+ Reply to Thread
Results 1 to 11 of 11
  1. Junior Member Registered Member
    Join Date
    Feb 2012
    Location
    USA
    Posts
    5
    #1

    Default InfoSec Career Paths?

    Hey guys,

    First of all, congrats on the website/forum. I have found lots of useful here (I've consulted the site for almost a year now), so I decided to register...

    Now, to the point.

    I am a fresh computer science grad, currently working in customer support (temporarily - till i manage to start an infosec career). My wannabe-infosec adventure began when I wrote my Bachelor Thesis - "Computer Network Security by Intrusion Detection Systems". Of course it was relatively superficial, since I had zero experience on it, but completing it was more than enough to spark my interest for the infosec world.

    I am also trying to get enrolled in a Master's Degree (Cybersecurity). My understanding is though, that certifications are mandatory in the infosec world. (a simple search for infosec jobs online and the DoD 8570 directive indicate that someone MUST be certificated to have a career).

    So, my question is...what are the possible career paths in the infosec industry? Because my understanding is, that only 2 exist. Managerial and Technical. Now, I might be wrong here, but I trust you guys will correct me...

    Managerial would be Security+ > GSEC > CISSP ?

    Technical would be Security+ > SSCP > CEH?

    Are these examples correct? Are these the "only" paths? What else is there? And to what kind of jobs does each path lead to?

    Excuse me for the long post, but I am kinda excited & a noob as far as infosec goes.
    Reply With Quote Quote  

  2. SS -->
  3. Junior Starcraft Engineer
    Join Date
    Mar 2007
    Location
    Twin Cities, Minnesota
    Posts
    2,777

    Certifications
    A+, Net+, Security+, MCSA 2003, MCTS Win 7, AD, Net Infrastructure
    #2
    There are a lot of paths out there. One thing I will say though is that from everything I've seen, CISSP is pretty much your primary goal until you have it. While yes, it doesn't get too deep into technical security, pretty much any security professional should get it at some point.

    If you look at the GIAC "Roadmap", that can help you get a decent idea of some of the specializations. GIAC is not necessarily the only or best way to go, but it at least will give you some insights into security careers.

    For offensive security and penetration testing, the Offensive Security offerings are considered top-notch. For network security, CCIE: Security is another path. There is EnCE and some others for forensics.

    I will let the actual security professionals go further in-depth here, but I wanted to share my own findings from looking into this subject. There are a lot of paths, and it would be wrong to think that you're limited or even best of with simple certification paths such as S+ > SSCP > CEH.
    Reply With Quote Quote  

  4. Pancakes and Lasagna kurosaki00's Avatar
    Join Date
    Nov 2008
    Location
    Indianapolis
    Posts
    943

    Certifications
    CCENT, A+, Network+
    #3
    what exactly in infosec you want to do?
    networking? programming? ids? ips? forensics? etc

    this thread is recent and has a lot of good info

    Building a career path towards Cyber Security Expert
    meh
    Reply With Quote Quote  

  5. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #4
    Certifications may or may not be mandatory depending what the particular organization that you're applying to thinks about them and it's also highly dependent on the kind of path you want to take. It gets more complicated than just managerial vs. technical.

    http://www.sans.edu/research/leaders...ath-to-infosec
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Feb 2012
    Location
    USA
    Posts
    5
    #5
    Quote Originally Posted by ptilsen View Post

    If you look at the GIAC "Roadmap", that can help you get a decent idea of some of the specializations. GIAC is not necessarily the only or best way to go, but it at least will give you some insights into security careers.

    ...it would be wrong to think that you're limited or even best of with simple certification paths such as S+ > SSCP > CEH.
    You sir, are gold! That roadmap was what I was looking for, just as a reference point. I am trying to figure out what the possible paths are, so that I can choose.
    Reply With Quote Quote  

  7. Junior Member Registered Member
    Join Date
    Feb 2012
    Location
    USA
    Posts
    5
    #6
    Quote Originally Posted by kurosaki00 View Post
    what exactly in infosec you want to do?
    networking? programming? ids? ips? forensics? etc

    this thread is recent and has a lot of good info

    Building a career path towards Cyber Security Expert
    Well, pretty much everything except programming. As I said, I am trying to figure out what I like the most, but first I have to find out what the possible paths are.

    What certification organizations besides ISC^2, COMPTIA and GIAC are there?
    Reply With Quote Quote  

  8. Junior Member Registered Member
    Join Date
    Feb 2012
    Location
    USA
    Posts
    5
    #7
    Quote Originally Posted by docrice View Post
    Certifications may or may not be mandatory depending what the particular organization that you're applying to thinks about them and it's also highly dependent on the kind of path you want to take. It gets more complicated than just managerial vs. technical.

    Varied Paths Taken to Information Security Competency
    Yes, those testimonies are truly interesting. It seems that anyone can become an infosec pro these days...NOT. I had no idea this could be such a broad field.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Aug 2008
    Posts
    2,666

    Certifications
    MCSE: Security, MCTS x 5, P+, S+, N+, A+, HIT
    #8
    Take a look through this post. Anything by Keatron is excellent.

    Security certification - where to start?
    Reply With Quote Quote  

  10. Junior Member Registered Member
    Join Date
    Feb 2012
    Location
    USA
    Posts
    5
    #9
    Quote Originally Posted by Psoasman View Post
    Take a look through this post. Anything by Keatron is excellent.

    Security certification - where to start?
    Thank you, saw it! That guy is an InfoSec guru...
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Mar 2011
    Location
    Chicago
    Posts
    1,281

    Certifications
    CISSP-ISSAP, HCISPP GPEN, GSEC, GSNA, GCIH, E|CH, ECSA, Security+
    #10
    The field is tremendously large and sometimes a bit unwieldy at first glance. One hidden gem to keep in mind as a recent CS grad is to learn or keep up your development skills - particularly scripting. A great deal of security patches and maintenance uses scripts of some sort, even custom code so you have a leg up on many of us who simply went on to infrastructure and now finding ourselves relearning code practices again.

    - beads
    Reply With Quote Quote  

  12. Senior Member gabypr's Avatar
    Join Date
    Mar 2012
    Location
    Puerto Rico
    Posts
    136

    Certifications
    A+, S+, MCP XP, MCDST ,MCTS (Vista,7), MCITP Vista, MCSE 2003, 70-410, 70-687, VCA-DCV, EC-Council University Student
    #11
    Like others have said, the InfoSec career can be started in many ways. You can follow a single vendor certification path or multiple vendor certification path. SANS for example have many security certifications, but you take another route to mix different vendors to have a more abroad knowledge of security. For example you can start with CompTIA Security+, then take Windows 7 (70-680), then ISC SSCP, then EC-Council CEH and so on.

    EC-Council have many security certification covering many aspects such as Forensics, Disaster and Recovery, Ethical Hacking, Licensed Penetration Tester and others. You can check their certification list EC-Council | Courses which now received accreditation from the American National Standards Institute (ANSI).
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks