Hello all

I am an aspiring I.T professional who is currently a rising junior in college and is studying Communication with a minor in Computer Science and am looking to break into the security side of the I.T field. I was thus wondering if i am aiming to become a CISSP/LPT what certs would those with experience advise me to take before that. I am already studying for the CCNA exam and want to write it before the end of the year.

Thanks in advance for all your help.

Thank you so much. That was a really quick reply and really helpful. I was wondering if you would also happen to know where I would be able to find more info on the different paths i can take in I.T security that would help me make a more concrete and informed decision because i definitely know i want to do something to do with organizing, maintaining and protecting computer systems from malicious hackers... I am just not 100% sure of the more technical terms used to categorize the different I.T security fields.

Well if you want to organize, maintain and prevent malicious attacks, then I would assume Network Administration would be up your alley. Not only would you setup your organizations infrastructure, but I'm sure you would want to make sure that infrastructure is secure!   Note, I use the term Network Administration loosely here. If you wanted to be more specific, you could says System Administration and Network Administration (the former being and Admin of let's say a Windows Environment, adding users, setting up domains, etc. While the latter being an Admin of Routers, Switches, VPN and more network hardware). Certainly, many of the roles over lap and many employers prefer you know both, but just to be politically correct, they are two different roles.

Sorry if that confused you, but let's get back on track. Network administration seems to be up your alley, protecting from intruders. Now other aspects of security include Managerial roles (where the CISSP would benefit) where you understand security, but don't actually implement it. More or less write security policies that your organization would comply to. There are security researchers(mostly independent work, but some people get lucky and do it for a living) where you look for vulnerabilities and write exploits (for the good of course). You have penetration-tester(sometimes called ethical hackers) Where your services are used to actually attack an organization and provide a report where the weaknesses are. There are auditors (close to penetration testers, but not the same) Where they find ONLY vulnerabilities, but not actually attack them. (the debate as to which is better can be found elsewhere on the forum on the internet)

This is just the beginning, and there is a lot to learn. I hope this helps get you started. Good Luck!