Replies to This Discussion

Permalink Reply by David Gittens on October 13, 2008 at 9:04am

Hi Steve,
I was in a position where I wanted to go from mainstream IT into information security 3 years ago. After a lot of research and some prayer I took the plunge. It has been a real blast.

With respect to companies or industries to start with, most large companies in finance or technology, or large government offices have information security units which include entry level positions.

In terms of training, I would recommend that you start with entry-level vendor-neutral certifications such as Comptia's Security+ , SANS's GIFS or ISC2's SSCP. These programs will give you a broad-based approach to IT security and will help you decide if it is something that you want to persue further. If it is, you can then go onto hands-on programs such as EC-Council's CEH and Checkpoint's CCSA/CCSE. As you progress in experience you can tackle courses such as SAN's GIAC certifications in areas such as intrusion detection, Incidence response and firewalls.

Please bear in mind that to do well in hands-on security you should have a broad base of IT knowledge such as Microsoft Operating systems, Linux, CISCO and networking. While you do not need to be certified in these area it is helpful to be exposed to them, so you may consider signing up for some courses even if you do not do the exams. Doing a few courses on the Microsoft MCSA track, Comptia's Network+, Comptia LINUX+, and CISCO's CCNE would all help with gaining this broad knowledge. It may be useful to do some of this training before tackling courses such as the CEH and CCSA/CCSE.

You should also bear in mind that the technical side of information security is very fast changing, so you cannot stop studying if you want to be on top. You therefore should ensure that you sign-up for the many free eseminars which security organisations offer to members, and try to take in a few live conferences and seminars from time to time. This will help you to to learn about new threats, tools and techniques out there.

Membership in professional security organisations such as ISC2, ISACA, ISSA and SANS will give you access to a lot of learing and developmental resources.
.
I hope that this informaton will help you to decide.

David

▶ Reply to This

Permalink Reply by Steve on October 13, 2008 at 1:24pm

Thank you, David. This time you're an answer to prayer based on a God-given dream!

I have a couple of questions to further clarify my search for the right track.

Could you give some examples of what you mean by technology firms? So far I've come up with an ISP. Am I on the right track?

And from what I searched for so far, is the CCNA the modern equivalent of the CCNE? Or do you mean CCIE?

P.S. SANS GIFS should be SANS GISF.

▶ Reply to This

Permalink Reply by Nicholas Ntovas on October 14, 2008 at 11:53am

Hi Steve:

Check out www.ec-council.org. If this is what you were looking for, I might be able to help you locate a good training provider.

Good luck,

Nick

▶ Reply to This

Permalink Reply by Greg Lang on October 27, 2008 at 10:40am

Steve, I can tell you from experience that your best bet for hands-on security experience right off the bat is to work in government. I would suggest looking for job postings for Homeland Security or one of the 20 or so agencies under their wing. And if you like to travel, then FEMA is always hiring. This website has a wealth of info: http://federaljobs.net/federal.htm
Federal jobs in general, tend to offer more in-depth training because they want to train their employees for life. They use constant training and great benefits as a retention strategy for keeping their employees from going to the Microsoft's and Intel's of the world. Also, in many cases once you're in a job for a year, you become essentially an employee for life unless you do something really stupid. This allows you to transfer between any federal job you want, whether that be with the CIA, the FBI, Homeland Security, etc...

Also, if you have the four year degree, a lot of these agencies will overlook the fact that you may not have any certifications because they'll train you accordingly. And honestly, a lot of managers like the people fresh out of school because they haven't picked up too many bad habits! =)

Also, here's a really great article explaining the different levels of Security certs and their value and such: http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1312896,...
Hope this helps.

▶ Reply to This