RE: Entry Level Certifications

["Hardeep" <Hardeep () Lvmt com>]

Security Certs entry level:
You could do as everyone else has suggested the Security+
Then I would possibly suggest doing something like and MCSE that will
cover your technical knowledge and the Security+ with an additional
module will give you and MCSE with a security specialisation,
Once you have either your MCSE or MCSA with security specialisation you
can sit one exam with CIW and become a CIW Secuirty Analyst - in essence
you are looking at killing as many birds with a stone as possible.

As everyone has stated these will show that you are focussed towards
security and grow your technical knowledge before you "mature" to
management level of CISSP...

Hardeep



-----Original Message-----
From: jsn.link () gmail com [mailto:jsn.link () gmail com] 
Sent: 27 March 2006 22:48
To: security-basics () securityfocus com
Subject: Re: Entry Level Certifications

Matt,

A couple years ago I found myself asking the same questions with little
hands-on experience and no formal training in a field that, at that
time, was largely foreign.  If you have spent any amount of time looking
at certifications, you will find there are many options available.
These are just a couple that may help you.  

I started with a Cisco CCNA material.  Although I never became
certified, the topics covered and the detail provided, in my opinion,
provides an excellent foundation for anyone working with networks or
network infrastructures.  Although the Cisco CCNA does teach their
product, there are many core fundamentals gained while going through the
certification process.  Check out www.cisco.com / Learning & Events /
CCNA.

Fortunately I had a couple mentors that helped 'guide the way' by
recommending GIAC certification(s).  I went to a GSEC (security
essentials) conference and later a GCIA (intrusion analyst) conference.
Both of which I earned silver certifications.  Check out GIAC at
http://www.giac.org/  or the SANS Institute for conferences
http://www.sans.org/. 

Keep in mind that most certifications will be valid for a limited time
(2-4 years).  That is, you must 'do something' to maintain your
certification.  In addition, most certifications teach, what I call,
hard-skills "how to configure an access-list" or "how to optimize a
server application".  The soft-skills are often overlooked "how to
report an incident to management" or "how to communicate to peers why
change is necessary or beneficial".  

In my opinion, I see these certifications as stepping stones toward the
CISSP.  Again, I think there are many ways of getting there and no
'right' or 'wrong' way of doing it.

Hope this helps.
Jason

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------