Security Basics mailing list archives
Re: RE: Value of certifications
From: "Nathalie Vaiser, RFC, FMM" <nat () ultraservice com>
Date: Fri, 27 Apr 2007 16:59:40 -0400
At 12:58 PM 4/27/2007, you wrote:
Nathalie, Be patient. Get the real world experience - there's no substitute for it. Do it at work and do it in your own time. Setup your own home-network and play with it.
Thanks for the reply. I completely agree, but getting real world experience is the problem - I'm too new to actually get a job in any field of IT security.
And since I'm going to spend time studying on my own, I'd like to have something to show for it at the same time at least (i.e. - a degree, or certification)
I'd really love some advice on this...I don't have a bachelors degree. I see quite a few job offers that require one. I only did one year of University (10 years ago) in Marketing. Would doing night classes in a University program (or online program) relating to IT be helpful? I've seen some a degree 'Information Systems Security' that may be interesting. It would be expensive and take a long time to finish part-time. I'm not sure if I'm better off with certifications or a bachelors degree (academic and real-world is also very different I believe)
I am working for a web hosting company right now as a Level I Systems Administrator, so my position is not really giving much security experience (only a little here and there as it pertains to some security issues or abuse issues.). My employer will not pay for certifications, so I'm on my own there.
I'm starting to play around with VMWare as a way of putting together a virtual network at home. I already have a home network (home network, I emphasize). Linksys Cable/DSL router, a couple of hubs, and a wireless router. It's not really real world as I don't have a static IP, so I'm using port forwarding on the router to send certain traffic to my Linux box. My other PCs are Windows. Soon I will probably set up an old laptop I have as a firewall for the network, that will be good experience.
Security is a large area. Find a field that you consider interesting and one that you feel you have an aptitude for - seek to become an expert in it. Whether it is securing applications, Crypto, Firewalls and Networks, Pen-testing... the list goes on and on. Try to keep abrest of the other domains and technology, but remain focused on your core strengths.
I'm still trying to determine what my focus should be. I'm not a programmer at all, not very good in math either if that helps you make any suggestions.
I am interested in pen-testing, IDS/firewalls, server security (preventing hackers, etc.).
I am considering perhaps studying for the CEH (Certified Ethical Hacker), mostly because it's seems very interesting, and it is some type of security-related certification.
Any thoughts, suggestions, and feedback based on the information I provided would be much appreciated.
Thanks Nathalie
Basically, don't get a certification for the sake of it. The people that are hiring you (unless you plan to become just another number in a HR system) should be more interested in what you've done and what you can do. If the employer is more interested in the certification than in your actual experience and knowledge, then they aren't worth working for (IMHO). Good luck, ys On 26/04/07, Nathalie Vaiser, RFC, FMM <nat () ultraservice com> wrote:Hi guys, What would be recommend for someone who is fairly new to the IT-world and has a strong interest in security? The CISSP requires 4 or 5 years of related work experience. Would Security+ be recommended in that case? Or is there another suggestion? Thanks Nathalie-- Yousef Syed "To ask a question is to show ignorance; not to ask a question, means you remain ignorant" - Japanese Proverb
Current thread:
- Re: RE: Value of certifications, (continued)
- Message not available
- Re: RE: Value of certifications Yousef Syed (Apr 27)
- RE: RE: Value of certifications Lim Ming Wei (Apr 27)
- Re: Re: RE: Value of certifications xyz (Apr 25)
- RE: Value of certifications Craig Wright (Apr 25)
- Re: RE: Value of certifications dave_p19 (Apr 25)
- RE: Value of certifications Craig Wright (Apr 26)
- RE: RE: Value of certifications Craig Wright (Apr 26)
- Re: Re: RE: Value of certifications purpleslog (Apr 27)
- Re: Re: RE: Value of certifications nate kelly (Apr 30)
- RE: Re: RE: Value of certifications Utz, Ralph (Apr 30)
- Re: Re: RE: Value of certifications nate kelly (Apr 30)
- Re: RE: Value of certifications Nathalie Vaiser, RFC, FMM (Apr 27)
- Re: RE: Value of certifications nat (Apr 30)
- Re: RE: Value of certifications nomail (Apr 30)
- RE: RE: Value of certifications J.M. Seitz (Apr 30)
- Re: RE: Value of certifications jlehman (Apr 30)
- Re: Re: Re: RE: Value of certifications jlehman (Apr 30)
- RE: RE: Value of certifications Devin Rambo (Apr 30)
- RE: RE: Value of certifications Buyer, David (Apr 30)
- RE: RE: Value of certifications Jason P. Rusch (Apr 30)
- RE: RE: Value of certifications Buyer, David (Apr 30)