I have a colleague of mine who is as green as it gets, and he wants to know a good path to get into security.
I gave him (in order):
Security +
CCENT
CCNA Security
CISSP
What other certs would you recommend someone?
CCENT+CCNA Security was enough to get an intro job.
After that, CCNP Security is now a lot more Cisco-focused than before, so I'd go with vendor certs, if possible. Might be best to get a job with a VAR to learn EVERYTHING and then put the certs for stuff you like on your resume and leave the others off.
Then get a job with those products and think about working with the vendor or going into IT Security management, which will point towards the CISSP.
Network security is such a varied field, one can be a firewall jockey in network security, another can be a malware investigator, third can be working with network forensics. so really i'd ask what the goal was, but for starters, your list id good. might go with the CCNA in there for basic network understanding.
Gentlemen thank you for the information.
I did give him CCNA R&S but I forgot to list it.
@dean
-What certs are your VAR valuing, but aren't vendor locks (ex: CCNP Security/Palo Alto Certs/etc./etc.)
Quote from: LynK on September 26, 2017, 08:29:42 AM
@dean
-What certs are your VAR valuing, but aren't vendor locks (ex: CCNP Security/Palo Alto Certs/etc./etc.)
I'm not with a VAR, but with a $VENDOR. Even so, non-vendor certs are a way of displaying some measure of proof that we're educated on general best practices.
CISSP, of course, is the CCNA of infosec management. But that requires 4-5 years experience and has its own renewal cycle headaches.
GIAC certs look good. Even if a guy has no clue what the letters are for, there they are. GIAC certs are not cheap, though. Although there is no required training for them, there is recommended training...
Once you can claim 10+ years in IT, though, that is a cert in and of itself. When I started back in IT in 2013, I had zero current experience and 7 years of old experience. At some point, though, old experience became just experience and now I have 11 years of IT experience. Being able to talk about old-timer stuff like token-ring and frame relay nightmares lends a ton of street cred.
Quote from: deanwebb on September 26, 2017, 09:16:10 AM
GIAC certs look good. Even if a guy has no clue what the letters are for, there they are. GIAC certs are not cheap, though. Although there is no required training for them, there is recommended training...
GIAC certs are good, true not cheap. mainting them is a PITA. If I remember right something about earning points through ongoing training, active participation, and conferences to get those points