Security Responsibility at work. What to study beforehand?

Viewing 12 reply threads
  • Author
    Posts
    • #3885
      p0et
      Participant

      I’ve been leading a team for the past 1.5yrs getting Vista rolled out in a couple government ministries here.  We’re coming to an end and now my boss has briefly mentioned that he noticed I’m very interested in security.  He says that in a couple months or so, they’re thinking of my team taking on some “network security” responsibilities for our offices.  They didn’t elaborate…yet, but said that the application security is already taken care of.  They would just like me to take on more “network security” also active directory group security issues, exchange/mailbox security issues too.  I’ve really not been able to keep up for about 2 years with security and never had a job previously to do with security.

      What do you think I should be looking into (self-study)?  I have my college diploma in networking where I also went through the MCSE 2000 curriculm, but that was 8 years ago.  Should I be looking into some self-study for MCSE 2003 Security or CCNA.  Both will probably boost my overall networking and active directory knowledge. 

      Thanks!

    • #24790
      Ketchup
      Participant

      I did the MCSE:Security thing.  Honestly, it gives a pretty decent base of security in a Microsoft world, but that’s it.  Microsoft really wants you to do things their way, same goes for their view on security.    Cisco courses would be beneficial if you are doing that sort of thing. 

      What about Security+ or maybe even CISSP if you are genuinely interested in security?  Security+ would be entry level.  CISSP would be more advanced.  Either will give you a good base in security concepts. 

    • #24791
      UNIX
      Participant

      @Ketchup wrote:

      What about Security+ or maybe even CISSP if you are genuinely interested in security?   Security+ would be entry level.  CISSP would be more advanced.   Either will give you a good base in security concepts. 

      Depending on his signature, he has already Security+ besides some others. 😉

      CISSP is surely great but seems to be quite hard to get. If possible you should at least try it.

    • #24792
      unsupported
      Participant

      While I do not hold any specific network security certificates I do not believe that any Cisco certification would hurt you in this realm.  The other options would be to look at some vendor specific certifications for firewalls, (H/N/W)IDS, or the such that your company actually has deloyed or may work with in the future.

      CISSP is more advanced, but you may not be able to make the work experience requirements (4 years direct experience with a degree OR Security+).

      Good luck!

    • #24793
      Ketchup
      Participant

      @UNIX wrote:

      Depending on his signature, he has already Security+ besides some others. 😉

      Ha! I should read the signature items.  Sorry about that.

    • #24794
      dalepearson
      Participant

      My opinion is get certs if someone else is going to pay, if not just buy the reference books and material and study.
      I would say read some CCNA related material to increase your networking understanding, understand what you have in place in your organisation and study vendor technical documentation. Also the CISSP does cover a broad range of area (10 domains) and is also certainly worth studying even if you dont plan on doing the cert.

      So basically just become a security sponge 🙂

    • #24795
      UNIX
      Participant

      Normally I would agree with you dalepearson at the point that studying security material and practice it should be enough. But especially when loking for a new job or similar it may be the key to have actually a certificate which says that you have learned the stuff you are interested in at least once (I am assuming that no cheating was there).

      When there are two persons with same skills etc., where one has a certificate and the other one not, the employer propably will take the one who has certificates.

    • #24796
      Ketchup
      Participant

      One thing I forgot, if you don’t qualify for CISSP because you do not have enough work experience, you can shoot for Associate of ISC2.  If you pass the CISSP exam, you would become an Associate.  Once you reach the required work experience level, you would be upgraded to CISSP, providing you have maintained your cert.  Here is the link to this program:

      http://www.isc2.org/how-to-become-an-associate.aspx

    • #24797
      BillV
      Participant

      Not to hijack the thread – this may help the original poster as well – but for those who have the CISSP and have been through the process, what can you tell us about the experience requirements? I have seen different things on the ISC2 site and in the information bulletin, but I’m still not sure if I’d be able to qualify. For example, will my work as a network administrator where I had security-related tasks, etc. count even though my primary job function wasn’t security? I’m planning to take the exam at the beginning of October, just not sure whether I can go for the cert or need to get the associate. Thanks!

    • #24798
      Ketchup
      Participant

      Bill, I think much of the experience requirement issues can be remedied with structuring your resume to emphasize work in one of the ISC2 security domains.  For example, if you are a Network Administrator with security-related duties, you can indicate that you are currently responsible for Operational Security.  I don’t believe it matters whether or not your primary job description wasn’t security,  at least it didn’t for me.

      I think that most of us here that are interested in security, have some sort of security-related work experience.  Even if you have done side gigs and volunteered, I believe that work still counts.  I think that you actually have to indicate on your resume which domain your experience applies towards. 

      I think that if you are considering sitting for the CISSP exam, you should apply for the CISSP cert and not the Associate of CISSP.  Structure your resume to emphasize work in their 10 domains.  Let ISC2 decide whether or not you have enough experience.  Someone correct me if I am wrong, if you pass the CISSP exam and ISC2 determines you are lacking experience, they will automatically give you Associate status. 

      Those are my two cents.

    • #24799
      BillV
      Participant

      Perfect, thanks! 🙂

    • #24800
      former33t
      Participant

      dalepearson:

      I agree with you in principle, I’m a really cheap guy.  Hate spending money for something I don’t need.  I have to disagree on certs though.

      Everyone knows (and argues) the value of having any given cert.  Sure it may get you hired, promoted above your peers, etc.  Maybe not.  Maybe it doesn’t accurately measure what they claim it does.

      I find the benefit of certification is forcing myself to learn on a schedule. I’ll find time to tinker with other stuff if I don’t schedule a test and get down to studying.  That’s usually worth the exam fee right there.  The piece of paper I get later is just icing on the cake.

      BillV:
      I’ll agree with Ketchup.  I’m not currently a CISSP (I’m taking that in Septermber).  I do know lots of people that have met the experience requirements with security related job functions that struck me as slightly dubious.  You should be fine.  Maybe you could add that you’ve been a frequent contributor on EH.net for X years (no joke, that ought to count for something).

    • #24801
      p0et
      Participant

      Wow!  Thanks for all the great replies guys!  8)

      I’ll have a chat with the boss and see if I can get some more info on exactly what I’ll be responsible for.  All I know for now is a good part of it will be Microsoft, with the Exchange Server and Active Directory.  That’s why I was wondering if I should study the MCSE Security to get a good understanding of Exchange & AD security.  I’ll check out the CCNA & Associate of ISC2 material too. 

Viewing 12 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?