- This topic has 23 replies, 9 voices, and was last updated 8 years, 10 months ago by
rattis.
-
AuthorPosts
-
-
February 22, 2012 at 10:04 pm #7379
knwminus
ParticipantGreetings,
I am currently working as a Network Engineer. I currently have A+/N+/S+ CCNA and CCNA:S and I am currently working on CCNP and CCNP:S. I have 5 years of IT experience (about a 8 months as a Network Engineer and 1 year as a Network Security Admin). I have some experience in windows and linux (very little) as well as BSD. I have worked with Cisco, sonicwall and windows firewalls as well as a many different switch and router brands. After I finish those two I want to start working on actual Infosec certifications. Basically somethings to round me out before I go full steam ahead into CCIE:S (which is changing this year so I want to wait until new material somes out). I am quite interested in Wireless networking. CWNA/CWSP interest me quite a bit but I am having second thoughts due to the popularity level of the certs. I’d like to hit a SANS exam but I am somewhat broke. OSCP interest me as well and would be closer to reasonable for me to pay for but I would need to wait until I am done with school (so about October/November). I have the elearnsecurity course (student not pro). Linux+ interest me. CISSP is very popular around here (and everywhere else) but it does not interest me at all.
Anyone have any other suggestions? For those who have made the leap from Network Engineering to Security what skillset did you have and what certs/study materials helped you build that skillset? -
February 23, 2012 at 12:41 am #46056
dynamik
ParticipantWhat specifically do you want to focus on within the realm of security?
-
February 23, 2012 at 1:44 am #46057
cd1zz
ParticipantDo you want to pen test? I took the same road… you’ve got good ops experience which is nice but keep in mind if you’re looking for a job, certain certs carry more notoriety than others. I’d recommend doing a “HR approved” one and then one that really interests you. OSCP is awesome for example, but no one you interview with may know what it is, sadly.
-
February 23, 2012 at 2:36 am #46058
knwminus
Participant@ajohnson wrote:
What specifically do you want to focus on within the realm of security?
More of the same I suppose. I think security analysis focusing on the router/switch/wap/firewall/ips/ids side would be fun. I’d love to get to work on the security provider space. I have worked with HIPS and enterprise AV solutions as well. So that would be fun.
I don’t know I am interesting in Pentesting fulltime but I do want to make that a part of my job.
-
February 23, 2012 at 2:47 am #46059
cd1zz
ParticipantSounds like you should pursue a security ops gig. You could do all the things you mentioned and even incident response/handling. I think SANS is your best course of action if you don’t want the CISSP (I don’t blame you). Maybe someone else has another idea but I’m just not sure of another place you can get ops style certs… cue another ehneter!
-
February 23, 2012 at 3:07 am #46060
dynamik
ParticipantI’m with you, cd1zz. I think GCIA would be the way to go (with GCIH being a nice compliment).
Unfortunately, CISSP is going to be a necessity at some point. For better or worse, it carries a lot of weight with management and HR. You’d be doing yourself a disservice if you don’t have it on the road map somewhere.
Just be careful not to spread yourself too thin. I think you’ll have more than enough to do with your Cisco studies for the foreseeable future.
-
February 23, 2012 at 3:15 pm #46061
knwminus
ParticipantMaybe after I knock out some fun stuff (CWNA/CWSP maybe Linux+) I’ll look at CISSP and then OSCP after that. That likely won’t be this year but you never know.
-
February 23, 2012 at 3:18 pm #46062
cd1zz
ParticipantOSCP is 100% pen test focused but it can also open your eyes into what security issues are possible if you have no experience with the offensive side of things. I think that perspective is key to securing an environment. My 2 cents.
-
February 23, 2012 at 4:19 pm #46063
dynamik
ParticipantRight. You can’t defend against things you don’t understand. It’s important to understand offense and defense, regardless of which side of the fence you actually end up on.
OP, you really need to evaluate the ROI on some of these miscellaneous certifications. Is Linux+ going to make a difference for someone with multiple pro-level Cisco certs, or who someone is a CCIE and CISSP? I could see it being useful if you’re aiming to have a CCNP five years from now, but you make it sound like those are just around the corner.
I’m speaking from experience. I’ve passed 30 exams, and after being cert-crazy for a few years, you realize how many were unnecessary. I’m glad I have the knowledge, but I think my money could have been better spent (like you, I fund these studies myself). It also stings now that renewal time is approaching. I’m probably going to let all certs that aren’t Cisco (since you can renew them all with one exam) or security fall by the wayside. Since you have limited funds, I think you should go for a GCIA challenge instead of a handful of less prestigious credentials. Just my opinion.
-
February 23, 2012 at 5:40 pm #46064
knwminus
Participant@ajohnson wrote:
Is Linux+ going to make a difference for someone with multiple pro-level Cisco certs, or who someone is a CCIE and CISSP? I could see it being useful if you’re aiming to have a CCNP five years from now, but you make it sound like those are just around the corner.
I’m speaking from experience. I’ve passed 30 exams, and after being cert-crazy for a few years, you realize how many were unnecessary. I’m glad I have the knowledge, but I think my money could have been better spent (like you, I fund these studies myself). It also stings now that renewal time is approaching. I’m probably going to let all certs that aren’t Cisco (since you can renew them all with one exam) or security fall by the wayside. Since you have limited funds, I think you should go for a GCIA challenge instead of a handful of less prestigious credentials. Just my opinion.
I know you have more certs than probably anyone so you would have the best experience in this particular subject 🙂
Oh and when I say right around the corner I mean this year. CCNP R/S in may and CCNP:S a couple of months after that (I work with a ton of ASAs).
What would you consider “less prestigious”? CWNA/CWSP or were you talking about Linux+ exclusively? I work for a wireless company (cellular) but I don’t work with any of the wireless gear nor do we own our own GGSNs etc.
-
February 23, 2012 at 8:40 pm #46065
dynamik
ParticipantYou’ll have to go with your gut on some of those. They’re certainly not as recognized as CISSP, pro/expert Cisco, or GIAC certs in general, but they could certainly carry some weight with the appropriate crowd. Does your company do a lot with 802.11? You’re not going to be covering cellular in CWNA or CWSP. Unless you have an immediate need for them, or expect to move into a new position where they would greatly benefit you, I wouldn’t bother.
Also, CWSP was totally a let down on the offensive side (nothing against CWNP; my expectations were way off). It’s gone through a revision since I took it (which does look somewhat better), but you spend a lot more time dealing with the various EAP flavors than anything related to attacks. It’s important material if you’re tasked with implementing secure wireless solutions, but it was too bland from my perspective. I’d recommend OSWP and/or GAWN as alternatives.
-
February 23, 2012 at 8:53 pm #46066
knwminus
Participant@ajohnson wrote:
You’ll have to go with your gut on some of those. They’re certainly not as recognized as CISSP, pro/expert Cisco, or GIAC certs in general, but they could certainly carry some weight with the appropriate crowd. Does your company do a lot with 802.11? You’re not going to be covering cellular in CWNA or CWSP. Unless you have an immediate need for them, or expect to move into a new position where they would greatly benefit you, I wouldn’t bother.
Also, CWSP was totally a let down on the offensive side (nothing against CWNP; my expectations were way off). It’s gone through a revision since I took it (which does look somewhat better), but you spend a lot more time dealing with the various EAP flavors than anything related to attacks. It’s important material if you’re tasked with implementing secure wireless solutions, but it was too bland from my perspective. I’d recommend OSWP and/or GAWN as alternatives.
We do work with 802.11. As a VAR we resell some motorolla and aerohive gear so it isn’t like the knowledge would be completely wasted. I don’t work with 802.11 daily (or weekly). Also I thought CWNA covered more than 802.11. Doesn’t it cover basic wireless theory for all wireless networks?
I guess I see your point. GCIA would be so sexy and I have drooled over it for almost a year now. I know a few guys who have taken it and even a few who have challenged (at one point weren’t you going to do it? 🙂 ) I’m just a little gunshy of a $900 bullet.
-
February 23, 2012 at 9:23 pm #46067
Haz3
ParticipantHow about looking at this the other way around?
Find some jobs that interest you and work on the gaps in your skills / certs. Its the most efficient way at landing the job you want.
-
February 23, 2012 at 10:17 pm #46068
knwminus
ParticipantI’ve looked at the jobs. Most of them want the skills I have described (*nix, packet analysis, wireless, etc). But that doesn’t mean I should certify in all of those areas. I guess most bang for my buck is what I am looking for. I know CISSP would offer that but I want to be a bit more rounded before I take it.
I thought about it and I think I might need to just go back to my original goal (regardless of what Cisco’s security marketshare is doing 🙂 btw the shrinking marketshare is the reason why I made this thread).
@knwminus wrote:
At any rate that is my 18 month goal (CCNP:S,CCNP,CCIE:S) with OSCP possibly mixed in there.
-
February 23, 2012 at 11:58 pm #46069
dynamik
Participant@knwminus wrote:
Doesn’t it cover basic wireless theory for all wireless networks?
You learn some RF basics, but it’s not one where you learn about all wireless technologies (i.e. Bluetooth, ZigBee, RFID, etc.). Check out the exam objectives: http://www.cwnp.com/exams/pw0104_objectives.pdf
@knwminus wrote:
I guess I see your point. GCIA would be so sexy and I have drooled over it for almost a year now. I know a few guys who have taken it and even a few who have challenged (at one point weren’t you going to do it? 🙂 ) I’m just a little gunshy of a $900 bullet.
Yea, I’m going to challenge it within the next 2-3 months; it’s one of my last GSE requirements. I got 79.33% on a practice test that was gifted to me last July. I didn’t prepare or have any resources besides a few books I had nearby, so I *hopefully* won’t have too much trouble with it. I plan on putting a lot of time into creating tcpdump, Scapy (not on the test, but a great learning tool), and Snort challenges and instructional demonstrations on my blog over the next couple of months.
It’s definitely a pricey exam, but what can you do? Go big or go home 😉
-
February 24, 2012 at 12:11 am #46070
knwminus
ParticipantGood to hear. Maybe after reading you experience with it I’ll be more inclined to put up $900 for a challenge. Good Luck! Arent you doing GWAPT as well?
-
February 24, 2012 at 12:14 am #46071
dynamik
ParticipantYea, you need five if you don’t do any papers. I have GSEC, GPEN, and GCIH at the moment. A paper would be cheaper than GWAPT, but that’s one I’ve wanted for awhile.
-
February 24, 2012 at 12:16 am #46072
knwminus
ParticipantNice.
I just thought about it and GCIA cost less than CCIE:S lab and it is at least open book 🙂
-
February 24, 2012 at 5:18 am #46073
tturner
ParticipantGCIA is awesome. I learned so much about how networking really works in that class and what real attack traffic looks like. I thought I knew already, but I was sadly mistaken. The best part is you walk away with the knowledge needed to extend that understanding to identify unique attacks. I’m retaking SEC504 (GCIH course) next month in Orlando, largely because I never sat the exam and it’s the last cert I need for GSE and this is the only way I get work to pay for it (work study program) and it’s been 5 or 6 years since I took it so I’m sure it’s changed quite a bit.
-
February 24, 2012 at 9:23 am #46074
docrice
ParticipantI currently work as an operations network security engineer (which sounds like the type of role you’re trying to move into) and for me SANS 503 was memorably the most valuable experience I’ve had out of all the classes / cert studies that I’ve been through. I’m not knocking 502 and 504 and their respective certs, but diving deep down to the bit level is enlightening. Plus, you come out of there being able to impress folks with your knowledge of packet headers, offsets, hex values, and tcpdump-foo … not that it really matters all the time in real-world scenarios since a lot of the emphasis is now in the web app layer which I’m struggling on (I’m still going through 542 and it’s killing me).
I’ll be the lone sheep in the crowd and recommend looking into the WCNA. Even if you don’t go for the certification (since hardly anyone knows about it), read through the Wireshark Network Analysis book if traffic analysis isn’t something you’re comfortable with. It’ll put a lot of things into perspective.
I’ve never gone for the OSCP, but I’ve had a taste of OffSec material with the OSWP. I loved every minute of it. For an operations role, it should provide a very good impression of the balance / counter-balance involved when it comes to defending your network and understanding the dark unknowns you’re guarding against. I’m sure you’ll be better equipped (knowledge-wise) when it comes to configuring a web app firewall on a load balancer.
-
February 24, 2012 at 6:07 pm #46075
knwminus
ParticipantI’ve read the Wireshark guide and I am reading TCP/IP Illustrated now. I have the TCP/IP Guide by no starch press on my to read list (which grows daily). I don’t think I will have 3k to spend on a single class anytime soon but those along with the TAO guide and extrusion detection (and the NMAP guide) are sort of my poor mans prep for the GCIA.
I have seriously considered doing the WCNA. It would be more in line with what I am doing on a daily basis than Linux+.
-
May 13, 2012 at 11:33 pm #46076
gwho1441
ParticipantI am new to this forum .. and in the same boat as the OP. I am a network engineer .. got a ccna / ccnp and a masters in Network Security ( though didn’t have much security involved in there sadly but the company paid for it ).
I want to focus more on security and looking at paths I should take. I would like to not only learn more but move towards pen testing. Thinking of starting with CEH and move to elearnsecurity and hacking dojo .. followed by oscp.
-
May 14, 2012 at 2:56 pm #46077
Triban
Participantcheck out the reviews that have been done on those programs. There are some decent ones. eLearning has some great material and is pretty affordable, you may want to look into that one over CEH, if you need the CEH paper, then you may be able to pass the exam by picking up a study kit to fill in what you didn’t learn from eLearning. OSCP is probably the most challenging course. A number of regulars here have gone through it and could tell you a bit more. Plus I think there is a review.
Good luck in your transitions.
-
May 14, 2012 at 3:33 pm #46078
rattis
ParticipantSkimming over the posts, it looks like you’re focusing too much on the certs. Yes I know we love certs and the classes around here, but maybe get your hands in on some projects. Try to hook up with your local BSides group and offer to help them with a con network. Think Schmoo labs, but for Bsides.
One of the local security groups I’m involved in is going to start doing workshops this summer. Don’t know how many or how often. I know one will be on basic linux hardening. One might be on XSS. I’m sure we’ll come up with some others.
-
-
AuthorPosts
- You must be logged in to reply to this topic.