCSE:Security and CISSP, so Keatron just addressed the varying levels and how one builds on the other.
    Reply With Quote Quote  

  13. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Location
    Melbourne, Australia
    Posts
    1,932

    Certifications
    B.Sc, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #12
    Quote Originally Posted by sprkymrk
    Quote Originally Posted by UnixGuy
    Quote Originally Posted by JDMurray
    Quote Originally Posted by UnixGuy
    Hmmm, isn't this tooo long a way to earn a CISSP ??
    keatron is a world-class certified (ISC)˛ instructor who professionally teaches CISSP and SSCP classes and proxies (ISC)˛ exams. His advice for "CISSP success" is probably the best you will ever hear.

    Yes, I really enjoyed his previous posts, and the certs he has obviously speak for themselves


    The thing is, It sounds like a pure academic route. I mean, where's the work experience in that ? the kind of experience that will make you a good candidate for CISSP ? or do we really have to go down the road of getting all these previous certs ?



    thanks JD Murray
    I don't think Keatron was in any way saying that practical experience is not a key factor in earning the CISSP, or any cert for that matter. He was simply showing a "Certification ladder" of progression. The OP asked for an intermediate certification between Sec+ or MCSE:Security and CISSP, so Keatron just addressed the varying levels and how one builds on the other.



    And there's a parallel practical experience associated with each cert. Hmmm interesting.
    Reply With Quote Quote  

  14. Junior Member
    Join Date
    Apr 2008
    Posts
    2

    Certifications
    ccna,mcse (NT) ,checkpoint
    #13
    realy cissp is the best in the business, But it is hard and i understand u need lots of experience to do exams.

    i would prefer to get into either cisco security or even software based security ,to get into specifics.
    Reply With Quote Quote  

  15. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,225

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #14
    Thanks JD and Mark for jumping in and helping clarify.

    For UnixGuy, think of it this way. Let's say you have 6 different certifications that all deal with 6 different areas of Information Security. Think of these as your 6 cans of Coke. Now think of the CISSP as the little plastic stuff that holds a six pack of coke together. Take your 6 cans of coke (your experience and other certs) and the little plastic stuff (your CISSP), add those together and you have a solid six pack that's held together well. For example, you might have a job as a firewall administrator. You might perform this job well for 6 or 7 years. However, you could be an expert firewall administrator, and not know squat about application security. In reality, the CISSP helps a security professional take all their years of experience, and certifications and FINALLY tie them all together and see clear relationships between it all. But there's the old saying "garbage in, garbage out". So in other words, if you are a person with only 1 can of coke (mimimal experience and minimal exposure to certifications), then the little plastic thing (CISSP) wont really do you much good, because you don't have any cans (experience and certs) to tie together. The CISSP is often described as a mile wide and an inch deep. But it should be understood that you don't go a mile deep because theoretically, you've already been 20 miles deep in several of the domains. I always stress experience first, then certs. However, sometimes you need the cert, to be awarded the opportunity to get the experience. But I often recommend people in the security field get vendor specific certs related to operating systems or network equipment they may be responsbile for securing. You can't possibly secure a large building if you don't know where all the doors and windows are. Additionally you need to know how to open and close these doors and windows. Same goes for systems and networks. Here's a few examples;

    How can one possibly understand group policy if they've never implemented or least labbed it out in preperation for MCSE? How could you know that group policies only apply to computers that are a member of the domain, OU, or site that group policy was applied to if you haven't done it, or again labbed it out. Not to mention you have to remember to give groups read and apply group policy permissions to the group policy object if it is to have any effect at all. If one doesn't understand these basics, then how could they possibly even start to secure a Windows based network? How does Kerberos work (in Windows world). What's sent in clear text and what's encrypted? How feasible is it for an attacker to forge a ticket and fool another device or computer in the realm to believing it's legit? If you've never implemented a Pix or an ASA then how could you know what it's default inspection rules for the FTP protocol is? We're taught that FTP uses ports 20 and 21 only. But is that actually accurate? Is is true that FTP actually uses dynamically allocated ports to actually do the data transfer part of an FTP session? How does the ASA default inspection rules allow for this? And if you know the answer to that, then what security concerns does this behavior and allowance or disallowance by ASA introduce or expose your organization to? Have you observed it's behavior via ethereal or some other analyzer or sniffer? What about the bazillion other protocols you're forced to allow into your network? Are you sure DNS only uses port 53? TCP or UDP? Both? When you perform a query for a resource on the web, does the response to query come back in on UDP port 53? What about zone transfers? Is that via port 53 as well? TCP or UDP? Are these zone transfers in cleartext? If they are, what can you implement to encrypt these zone transfers? How does Checkpoint Firewall solutions deal with this behavior? (And saying it just works doesn't count). Are the ways in which it deals with this behavior introducing unique security considerations? Isn't it true that the biggest problems with firewall, IDS, and other mechanisms is that they act and behave in a very predictable manner? How does NTFS file systems store data and files? What about NFS? FAT? What about ZFS? So how do ZFS and EXT2 differ in how they store and catergorize data? From a confidentiality perspective, which is more feasible? If you haven't worked with these file systems you might not know the answers. However, getting certifications can expose you to this very information and least give you some level of knowlegde in those areas.

    This list could go on and on. And obviously a CISSP that thinks they only utilize port 21 when they go to an FTP site and download files probably could have benefited from getting little more experience (or getting more cans) before getting the plastic peice (CISSP) to pull it all together. Because pulling it all together with too few cans causes us to have huge "knowledge gaps" and therefore renders us less effective in our roles as information security professionals.


    So UnixGuy, the above is some of the major reasons I suggest a path to the CISSP that's probably a little longer than what you normally hear. Thanks for reading. And I hope it helps.

    Keatron.
    Reply With Quote Quote  

  16. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Location
    Melbourne, Australia
    Posts
    1,932

    Certifications
    B.Sc, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #15
    Quote Originally Posted by keatron

    Keatron.

    Omg, wow!

    Did I say that you are one of the reasons why I kept on viewing this forum for 6 months ?

    This is very very helpful indeed, and I do agree with you aggressively


    I met many certified people, who are good in passing exams, but they don't have a competent knowledge/experience. They know stuff, but they don't have the full picture.

    I will definitely follow your advice. I will keep on pursuing certs and experience in my field (Solaris, Sun Servers/Storages ...etc). And only after getting acceptable knowledge/experience, I will shift to another field related to InfoSec. I will not think of CISSP, not now


    Thank you very much Keatron !
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Aug 2007
    Location
    Pittsburgh, PA
    Posts
    349

    Certifications
    Security+, Associate of (ISC)2
    #16
    What a brilliant example. Very well put as always, Keatron.
    Reply With Quote Quote  

  18. sporadic member shednik's Avatar
    Join Date
    Feb 2007
    Location
    Pittsburgh, PA
    Posts
    1,989

    Certifications
    CCNP, CCNA, CCNA:Security, MCP, A+, N+, L+, MST:InfoSec, CNSS 4011-4015
    #17
    Quote Originally Posted by Schluep
    What a brilliant example. Very well put as always, Keatron.
    +1...awesome...that response should be in a sticky called the road to the cissp
    Reply With Quote Quote  

  19. wibble! bertieb's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    981

    Certifications
    VCP5-DCV, VCP4-DCV, VCP3, MCSE:SI, MCSA2012/2008, MCITP:EA/SP2010, MCTSx8, MCSE2K3, Sec+, Dell Compellent Admin, ITILv3F
    #18
    I agree, that's worthy of a sticky.

    What a brilliant post! Thanks Keatron
    The trouble with quotes on the internet is that you can never tell if they are genuine - Abraham Lincoln
    Reply With Quote Quote  

  20. Occasional Member dave0212's Avatar
    Join Date
    Nov 2007
    Location
    Manchester, UK
    Posts
    190

    Certifications
    A few..... here are the highlights - CISSP, C|EH, SSCP, MCITP:EA, MCSE2000/2003:M/S, JNCIA-JunOS - Expired, CCNA:Security - Expired, VCP3/4/5
    #19
    Dito...

    Fantastic post

    As someone looking to enter IT Security it has given me a starting point to create a path to CISSP

    Currently working on Security+ and enjoying it
    Reply With Quote Quote  

  21. Member
    Join Date
    Nov 2006
    Location
    Denver, CO
    Posts
    93

    Certifications
    GREM, GCIH, CEH, ACASA, ACIA, ITIL-Foundation
    #20
    Quote Originally Posted by keatron
    Quote Originally Posted by Spoonroom
    The MCSA: Security and Security+ seems a bit too basic and the CISSP too advanced, what's available inbetween those?
    Be careful with this assumption. I've had many people sit my CEH class and realize they should have had Security+ level knowledge under their belts first. I by have it, I actually mean have it, not just pass the test.

    I would say probably Sec+ (even if you do it self study).
    Then MCSA:Sec
    Then CEH
    Then SSCP
    At this point I'd suggest getting some Cisco in there. And you must start with CCNA, Then work the CCSP route (will not be easy, but worth it).

    By this time you should be very ready to start preparing for the CISSP.

    Just to follow up with what you said Keatron, I figure it is about time I do some of these security certs and was curious if you still recommend someone to go through the MCSA: Security if they don't have any Microsoft certs currently? I was thinking of doing the certs you have listed in order but skipping the MCSA altogether. I am not a big fan of Microsoft products or their curriculum and in my current SOC where I work we use mostly Linux flavors for our workstations and all of our main servers are Linux.
    Reply With Quote Quote  

  22. sporadic member shednik's Avatar
    Join Date
    Feb 2007
    Location
    Pittsburgh, PA
    Posts
    1,989

    Certifications
    CCNP, CCNA, CCNA:Security, MCP, A+, N+, L+, MST:InfoSec, CNSS 4011-4015
    #21
    Quote Originally Posted by zenlakin
    Just to follow up with what you said Keatron, I figure it is about time I do some of these security certs and was curious if you still recommend someone to go through the MCSA: Security if they don't have any Microsoft certs currently? I was thinking of doing the certs you have listed in order but skipping the MCSA altogether. I am not a big fan of Microsoft products or their curriculum and in my current SOC where I work we use mostly Linux flavors for our workstations and all of our main servers are Linux.
    I don't think it would hurt to have the MS knowledge not sure all the duties that are entailed in the SOC, but having the knowledge when providing any type of service will definitely help out overall. like keatron said you can use that as one of your cans of coke
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Mar 2007
    Posts
    12,320
    #22
    While I agree with what Shednik says, you also need to focus on what you're working with now and what interests you. I believe the point Keatron was making was simply that you need to develop a variety of skills. I don't think that was intended to be a set-in-stone path to follow. Both Sun and Red Hat offer security specializations, so you might want to consider those if you're a *nix guy. I'm sure one of those would be an acceptable substitution for the MCSA:S. However, given the prevalence of Windows, you should strive for some MS certifications at some point.
    Reply With Quote Quote  

  24. sporadic member shednik's Avatar
    Join Date
    Feb 2007
    Location
    Pittsburgh, PA
    Posts
    1,989

    Certifications
    CCNP, CCNA, CCNA:Security, MCP, A+, N+, L+, MST:InfoSec, CNSS 4011-4015
    #23
    By all means I didn't mean that it was something that needed to be done...I just think IMHO that to be a really well rounded security professional it doesn't hurt to atleast have a sold MS foundation but on the contrary I think having a strong *nix background/foundation is even more important because of how much more you can do with different tools and such. I'm only scraping the surface of my journey through security I decided to stray away from MS for now and knock out some Linux experience then return to finish at least my MCSA since I only need 2 more exams. Sorry if that came off the wrong way.
    Reply With Quote Quote  

  25. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,225

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #24
    Quote Originally Posted by dynamik
    While I agree with what Shednik says, you also need to focus on what you're working with now and what interests you. I believe the point Keatron was making was simply that you need to develop a variety of skills. I don't think that was intended to be a set-in-stone path to follow. Both Sun and Red Hat offer security specializations, so you might want to consider those if you're a *nix guy. I'm sure one of those would be an acceptable substitution for the MCSA:S. However, given the prevalence of Windows, you should strive for some MS certifications at some point.
    Absolutely. Obviously, if you want to get into security, it's wise to learn how to secure something you already know. I made the point of it being impossible to secure something if you don't really know how that something works in the first place. In other words, how can you physically secure a building that has 100 doors if you only know that 20 of the 100 doors even exist. So if you already have Unix knowledge, then certainly that's probably a good place to start.
    Reply With Quote Quote  

  26. Coffee Addict coffeeking's Avatar
    Join Date
    Feb 2008
    Location
    WORLD
    Posts
    304

    Certifications
    BSIT from OIT, CCNA, CCNA:Sec, SECURITY+, MCITP: SQL SRVR 2008, CISA
    #25
    Keatron, thanks for a very detailed post. I had been thinking about starting a forum where I was going to ask you for some advice, not anymore, you said it all. Thanks for the time you put in to write such forums.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks