Security Basics mailing list archives
RE: which of these ways (if any) are the best to switch to it sec?!?
From: "Justin Ross" <jross () cricketcommunications com>
Date: Wed, 1 Aug 2007 16:36:10 -0700
Well you could parlay your router, switch, server experience into a network security career. The first thing you should decide is what security position interests you? Penetration tester, network security, policy/risk management, auditing, secure programming consultant, forensics? There is a plethora of security jobs/specialties out there, each requiring different skill sets (Programming, Engineering, hacking, etc.) and experience. My advice initially wouldn't be to go down the CEH path, because it is more penetration testing/hacking focused; and without experience, I'm not sure that will be a valuable cert to get your foot in the door. It's just not that necessary of a certification, though I have noticed that more DOD contractors/civilian employees are getting it (after they get their CISSP usually). While penetration testing is a great career, it also requires (in my opinion) a programming background or at least fairly in-depth knowledge of programming, and while CEH doesn't make you a penetration tester, it also doesn't make you a security expert/professional either. You could go the CCSP (Cisco Certified Security Professional) route, which requires a CCNA which may help you should you get a job in network support. I would also recommend the CISSP, and though I rarely recommend the Security+, in your case (depending on your experience/knowledge level) may be very beneficial. The CISSP is almost like a high school diploma for security professionals, if you don't have it you will lose a lot of opportunities. You might just get by reading the security+ book too and not take the certification, because it's value is questionable like the A+ (in my opinion). I would also recommend reading as much security information that you can online and books, maybe invest in a safari membership and soak in as much as possible from the books available there (http://safari.oreilly.com/browse?category=itbooks.security) If I were you, based on your experience, my certification/knowledge path would be: 1. Read as many books and security/hacking websites as you can focusing specifically on security related topics like VPN's, Hacking exposed, Linux Security, Router security, etc. Read through the DOD STIG's and self-study why they say to turn certain things on and certain things off. 2. CCNA/CCSP 3. CISSP (read a good CISSP book like CISSP all-in-one by Shon Harris while you're studying your CCNA/CCSP materials just to reinforce what you are learning from a non-vendor specific resource) 4. GIAC While you won't be able to do all of them at once, it would be an excellent path to get you into the security profession and give you a really solid background to succeed in my opinion. Justin.Ross Security Engineer -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of allerena () optonline net Sent: Monday, July 30, 2007 7:37 PM To: security-basics () lists securityfocus com Subject: which of these ways (if any) are the best to switch to it sec?!? I am getting out of the Marine Corps within the next month and am looking to continue my career in the IT industry that I had prior to enlisting. I would like to switch over the security side of IT, but before I enlisted, I was working with the standard networking portion (routers, switches, servers). While looking online, I saw a couple different roads that I could go down, but am wondering which of these, (if any), is the way to go. I saw a boot camp for the Certified Ethical Hacker, and was also looking at the GIAC certs. The beginner certs seem to be the Information Security Fundamentals, and Security Essentials Certification. Are these the way to go to try and restart my IT career and point it in the path of the security field? If not, what would you suggest? Also, do you believe that this would be enough to get me an entry level job with security? Since I am about to be unemployed, I dont have many restrictions, besides money. ;) My current budget is about 6000 to spend on classes / certs- and I would love to buy some books and learn as much as I could that way, however after looking at the curriculum for the CEH, it seems that hands on is the best way for me to become truly proficient in the material. I will have an abundance of time in my job search (I have already started looking and applying for standard networking jobs) for me to take classes at any part of the country at any time. However, if taking one or two of these classes / certs will not be enough, then I don't know if it is feasible. I am a quick and adept learner so I feel that I will be able to absorb knowledge pretty quickly, but since I do not know much about this field, or programming, I am hesitant about which direction to take. Thanks in advance for your time and all replies that I receive! -A
Current thread:
- which of these ways (if any) are the best to switch to it sec?!? allerena (Aug 01)
- RE: which of these ways (if any) are the best to switch to it sec?!? Justin Ross (Aug 02)
- <Possible follow-ups>
- Re: which of these ways (if any) are the best to switch to it sec?!? christian_moldes (Aug 02)