Hello,

I am in the military. Been in for about 11 years now trained as a network/system administrator. I currently own (lead) about 5 networks supporting 80 people with day to day operations and maintenance with some repair/rebuilds as required. I work on Server 2003, cisco routers/switches/redhat/solaris/slackware/ubuntu/win XP/mint and various other OS's including VMware.

I am sick and tired of the customer service part of this job. I only have 2 guys underneath of me, and its not going to get any better for a while. I get to retire in 10 years and in those 10 years I want to improve my resume enough where i can walk out of the military and become a strong freelance pen tester/consultant. I have a multitude of resources at my disposal and the military will pay for me to get any of these certifications:
A+ (taking in 2 weeks)
Sec+ (taking in 3 weeks)
Net+
CASP
GCIH
GCIA
CISF
GSEC
GSE
GSLC
CISM
CISA
SSCP
CISSP
SCNA
SCNP
SCNS
All of the homeland security certs
CCDP
CCENT
CCNA
CCNP
Linux+
Server+
Fiber installer (FOI)
Fiber Technician (FOT)
MCDBA
MCITP
MCP
MCSA
MCSA Security
MCSE
MCSE Security
MCTS
Oracle/Solaris 10 SA

So as you can see I have a ton of resources to get all the study material and knock out certifications. I know its not about certifications and in 10 years many of these will not matter and the tech is going to evolve and change. I am a complete newb in terms of programming (i can do basic linux programming) and need a place to really start my research and grow into it. going through the security + student guide has really opened my eyes to how much I want to do this stuff. I just need to know which string I should start pulling first. Server maintenance, workstation trouble calls are taking the life out of me. I have been playing with McAfee Host Prevention system and its a cool program. Very detailed and dependent on databases. but its still feels like maintenance and defense. I am ready for some offense, or at least wanting to learn how to be offensive in security. Thanks for the help.

oh yeah first post. sorry if I missed a post that states my answer, but most of the "i need advice" posts were individuals junior in IT. I have built many networks from scratch in the middle of the desert to having people setup talking on video teleconference phones the following week over voip.

Thanks
Ryan

Hey BACARDI,

I did 7 years in the military doing sys/net admin type work with a healthy dose of telecom/satcom thrown in. When I got out it became very apparent to me that without a degree very few companies where interested in me regardless of my experience. In fact in many cases, even after I have gotten a degree, my military experience has put off many potential employers. It to the point that I use a functional resume format instead of a chronological format to down play my military experience will still being able to include what I have accomplished in my career.

After being in the civilian world for several years I decide to get my MS in Comp Sci. Which has been the biggest boost to my career advancement. I've never been one for certs, but I have seen were they have gotten many people interviews over other people with experience.

Again I have to say that in my experience it has been my degree and advance degree that has open more doors for me then my military experience. That is not to say that the skills and experiences I got from the from the military are not valuable or have allowed me to excel in my career, just that it hasn't opened any doors for me.

Hey Barcardi,

welcome to the boards

Firstly, that's one hell of a list of certs on offer. I was like a kid in a candy store reading down your options.

From my own perspective I'd look at GCIH to get a good grounding on the technical side followed by CISSP, although mostly to open HR doors in lieu of a degree.

As cd1zz has mentioned, take a look at OSCP. It's not on your list, but it's a relatively cheap set of training and certification in comparison to the others. I used it as a jump off point from network/system administration that I had been doing for a few years into security. It gave me the technical information I needed, and I was also able to leverage the sysadmin skills I already had to complete several of the challenges (know the defaults on some of the target systems can really reduce some of the difficulty accessing unhardened systems.

It might not be purely security, but given your background getting your MSCE/MSCE-sec certs shouldn't be too much of a challenge, would prove the skills and experience that you have and (hopefully) ensure that you remain employable for the years to come.

Good luck with you A+ and Sec+ exams, and whatever you chose to follow them with

Hello BACARDI,
I am currently on the McAfee HBSS project you mentioned.
I have been out of the military for a few years now. Although my military experience did not help me get my first job in telecom, it definitely got my foot in the door in my current position.  I think others will agree that it depends on what sector you are looking at going into. From my experience, the private sector allows for more growth/freedom. In that sector you may be hired as a Sys Admin but do Network Admin, Desktop, ect. Also, the private sector wants experience above certs.  A degree in this sector will help.
This environment (Gov. or Contractor) is really compartmentalized meaning AD does just AD, DNS just DNS, Server support, UNIX, Windows, Applications Teams just do their specific application. Although not great for growth it is good when you look at it from a security perspective (segregation of duties/least privileged). The Government wants certifications (DoD 8570.01m) and military experience. A degree if you want to advance. My opinion… You have some great experience. I would focus getting a degree before you get out of the military and a few key certs such as Sec+, C|EH, CISSP, CCNA, MCSE. I mention C|EH just because it covers 4 of 5 levels of CND under the DoD 8570.
Like others have mentioned OSCP is great and in my future plans.
Good luck and thank you for your service.

Hi Ryan,
I was in for 6 years and got out as an E-5.  When I left I didn’t really wanted to distance myself from contracting/military. Not that I didn’t enjoy the experience just wanted to get away. There were plenty of offers from DoD contractors and Government but I turned them all down and decided Telecom would be my career. When the economy tanked I was laid off after 8 years in Telecom so, I used my GI Bill and finished my degree in Information Systems.  I was also able to get a few certs with my GI Bill before it ran out. The only areas hiring at the time were DoD/Contrators. Now that I’m back in this environment I don’t see any cuts in the near future. There is a big push for cyber security professionals in DoD right now.  I don’t see that changing any time soon.
I can see your predicament. If you plan on retiring from the Navy then I would go the officer route. Your retirement pay will be higher, I believe.  Finish your degree and a get few certs. Most of the certs aren’t too expensive unless you go for SANS. The Navy has some really great schools as far as Network Security goes. I think Mile 2 does a lot of their training.
Oh yeah, working with HBSS is easy but maintaining it is a pain.

Good luck Ryan,
Check in every so often and let us know your progress. And if you ever want to talk offline let me know.

Most of my credits were online also. I think in the private sector, especially in Management, it matters more. From what I’ve seen around here the contracting company gets more from the government if their employees have a degree. I haven’t heard anything different on the Government civilian (GS) side. I would have gone with WGU if I’d known about it sooner. WGU has IA Bachelor and Master Degrees that incorporate certifications into their degree programs. And they are all online. I haven’t researched WGU (www.WGU.edu) enough to give more information. I’m sure others here can help in that area.

Well I was forced into taking a gauntlet of certification tests this past week. I took both of the A+ certs (practical/essentials) and my Security+ Cert all within a 4 day period.

So I studied for all 3 tests simultaneously and passed all 3 tests.

A+ Practical
Scored: 762

A+ Essentials
Scored: 758

Security+
Scored: 789

I know if I was able to study these independently I could have scored higher, but I am still impressed that I was able to pass the gauntlet of certs within a 4 day period. Work required me to do all certs within a week time frame. (military)