+ Reply to Thread
Results 1 to 10 of 10
  1. Senior Member 5502george's Avatar
    Join Date
    Jan 2013
    Posts
    256

    Certifications
    CISSP + Some others
    #1

    Default Which cert to get for my career?

    Good morning techexam community,
    I am at a crossroad and need some advice on which certification would help me in my career.

    Background:
    I am currently an information assurance manager
    5 years security background (COMSEC, EMSEC, Physical, security manager)
    1.5 years information assurance experience

    -I am proficient at vulnerability scans, active directory, auditing, certification & accreditation and EMSEC

    -I am NOT proficient at network design, programming, technical network knowledge

    So my ambitions are to someday become a security director of some type but it seems that a lot of these security positions require that security professionals are basically programmers, computer engineers or network wizards!

    I have the SEC+, if I have no ambitions on becoming a programmer or network admin and just want to stick with security what should I learn (master’s degree IA maybe?) or which cert should I go for next?

    ALL input will be appreciated!
    Last edited by 5502george; 07-14-2013 at 09:53 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Brain on a schtick badrottie's Avatar
    Join Date
    Jun 2011
    Posts
    115

    Certifications
    CISSP, CISM, CISA
    #2
    With the current changes the DoD is implementing, I would strongly advise getting the CISSP and/or CISM. Obtaining a Masters in IA would not hurt, but it will definitely hurt your pocket book if you are paying for itself, so you would have to factor in what the ROI would be in that situation.
    Reply With Quote Quote  

  4. Network Security tpatt100's Avatar
    Join Date
    Aug 2009
    Location
    Ypsilanti, MI
    Posts
    2,886

    Certifications
    CISA, CISSP, GIAC G2700, CEH, CHFI, Security+, CCENT, N+, A+
    #3
    I would pursue the CISSP and or the CISA. I would also try and address your lack of proficiency with networking knowledge. You don't need to know how to do everything but a strong foundation can only help you not hinder you.
    Reply With Quote Quote  

  5. Sarge da_vato's Avatar
    Join Date
    Jan 2013
    Location
    Online
    Posts
    442

    Certifications
    CISSP, CISM, CASP, CCENT, A/N/S+, C|EH, C|HFI
    #4
    I agree with tpatt. With a foundational understanding of networking you will a lot more effective at your job. Security is about protecting the entire infrastructure, how are you going to protect if you don't understand how it works?

    Are you Kirtland by chance?
    Reply With Quote Quote  

  6. Senior Member 5502george's Avatar
    Join Date
    Jan 2013
    Posts
    256

    Certifications
    CISSP + Some others
    #5
    Quote Originally Posted by da_vato View Post
    I agree with tpatt. With a foundational understanding of networking you will a lot more effective at your job. Security is about protecting the entire infrastructure, how are you going to protect if you don't understand how it works?

    Are you Kirtland by chance?
    Yup good old new mexico!
    Reply With Quote Quote  

  7. Sarge da_vato's Avatar
    Join Date
    Jan 2013
    Location
    Online
    Posts
    442

    Certifications
    CISSP, CISM, CASP, CCENT, A/N/S+, C|EH, C|HFI
    #6
    That's where I'm at, you're not in the IA office are you?
    Reply With Quote Quote  

  8. Junior Member Registered Member
    Join Date
    Aug 2013
    Posts
    1

    Certifications
    CCNP, CCNA Security, CCNA, MCP, A+ certification
    #7
    Hello All,
    I have a couple of questions regarding a career in infosec. I have a non technical bachelors degree. I am CCNP, CCNA Security, CCNA, MCP (XP), and A+ certified. I have about experience as a System Admin (Windows-based), and close to a year and a half experience as a NOC Engineer (Cisco), plus over ten years experience in tech support. Currently i am learning how to administer Linux.
    I want to move into INFOSEC which has been of interest to me in the past couple of years. I am looking for a vendor neutral certification since i already have a vendor based security certificate from Cisco, and was wondering about what to study. I want a well rounded training in INFOSEC, because i want to move to management in the field in the near future.
    Some people have advised that i should take the GCIH, but others argue that the CISSP is better. I have also heard some argue that a solid knowledge of Linux and Windows is required. I also see others emphasizing Network infrastrusture background.
    I want to make sure i make a good and reasonable decision before moving forward. I would greatly appreciate any feedback or advise.
    Reply With Quote Quote  

  9. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,617
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #8
    What I usually suggest is that you spend some time looking at job postings on Monster, Dice, and Linkedin, find the jobs you'd like to have, and notice what certs the hiring managers are asking for. After a while, you will see a pattern of the most requested certs for the type of position you want.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #9
    To the OP:

    Always consider bang for the buck.

    If working DoD, the far right of the chart is where you want to be: DoD 8570 Information Assurance Workforce Improvement Program

    Now, it would make sense to have a plan to get there.
    Based on your work experience, I'd recommend CISA > CISSP > CISM.
    The Auditor more immediately applies to what you currently do. The CISM would be nice to have also, but there would be a six month lag between tests. During this time, you could study for the CISSP, which would also help to prepare you for the CISM, due to the overlap between the two. If you can clear it in time, go ahead and take the CISSP in-between. If not, do it after the CISM.

    Now, that is all fine and dandy, but you have the issue of admitting a lack of knowledge for networking. Few things can irk the admin team more than someone firing off vulnerability scans without realizing how they can adversely affect the network.

    I'm not saying you should go out and "cert up" to address your programming, networking, and design weaknesses, but it won't hurt to read up on a few things, so you at least understand them theoretically. You hire your experts to do the nitty gritty, but you cannot afford to be clueless as a manager. (Whenever I think of clueless manager, I get an image of Dilbert's boss in my head.)

    Heck, I feel that I don't know enough about networking or security, and I have professional-level certs in these areas. That is, certs aren't enough. You can always go further than any vendor-specific or vendor-neutral cert.

    To the second poster (Nfoking):

    JDMurry gave great advice.

    It is very difficult to provide any recommendations, since you have not decided what you want to do yet. Usually, a person establishes an end state, and then we can attempt to help that person reach it, by helping them develop a plan to get there. If you have not decided on your end state, it will be difficult to help you get there.

    If you want advice on vendor-neutral certification for information security, then some of the best ones to get are from CompTIA, ISACA, and (ISC)2. Those are all vendor-neutral.

    Still, JDMurray's advice of finding the type of jobs you would find interest in, and making sure that you acquired those skills makes the most sense right now.
    Reply With Quote Quote  

  11. Member Killj0y's Avatar
    Join Date
    Mar 2010
    Location
    www.agoonie.com
    Posts
    39
    #10
    Not sure if this helps but I found this on IronGeek:

    Hack the Hustle! Career Strategies for Information Security Professionals - Eve Adams (BSides Las Vegas 2013) (Hacking Illustrated Series InfoSec Tutorial Videos)

    Tips and information about infosec careers given by a technical recruiter. It is very informative and insightful. I would suggest following her also. I think she tweets about job offerings if you are currently looking.

    @HackerHuntress
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks