Network Engineering to Network Security

Viewing 23 reply threads
  • Author
    Posts
    • #7379
      knwminus
      Participant

      Greetings,

      I am currently working as a Network Engineer. I currently have A+/N+/S+ CCNA and CCNA:S and I am currently working on CCNP and CCNP:S. I have 5 years of IT experience (about a 8 months as a Network Engineer and 1 year as a Network Security Admin). I have some experience in windows and linux (very little) as well as BSD. I have worked with Cisco, sonicwall and windows firewalls as well as a many different switch and router brands. After I finish those two I want to start working on actual Infosec certifications. Basically somethings to round me out before I go full steam ahead into CCIE:S (which is changing this year so I want to wait until new material somes out).  I am quite interested in Wireless networking. CWNA/CWSP interest me quite a bit but I am having second thoughts due to the popularity level of the certs. I’d like to hit a SANS exam but I am somewhat broke. OSCP interest me as well and would be closer to reasonable for me to pay for but I would need to wait until I am done with school (so about October/November). I have the elearnsecurity course (student not pro). Linux+ interest me. CISSP is very popular around here (and everywhere else) but it does not interest me at all.
      Anyone have any other suggestions? For those who have made the leap from Network Engineering to Security what skillset did you have and what certs/study materials helped you build that skillset?

    • #46056
      dynamik
      Participant

      What specifically do you want to focus on within the realm of security?

    • #46057
      cd1zz
      Participant

      Do you want to pen test? I took the same road… you’ve got good ops experience which is nice but keep in mind if you’re looking for a job, certain certs carry more notoriety than others. I’d recommend doing a “HR approved” one and then one that really interests you. OSCP is awesome for example, but no one you interview with may know what it is, sadly.

    • #46058
      knwminus
      Participant

      @ajohnson wrote:

      What specifically do you want to focus on within the realm of security?

      More of the same I suppose. I think security analysis focusing on the router/switch/wap/firewall/ips/ids side would be fun. I’d love to get to work on the security provider space. I have worked with HIPS and enterprise AV solutions as well. So that would be fun.

      I don’t know I am interesting in Pentesting fulltime but I do want to make that a part of my job.

    • #46059
      cd1zz
      Participant

      Sounds like you should pursue a security ops gig. You could do all the things you mentioned and even incident response/handling. I think SANS is your best course of action if you don’t want the CISSP (I don’t blame you). Maybe someone else has another idea but I’m just not sure of another place you can get ops style certs… cue another ehneter!

    • #46060
      dynamik
      Participant

      I’m with you, cd1zz. I think GCIA would be the way to go (with GCIH being a nice compliment).

      Unfortunately, CISSP is going to be a necessity at some point. For better or worse, it carries a lot of weight with management and HR. You’d be doing yourself a disservice if you don’t have it on the road map somewhere.

      Just be careful not to spread yourself too thin. I think you’ll have more than enough to do with your Cisco studies for the foreseeable future.

    • #46061
      knwminus
      Participant

      Maybe after I knock out some fun stuff (CWNA/CWSP maybe Linux+) I’ll look at CISSP and then OSCP after that. That likely won’t be this year but you never know.

    • #46062
      cd1zz
      Participant

      OSCP is 100% pen test focused but it can also open your eyes into what security issues are possible if you have no experience with the offensive side of things. I think that perspective is key to securing an environment. My 2 cents.

    • #46063
      dynamik
      Participant

      Right. You can’t defend against things you don’t understand. It’s important to understand offense and defense, regardless of which side of the fence you actually end up on.

      OP, you really need to evaluate the ROI on some of these miscellaneous certifications. Is Linux+ going to make a difference for someone with multiple pro-level Cisco certs, or who someone is a CCIE and CISSP? I could see it being useful if you’re aiming to have a CCNP five years from now, but you make it sound like those are just around the corner.

      I’m speaking from experience. I’ve passed 30 exams, and after being cert-crazy for a few years, you realize how many were unnecessary. I’m glad I have the knowledge, but I think my money could have been better spent (like you, I fund these studies myself). It also stings now that renewal time is approaching. I’m probably going to let all certs that aren’t Cisco (since you can renew them all with one exam) or security fall by the wayside. Since you have limited funds, I think you should go for a GCIA challenge instead of a handful of less prestigious credentials. Just my opinion.

    • #46064
      knwminus
      Participant

      @ajohnson wrote:

      Is Linux+ going to make a difference for someone with multiple pro-level Cisco certs, or who someone is a CCIE and CISSP? I could see it being useful if you’re aiming to have a CCNP five years from now, but you make it sound like those are just around the corner.

      I’m speaking from experience. I’ve passed 30 exams, and after being cert-crazy for a few years, you realize how many were unnecessary. I’m glad I have the knowledge, but I think my money could have been better spent (like you, I fund these studies myself). It also stings now that renewal time is approaching. I’m probably going to let all certs that aren’t Cisco (since you can renew them all with one exam) or security fall by the wayside. Since you have limited funds, I think you should go for a GCIA challenge instead of a handful of less prestigious credentials. Just my opinion.

      I know you have more certs than probably anyone so you would have the best experience in this particular subject 🙂

      Oh and when I say right around the corner I mean this year. CCNP R/S in may and CCNP:S a couple of months after that (I work with a ton of ASAs).

      What would you consider “less prestigious”? CWNA/CWSP or were you talking about Linux+ exclusively? I work for a wireless company (cellular) but I don’t work with any of the wireless gear nor do we own our own GGSNs etc.

    • #46065
      dynamik
      Participant

      You’ll have to go with your gut on some of those. They’re certainly not as recognized as CISSP, pro/expert Cisco, or GIAC certs in general, but they could certainly carry some weight with the appropriate crowd. Does your company do a lot with 802.11? You’re not going to be covering cellular in CWNA or CWSP. Unless you have an immediate need for them, or expect to move into a new position where they would greatly benefit you, I wouldn’t bother.

      Also, CWSP was totally a let down on the offensive side (nothing against CWNP; my expectations were way off). It’s gone through a revision since I took it (which does look somewhat better), but you spend a lot more time dealing with the various EAP flavors than anything related to attacks. It’s important material if you’re tasked with implementing secure wireless solutions, but it was too bland from my perspective. I’d recommend OSWP and/or GAWN as alternatives.

    • #46066
      knwminus
      Participant

      @ajohnson wrote:

      You’ll have to go with your gut on some of those. They’re certainly not as recognized as CISSP, pro/expert Cisco, or GIAC certs in general, but they could certainly carry some weight with the appropriate crowd. Does your company do a lot with 802.11? You’re not going to be covering cellular in CWNA or CWSP. Unless you have an immediate need for them, or expect to move into a new position where they would greatly benefit you, I wouldn’t bother.

      Also, CWSP was totally a let down on the offensive side (nothing against CWNP; my expectations were way off). It’s gone through a revision since I took it (which does look somewhat better), but you spend a lot more time dealing with the various EAP flavors than anything related to attacks. It’s important material if you’re tasked with implementing secure wireless solutions, but it was too bland from my perspective. I’d recommend OSWP and/or GAWN as alternatives.

      We do work with 802.11. As a VAR we resell some motorolla and aerohive gear so it isn’t like the knowledge would be completely wasted.  I don’t work with 802.11 daily (or weekly). Also I thought CWNA covered more than 802.11. Doesn’t it cover basic wireless theory for all wireless networks?

      I guess I see your point. GCIA would be so sexy and I have drooled over it for almost a year now. I know a few guys who have taken it and even a few who have challenged (at one point weren’t you going to do it? 🙂 ) I’m just a little gunshy of a $900 bullet.

    • #46067
      Haz3
      Participant

      How about looking at this the other way around?

      Find some jobs that interest you and work on the gaps in your skills / certs.  Its the most efficient way at landing the job you want.

    • #46068
      knwminus
      Participant

      I’ve looked at the jobs. Most of them want the skills I have described (*nix, packet analysis, wireless, etc). But that doesn’t mean I should certify in all of those areas. I guess most bang for my buck is what I am looking for. I know CISSP would offer that but I want to be a bit more rounded before I take it.

      I thought about it and I think I might need to just go back to my original goal (regardless of what Cisco’s security marketshare is doing 🙂 btw the shrinking marketshare is the reason why I made this thread).

      @knwminus wrote:

      At any rate that is my 18 month goal (CCNP:S,CCNP,CCIE:S) with OSCP possibly mixed in there.

    • #46069
      dynamik
      Participant

      @knwminus wrote:

      Doesn’t it cover basic wireless theory for all wireless networks?

      You learn some RF basics, but it’s not one where you learn about all wireless technologies (i.e. Bluetooth, ZigBee, RFID, etc.). Check out the exam objectives: http://www.cwnp.com/exams/pw0104_objectives.pdf

      @knwminus wrote:

      I guess I see your point. GCIA would be so sexy and I have drooled over it for almost a year now. I know a few guys who have taken it and even a few who have challenged (at one point weren’t you going to do it? 🙂 ) I’m just a little gunshy of a $900 bullet.

      Yea, I’m going to challenge it within the next 2-3 months; it’s one of my last GSE requirements. I got 79.33% on a practice test that was gifted to me last July. I didn’t prepare or have any resources besides a few books I had nearby, so I *hopefully* won’t have too much trouble with it. I plan on putting a lot of time into creating tcpdump, Scapy (not on the test, but a great learning tool), and Snort challenges and instructional demonstrations on my blog over the next couple of months.

      It’s definitely a pricey exam, but what can you do? Go big or go home 😉

    • #46070
      knwminus
      Participant

      Good to hear. Maybe after reading you experience with it I’ll be more inclined to put up $900 for a challenge. Good Luck! Arent you doing GWAPT as well?

    • #46071
      dynamik
      Participant

      Yea, you need five if you don’t do any papers. I have GSEC, GPEN, and GCIH at the moment. A paper would be cheaper than GWAPT, but that’s one I’ve wanted for awhile.

    • #46072
      knwminus
      Participant

      Nice.

      I just thought about it and GCIA cost less than CCIE:S lab and it is at least open book 🙂

    • #46073
      tturner
      Participant

      GCIA is awesome. I learned so much about how networking really works in that class and what real attack traffic looks like. I thought I knew already, but I was sadly mistaken. The best part is you walk away with the knowledge needed to extend that understanding to identify unique attacks. I’m retaking SEC504 (GCIH course) next month in Orlando, largely because I never sat the exam and it’s the last cert I need for GSE and this is the only way I get work to pay for it (work study program) and it’s been 5 or 6 years since I took it so I’m sure it’s changed quite a bit.

    • #46074
      docrice
      Participant

      I currently work as an operations network security engineer (which sounds like the type of role you’re trying to move into) and for me SANS 503 was memorably the most valuable experience I’ve had out of all the classes / cert studies that I’ve been through.  I’m not knocking 502 and 504 and their respective certs, but diving deep down to the bit level is enlightening.  Plus, you come out of there being able to impress folks with your knowledge of packet headers, offsets, hex values, and tcpdump-foo … not that it really matters all the time in real-world scenarios since a lot of the emphasis is now in the web app layer which I’m struggling on (I’m still going through 542 and it’s killing me).

      I’ll be the lone sheep in the crowd and recommend looking into the WCNA.  Even if you don’t go for the certification (since hardly anyone knows about it), read through the Wireshark Network Analysis book if traffic analysis isn’t something you’re comfortable with.  It’ll put a lot of things into perspective.

      I’ve never gone for the OSCP, but I’ve had a taste of OffSec material with the OSWP.  I loved every minute of it.  For an operations role, it should provide a very good impression of the balance / counter-balance involved when it comes to defending your network and understanding the dark unknowns you’re guarding against.  I’m sure you’ll be better equipped (knowledge-wise) when it comes to configuring a web app firewall on a load balancer.

    • #46075
      knwminus
      Participant

      I’ve read the Wireshark guide and I am reading TCP/IP Illustrated now. I have the TCP/IP Guide by no starch press on my to read list (which grows daily). I don’t think I will have 3k to spend on a single class anytime soon but those along with the TAO guide and extrusion detection (and the NMAP guide) are sort of my poor mans prep for the GCIA.

      I have seriously considered doing the WCNA. It would be more in line with what I am doing on a daily basis than Linux+.

    • #46076
      gwho1441
      Participant

      I am new to this forum .. and in the same boat as the OP.  I am a network engineer .. got a ccna / ccnp  and a masters in Network Security ( though didn’t have much security involved in there sadly but the company paid for it ). 

      I want to focus more on security and looking at paths I should take.  I would like to not only learn more but move towards pen testing.  Thinking of starting with CEH  and move to elearnsecurity and hacking dojo .. followed by oscp. 

    • #46077
      Triban
      Participant

      check out the reviews that have been done on those programs.  There are some decent ones.  eLearning has some great material and is pretty affordable, you may want to look into that one over CEH, if you need the CEH paper, then you may be able to pass the exam by picking up a study kit to fill in what you didn’t learn from eLearning.  OSCP is probably the most challenging course.  A number of regulars here have gone through it and could tell you a bit more.  Plus I think there is a review.

      Good luck in your transitions.

    • #46078
      rattis
      Participant

      Skimming over the posts, it looks like you’re focusing too much on the certs. Yes I know we love certs and the classes around here, but maybe get your hands in on some projects. Try to hook up with your local BSides group and offer to help them with a con network. Think Schmoo labs, but for Bsides.

      One of the local security groups I’m involved in is going to start doing workshops this summer. Don’t know how many or how often. I know one will be on basic linux hardening. One might be on XSS. I’m sure we’ll come up with some others.

Viewing 23 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?