I think you need to pick your own poison and go from there. Think of security in terms of a baseball team. Here you are saying: "I want to play which position should I aim for?" What are your strengths and weaknesses. Focus on your weaknesses to bring them up to par with your strengths while in parallel upping your strengths.
In security, there are a lot of avenues to choose from. Forensics, pentesting, application security, cryptography, networking, etc. Each have their unique methodologies, technologies, protocols, pros and cons.
Examples:++++++++++
Forensics. Where would you want to fit in? Working as an incident responder researching malware, researching e-Discovery, researching the cause of a compromise? What field? Pros: Banking, insurance, defense industries, huge Fortune 100s are always in demand for these types of individuals.
Cons: Job can be linear, stressful, repetitive.
Certifications: (
real world relevant) GCFE, GCFA, EnCe, GCIH, ACE, CCE, GREM, WCNA (Wireshark), GCIA
++++++++++
Pentesting: Where would you want to fit in? Define pentesting. Too many companies have turned this field into a tool (Core Impact, Metasploit, Nessus, etc) however there is more to pentesting than running tools. In order to fit into a well rounded position, the document I linked you too will give you excellent foundations needed. You then need to progress into a more linear stage (focus on applications (which web application, business applications (SAP, etc)).
Pros: Can be fun, creative, non-linear (no two pentests are ever the same)
Cons: Industry has created too many retards that rely far too much on tools. Many industries are now mandated to have penetration testing (PCI requirement). With that stated, many companies are relying on point and click drop boxes (QualysGuard) and calling it a "pentesting day."
Certifications: (the ones that count) GPEN, CEPT, OSCP, OSCE, CPT, RWSP
++++++++++
Network security: Where would you want to fit in? Managing firewalls, IPS, IDS, DLP, acronym hell? Performing network analysis' with tools and hardware such as nGenius, Netwitness, Wireshark, etc., this can criss-cross the forensics realm.
Pros: ALL COMPANIES need network security period.
Cons: Can be as linear as in point A to point B
Certifications: (ones that count) WCNA, CC{N,D,S}P, GCIH, GSEC
++++++++++
Take note, all the certifications I listed are TECHNICAL, for those wondering why CISM, CISA, CGEIT, CISSP, etc isn't listed. And
NO, the SSCP to me is not a technical cert. When I state "
ones that count / relevant" I mean the ones you *
truly* want to aim for as you WILL LEARN while getting them. Not to take anything away from say the C|EH, CHFI but it is what it is. I felt the certifications I listed would help you
LEARN something as opposed to dumping a billion tools on your lap and telling you "
hey this is a security tool, learn this tool's syntax and we will give you a shiny certificate!"
Your best bet regardless of any advice you see from me or anyone else is to determine something that you can enjoy while making money. I would hate to focus on Forensics only to have a job I hated doing e-Discovery 24x7x365. I know people that dread getting into the field. They work to dissect/analyze info, go to court, are stressed out as all hell. The money they make doesn't cover sanity, happiness.
Go over to Dice.com and check the markets for certs also. Search for the certification itself to see its demand and WHO is asking for that particular cert. That is a good baseline as is e.g:
http://www.payscale.com/research/US/Certification=Certified_Ethical_Hacker_%28CEH%29/Salaryhttp://www.payscale.com/research/US/Certification=SANS%2fGIAC_Security_Essentials_Certification_%28GSEC%29/Salaryhttp://www.payscale.com/research/US/Certification=SANS%2fGIAC_Certified_Intrusion_Analyst_%28GCIA%29/Salaryhttp://www.payscale.com/research/US/Certification=SANS%2fGIAC_Certified_Forensic_Analyst_%28GCFA%29/Salaryhttp://www.indeed.com/salary/q-Forensic-Consultant-Ence-l-New-York,-NY.htmlhttp://www.indeed.com/salary?q1=GREM&l1=New+York%2C+NYHope that helps
How did I miss this??? Great post Sil....I also agree that this post should be a sticky.
Forum 
Show Posts
General Certification : CISSP ISSAP
Links to cool sites. : CODENAME: Samurai Skills Review at Darknet
