Kindly Guide Onto Right Path

[royal.a]

Hello everyone,

I am an electronics engineer with basic knowledge of computers & networking. I also have an Mba. I am in the marketing line at present.

That all said I'm switching turf to Info Sec. I know its a Broad term but honestly I a n00b in this domain. My passion for the field and to do something worthwhile has led me to leave my current job and study masters in info sec from UK this year.

I am about to join the course in 2 months time. Can someone tell me what path I should choose? I am not a programmer and don't wish to get into that sphere

I've been thinking about Linux, CCNA Security, CEH.......I don't have any certifications right now.

Kindly guide me where to start from ?


PS: I will be sitting for the CISSP at the end of my masters as its a part of my curriculum.

Thanks

[JDMurray]

For starting a career in InfoSec, you should really read through as many of the posts here at TechExams.net as possible, especially those on InfoSec jobs, certifications, and education. Lots of people here--including myself--have been successful in moving into an InfoSec career from some other IT specialization.

Part of the difficultly in making the move can be in choosing what area(s) of InfoSec to specialize in. It's a very broad field with many choices. To give you an idea, the CISSP CBK divides InfoSec up into ten broad and diverse domains of knowledge. They can range from cryptography to systems/network administration to security policies/processed to financial auditing. And there are plenty of subdomains in each domain as as well. After doing some research, you will typically develop a "gut feel" of what you want to do based on your past experiences.

As for certifications, the InfoSec beginner should start with the CompTIA Security+ certification. It's entry-level and gives a good feel for what types of knowledge you will need for higher security certs (e.g., SSCP, CISSP, GSEC). Security+ is also a respected cert and recognized by the likes of the DoD, HIPAA, and Microsoft.

[dynamik]

Have you looked at what domains of the CISSP interest you the most? Some are more complementary to a business background than others. That might give you some direction for how to proceed.

If you're looking at things like the CEH, OSCP, pentesting/ethical hacking, etc., it would really be beneficial to learn a programming language or two.

Keep in mind that you'll also need four years of full-time infosec experience to obtain the CISSP. You'll only be an associate if you don't have their requirements.

[royal.a]

Thank You Both!

I honestly don't know much about each of the spheres inside Info Sec. I think Security+ would be a good option to start with....I can decide what path to choose in the meanwhile....

I am looking at CISSP in management aspect.....I wish to do courses which would enhance my practical technical skills......As I am in India for next 75 days these might be cheaper to get the training.....I guess UK would be all self study due to high training costs

A friend of mine suggested me CCNA + CEH while other suggested me CEH + CHFI and later on OSCP.....

Honestly, I'm a little confused.....how much time will Security+ consume?

[JDMurray]

Quote:

Originally Posted by royal.a

Honestly, I'm a little confused.....how much time will Security+ consume?

That entirely depends on how much of the material you already know and how well you are able to study the stuff you don't. You need to start looking at some of the Security+ exam preparation materials and make the judgment yourself.

[royal.a]

Thanks again!

I'm planning to finish Sec+ in 2-3 weeks....i saw the course book.....will plan to finish CEH in another 8 weeks......

Any comments on the path......pls

My instructor is coercing me to take up MCP+CCNA+CCSA and then CEH........is that a good path to take to enter this field or the one that i've chosen ?

Thanks again

[JDMurray]

It really depends on what kind of career you are looking for. The "MCP+CCNA+CCSA and then CEH" path will make you look like a network admin who specializes in network security design and troubleshooting for Cisco products. If you don't already have that kind of work experience then you'll likely start out in an entry-level position (e.g., help desk, jr. netadmin) and work your way up regardless of what kind or how many certs you have.

Also realize that the MCP is just a designation that means you've passed (at least) one Microsoft certification exam. Just being "an MCP" doesn't indicate if you are a sysadmin, netadmin, database admin, or programmer. If you will need to start in a help desk position, the MS certs for supporting XP, Vista, and Windows 7 would be the best to get at first, followed by the MCSA and MCSE. If you want to be a pure netadmin, there are not many MS certs that will be useful to you.

[Turgon]

Quote:

Originally Posted by royal.a

Hello everyone,

I am an electronics engineer with basic knowledge of computers & networking. I also have an Mba. I am in the marketing line at present.

That all said I'm switching turf to Info Sec. I know its a Broad term but honestly I a n00b in this domain. My passion for the field and to do something worthwhile has led me to leave my current job and study masters in info sec from UK this year.

I am about to join the course in 2 months time. Can someone tell me what path I should choose? I am not a programmer and don't wish to get into that sphere

I've been thinking about Linux, CCNA Security, CEH.......I don't have any certifications right now.

Kindly guide me where to start from ?


PS: I will be sitting for the CISSP at the end of my masters as its a part of my curriculum.

Thanks

I would be careful about trying to use certifications as a lever to get into this field or any field quite frankly. They are useful but only a component. You are about to embark on a Masters degree in Infosec so concentrate 100% on that. At the same time make enquires to companies you have researched about the possibilities of being taken on at the end of your Masters degree. There is every chance you need to complete a dissertation to finish your Masters so that is a perfect lever into a company with potential Infosec needs. If the Masters is worth the paper it is written on you will not need any security vendor certs to make an impression. I cannot see how you can sit for the CISSP at the end of a taught Masters as the CISSP requires experience in the field.