What's New Today's Posts Forum Actions Mark Forums Read Advanced Search Forum InfoSec Security Certifications Progressing into the Security Field from Networking + Reply to Thread Results 1 to 12 of 12 Thread: Progressing into the Security Field from Networking Thread Tools Show Printable Version Subscribe to this Thread… StussyNz 
Results 1 to 12 of 12 Thread: Progressing into the Security Field from Networking Thread Tools Show Printable Version Subscribe to this Thread… StussyNz 
Senior Member 
Join Date Oct 2012 Location Auckland Posts 158 Certifications BSc Majoring in Networks and Security, National Diploma in ICT, CCENT, CCNA 11-22-2013 12:01 AM #1
Progressing into the Security Field from Networking Hello Guys;
Just want to ask a few questions about branching out and gradually getting into the Security domain.
A bit about Myself: I have a passion for Networking and Security; I have completed a Bachelors degree in CS Majoring in Networking and Security and have achieved CCNA and now am looking to go on and achieve CCNA:S. I am currently working as a Network and Voice Engineer in a rather Large IT company supporting multiple large clients. I am hoping to one day branch out into Security sector as this has always been my "True Passion".
In my current role I get exposure to Cisco ASA firewalls, Fortinet Deivces and a few other range of Security devices.
I am considering going back to University and studying a Masters of Digital Security next year to assist with progressing my Career and was just wondering what are some of the main Security certifications which I can focus on achieving in my spare time? Ideally I would like to keep it in the Line of Network Security as I have a strong knowledge and background in Networking already.
For those that are already in this line of workforce; Would you recommend going any higher than a CCNA certification with Cisco? What are some other Vendor Certifications which you recommend?
All comments greatly appreciated.
Quote Login/register to remove this advertisement. samurai86
Senior Member Join Date Jul 2008 Location Tampa, FL Posts 100 Certifications A+, Security+, Cloud+, CCENT, GCIH, CISSP 11-22-2013 12:42 AM #2
I think the CCNA:Security is a good start. Also you may want to look at the Security+ certification.
Most importantly just dig into the experience.
Bachelor's of Applied Science in Technology Management - Information Security Assurance (St. Petersburg College)
Masters of Science in Digital Forensics (University of Central Florida)
Quote StussyNz Senior Member Join Date Oct 2012 Location Auckland Posts 158 Certifications BSc Majoring in Networks and Security, National Diploma in ICT, CCENT, CCNA 11-22-2013 01:31 AM #3
Originally Posted by samurai86
I think the CCNA:Security is a good start. Also you may want to look at the Security+ certification.
Most importantly just dig into the experience. Security + seems to be a step backwards than forwards? I've reviewed the Material covered on the certification and I have touched most of the topics within my Bachelors degree..
Quote CoolAsAFan +EV Join Date Dec 2011 Location Indiana Posts 130 Certifications A+, Security+, Linux+, LPIC-1, Novell CLA/DCTS, CIW Database Design, CIW JavaScript, CIW Web Design, CIW Web Foundations 11-22-2013 03:16 AM #4
CCNP Security sounds like it would be perfect for you. Have you given any thought to CISSP?
IvyTech - AS CINS (Completed: May, 2013)
WGU Indiana - BS IT Security (Started: August 1st, 2013)
Transferred: AGC1 CDP1 BVC1 CLC1 CVV1 DHV1 DJV1 GAC1 CIC1 CDC1 UBT1 IWC1 IWT1 TCP1 TJP1 TJC1 EBV1 WFV1 EUP1 EUC1 CJC1 UBC1 TBP1
Completed: CUV1 BOV1 DRV1 DSV1 CTV1 CJV1
Required: COV1 TPV1 CQV1 CNV1 MGC1 TXC1 TXP1 BNC1 TYP1 TYC1 SBT1 RGT1
Quote YFZblu 
Senior Member 
Join Date Nov 2011 Posts 1,012 Certifications A+, Network+, Security+, CCNA, CCNA: Security, GSEC, GCIH 11-22-2013 05:19 AM #5
It depends on what you want to do - Do you want to admin/engineer? IE deal with Firewall changes, proxies, a/v suites, etc....or do you want to be an incident handler/analyst? Perform network forensics, host-based forensics, look at malware, determine root cause, stuff like that?
Continuing a path of administration certifications would be useless if you're interested in the latter.
Currently Reading: Violent Python
Quote docrice Random Member 
Join Date Apr 2010 Location Bay Area, CA Posts 1,038 Certifications GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, OSWP, SFCP, SnortCP, Sec+, Net+, A+, CNSS 4011/4013; expired: CCNA, CCNA Security, CCNA Wireless, WCNA 11-22-2013 10:25 AM #6
The network security engineer has traditionally been the "firewall guy" which bundles in responsibility for security-oriented technologies such as proxies, intrusion detection, performing device hardening, etc., but I think in today's age where applications, user behavior, and business interactions are more complex than ever, actually making a difference requires a good contextual understanding of threats and risks and being able to determine normality vs. abnormality. I find that far too often engineers who know how to configure devices can't always assess risk levels involved when the radar beeps.
There's always a place for knowing the nuances of vendor devices, but it will increase your value if you go at least a little beyond the device vendor certification track, because vendors (and their products) always make some assumptions about your environment which inevitably leads to false positives or negatives. You must understand the limits of the technologies you configure and employ additional compensating controls as necessary. I've dealt with too many vendors who thought they had the magic bullet and tried to seduce me with their solutions and in the end I always find something lacking.
To be blunt, if all someone could do is configure security devices but couldn't understand what the attacks look like, they're missing out on at least half of the picture.
Tinker. See beyond the tools. Experiment. Know the boundaries of what the device can do, and then imagine how they can be abused against you. This will help you defend the fort more effectively.
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Quote LionelTeo Member Join Date Jan 2012 Posts 60 Certifications GISP, GSEC, GCED, GCIH, GCIA, GPEN, CEH 11-24-2013 02:27 AM #7
To break into Security line, a master from a well known university is viable. You can raise your Security chance with some GIAC certs. GIAC certs are good for roi if you can pass it via self study means. It does not require any work experience and hold quite a good value in a good employer eyes
Quote docrice Random Member Join Date Apr 2010 Location Bay Area, CA Posts 1,038 Certifications GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, OSWP, SFCP, SnortCP, Sec+, Net+, A+, CNSS 4011/4013; expired: CCNA, CCNA Security, CCNA Wireless, WCNA 11-24-2013 11:08 AM #8
I think the value of GIAC certs depends on the employer. Some recognize them, some don't. To put it another way, there are a lot of places who aren't familiar with the GIAC program but are with the usual suspects (CISSP, Security+, CEH, CCSP/CCNP Security, etc.) because they're marketed better or their association with a vendor name (Cisco, Check Point, Fortinet, and so on), although a FCNSA or FCNSP is something I've yet to see on a job listing. That said, my impression is that private sector businesses who are more informed and well-invested into the security domain tend to be much more aware of GIAC.
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Quote StussyNz Senior Member Join Date Oct 2012 Location Auckland Posts 158 Certifications BSc Majoring in Networks and Security, National Diploma in ICT, CCENT, CCNA 11-25-2013 03:50 AM #9
To be honest my Current plan would be do to CCNA Security and then progress on to CCNP Security. I would then look at obtaining CISSP.
The only problem i see with that is that CISSP requires around 5 years work experience to obtain; By the time I would like to sit it I would only have around 3 years experience...
Would they consider taking any time off the requirements if I were to obtain my Masters in that time also?
Could anyone recommend any other well known Security Certifications other than CISSP which don't require as much experience in the workforce?
Quote techwizard Junior IT Security Guy Join Date Nov 2013 Location NoCal Posts 29 Certifications CompTIA A+, CompTIA Network+, CompTIA Security+ 11-25-2013 04:02 AM #10
To be honest my Current plan would be do to CCNA Security and then progress on to CCNP Security. I would then look at obtaining CISSP.
The only problem i see with that is that CISSP requires around 5 years work experience to obtain; By the time I would like to sit it I would only have around 3 years experience...
Would they consider taking any time off the requirements if I were to obtain my Masters in that time also?
Could anyone recommend any other well known Security Certifications other than CISSP which don't require as much experience in the workforce? If you take the SSCP first, it takes a year off of the 5 yr requirement. Also, if you apply for ISC2 associate, that gives you some time to meet the requirements.
With the Endorsement Time limit, you are required to become certified within nine (9) months of the date of your exam OR become an Associate of (ISC)?. https://www.isc2.org/cissp-how-to-certify.aspx
Quote LionelTeo Member Join Date Jan 2012 Posts 60 Certifications GISP, GSEC, GCED, GCIH, GCIA, GPEN, CEH 11-25-2013 06:14 AM #11
I agree with you regarding the popularity of GIAC certs among employers. The positive part about it is that at least the employer know what he is looking for when they are seeking an infosec candidate with less than 4 years experience. There are just too many broken job ads asking for candidates with CISSP yes having less than 4 years experience.
Sometimes it can be that the advertising Department didn't do a good research and simply copy the common CISSP, CEH and Security+ requirement. But when it comes to the interviewer he may know the value of the certs your holding and therefore raise the chances in nailing the job.
I cannot think of other certs that does not require experience that have a good market value. Maybe Security+and CEH, but having CEH myself i dont have very good impression of it. writing this will take up another thread so im not going into details. Security+ and SSCP may seem too basic for someone who gone through a master degree.
Quote docrice Random Member Join Date Apr 2010 Location Bay Area, CA Posts 1,038 Certifications GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, OSWP, SFCP, SnortCP, Sec+, Net+, A+, CNSS 4011/4013; expired: CCNA, CCNA Security, CCNA Wireless, WCNA 11-25-2013 06:22 AM #12
I've personally seen first-hand where the person hiring for a security position didn't necessarily understand the certification market and hurriedly looked up the common alphabet-soup combinations and pasted them into the job description. It's sad, but in a fast-changing world like information security, it's hard for many people to know what's relevant, let alone keep up with the times.
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Quote + Reply to Thread « Previous Thread|Next Thread » Social Networking & Bookmarks Bookmarks
Digg 
del.icio.us 
StumbleUpon 
Google Tweet CompTIA Cisco Microsoft CWNP InfoSec Practice Exams Forums Blogs 
Subnet Calculator Netpict Online Degrees Exam Vouchers Free Magazines Topsites
Home Forum Rules Contact UsSupport Us Archive Privacy Statement Top TechExams.net ? 2002 - 2013 - All times are GMT. The time now is 05:11 AM. - CSS version TechExams.Net is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco®, Cisco Systems®, CCDA?, CCNA?, CCDP?, CCNP?, CCIE?, CCSI?; the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries. All other trademarks, including those of Microsoft, CompTIA, Juniper ISC(2), and CWNP are trademarks of their respective owners.Powered by vBulletin® Version 4
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0
No comments:
Post a Comment