EH-Net

Greetings,

A while ago I started to dive into the exciting and thrilling world of network security. I've been a network administrator for quite some time now, but I never had the opertunity to delve into the security aspect of network administration.

I'm currently certified as A+, Net+, Security+, MCSA, MCTIP:SA and JNCIA-FWV and I've enrolled in a 5 day EC-Council ENSA course starting the beginning of May.

Can you give me some advise on the next step?

I would like to focus more on the defensive part of network security (blue team), but I'm not sure which course/certification to pursue next.

The folks at the company where I'm taking the ENSA course, told me to go for CEH next, but that seems to focus more on the offensive aspect. On the other hand, there's more demand in the market for people with a CEH certification than there is for people with (the much lesser known) ENSA certification.

I've looked into SSCP but that one - as with ENSA, doesn't seem to be really valued in the market, due to the demand for CISSP certification.

Because I don't have the necessary work experience for CISSP, CISSP also fall from my shortlist.

I would suggest SANS SEC504.  It covers (or at least a few years ago) basics about offensive security, but concentrates far more on incident response and handling, some of the legal aspects, and whatnot.

Yea, 504 would be a good one. Depends on your specific area of interest. 503, 501, etc. might be more interesting for you. I think the SANS stuff is the right direction to go at this point: http://www.sans.org/security-training/courses.php

Also, don't shy away from the CISSP just because you don't meet the experience requirements. You will be an associate until you meet them. You have six years to meet the requirements once you pass, and you'll only need four with your other certs. For better or worse, that one is practically a necessity, and it's nice to get it out of the way.

I've also looked at the SANS courses, but they're outrageously expensive!

Also, I live in the Netherlands and the SANS certificates aren't really known down here, so I'm not sure if these certifications will justify the high price.

What do you ultimately want to be doing? We could probably recommend books, websites, etc. that could help you on your journey.

Are their any job sites for your region? Review the requirements for what you'd consider to be ideal jobs. That'll give you some direction for formal education, certifications, and other knowledge and skills.

Welcome to the forums, btw :)

800 (850 after June) for conference + 4 months ondemand + cert is really not bad if you are not afraid of a little work.

http://www.sans.org/security-training/volunteer.php

I haven't got a definitive careerpath laid out yet, I just want to get more involved with (network) security in general for now.

ATM i works as a senior network administrator at a small IT company (in which I hold a minor share) with 15 employees and somewhat under 50 customers ranging from 20 to 350 employees with serveral geographicly dispersed locations.

Our main focus is administering these networks. I spend half of my time designing and implementing the networks, whilst my collegues to the every day administering. Mainly due to the size of our company I spend the other half on petty end-user problems and documentation (one of the more evil parts of the job).

Ideally I would like to spend the majority of my time on the design aspect and balance that out with implementing the nessecary security polices, doing audits and going to security conventions (lol)


There's where the short sightedness (is that a proper English verb?) of most HR departments comes in; they only demand the certifications they *know*, so almost any job that's got the 'security' description in it will demand CISSP and I haven't found a single job that mentions the SANS certifications...


Thank you very much indeed, glad to be here ;)

Yes, and you used it perfectly ;)

Honestly, for what you want to do, the CISSP would actually be fairly relevant. You should also consider the CISA and CISM. Those would set you up really good for a management / auditing position.

Also consider the value of certifications even if they are not listed on HR's wishlist. Years ago, the Linux+ unexpectedly gave me a bump during a technical interview (after I got past the initial HR screening) simply because someone with some basic Linux experience could really help them out. SANS is a pretty well respected institution world wide, and if you get an opportunity to talk to someone more technical, being able to say, I've been trained and/or certified in <whatever> by SANS may give you an edge.

Training and certs are expensive though, so you need to pick-and-choose carefully to maximize your ROI. You'll waste your time and money if you just acquire them haphazardly (speaking from personal experience). You can often acquire a similar level of knowledge through self-study, so make sure you really need the letters before committing to anything.

Recommendations for books, websites etc. are alway welcome!

The CISSP AIO (5th) from Shon Harris would be a good start.

http://www.amazon.com/CISSP-All---One-Guide-Fifth/dp/0071602178/ref=sr_1_1?ie=UTF8&qid=1302483244&sr=8-1

For the CISA and CISM, you're pretty much stuck using the official guides. I really don't like the flow of either of them. I actually learned a lot more from going through their practice exam questions.

https://www.isaca.org/bookstore/Pages/Bookstore.aspx

Some others that may be of interest:

http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/ref=sr_1_1?s=books&ie=UTF8&qid=1302483318&sr=1-1

http://www.amazon.com/Myths-Security-Computer-Industry-Doesnt/dp/0596523025/ref=sr_1_2?s=books&ie=UTF8&qid=1302483411&sr=1-2 (kind of basic, but it has some interesting items)

http://www.amazon.com/New-School-Information-Security/dp/0321502787/ref=sr_1_1?s=books&ie=UTF8&qid=1302483427&sr=1-1

http://www.amazon.com/Beautiful-Security-Leading-Experts-Explain/dp/0596527489/ref=sr_1_1?s=books&ie=UTF8&qid=1302483411&sr=1-1

http://www.amazon.com/Security-Metrics-Replacing-Uncertainty-Doubt/dp/0321349989/ref=sr_1_1?s=books&ie=UTF8&qid=1302483419&sr=1-1

Well, I've nailed the ENSA exam from EC-Council, with a 940 out of 1000.

After careful deliberation on my part, I've deceided to start with SSCP after summer and then to go for CISSP.

is it neccessary to do CCNA and RHCE before going for CEH?

No...

Apologies for brevity, but I could swear I just saw someone post in the past day or so, regarding these certs being independent of one another.  Will knowledge from one or the other 'help' you?  Yeah, certainly.  But the certs, themselves, are not 'required.'

I would say CEH is probably easier than either RHCE or CCNA, but if you had CCNA and RHCE under your belt you'd have a really strong base that would certainly be very useful for the kinds of jobs that are asking for CEH.

You don't want to be one of those folks that only focus on the security stuff and neglect their core skillsets. You will miss a ton of stuff.