.

Security Responsibility at work. What to study beforehand?

<<

p0et

User avatar

Full Member
Full Member

Posts: 197

Joined: Thu Nov 02, 2006 4:38 pm

Location: Victoria, Canada

Post Sun Jun 14, 2009 9:38 am

Security Responsibility at work. What to study beforehand?

I've been leading a team for the past 1.5yrs getting Vista rolled out in a couple government ministries here.  We're coming to an end and now my boss has briefly mentioned that he noticed I'm very interested in security.  He says that in a couple months or so, they're thinking of my team taking on some "network security" responsibilities for our offices.  They didn't elaborate...yet, but said that the application security is already taken care of.  They would just like me to take on more "network security" also active directory group security issues, exchange/mailbox security issues too.  I've really not been able to keep up for about 2 years with security and never had a job previously to do with security.

What do you think I should be looking into (self-study)?  I have my college diploma in networking where I also went through the MCSE 2000 curriculm, but that was 8 years ago.  Should I be looking into some self-study for MCSE 2003 Security or CCNA.  Both will probably boost my overall networking and active directory knowledge. 

Thanks!
GCIH, Security+, Network+, A+, MCP, DCSE
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Jun 14, 2009 8:40 pm

Re: Security Responsibility at work. What to study beforehand?

I did the MCSE:Security thing.  Honestly, it gives a pretty decent base of security in a Microsoft world, but that's it.  Microsoft really wants you to do things their way, same goes for their view on security.    Cisco courses would be beneficial if you are doing that sort of thing. 

What about Security+ or maybe even CISSP if you are genuinely interested in security?  Security+ would be entry level.  CISSP would be more advanced.  Either will give you a good base in security concepts. 
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1256

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Jun 15, 2009 4:07 am

Re: Security Responsibility at work. What to study beforehand?

Ketchup wrote:What about Security+ or maybe even CISSP if you are genuinely interested in security?   Security+ would be entry level.  CISSP would be more advanced.   Either will give you a good base in security concepts. 


Depending on his signature, he has already Security+ besides some others. ;)

CISSP is surely great but seems to be quite hard to get. If possible you should at least try it.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Mon Jun 15, 2009 7:17 am

Re: Security Responsibility at work. What to study beforehand?

While I do not hold any specific network security certificates I do not believe that any Cisco certification would hurt you in this realm.  The other options would be to look at some vendor specific certifications for firewalls, (H/N/W)IDS, or the such that your company actually has deloyed or may work with in the future.

CISSP is more advanced, but you may not be able to make the work experience requirements (4 years direct experience with a degree OR Security+).

Good luck!
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Jun 15, 2009 10:27 am

Re: Security Responsibility at work. What to study beforehand?

UNIX wrote:Depending on his signature, he has already Security+ besides some others. ;)


Ha! I should read the signature items.  Sorry about that.
~~~~~~~~~~~~~~
Ketchup
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Mon Jun 15, 2009 10:27 am

Re: Security Responsibility at work. What to study beforehand?

My opinion is get certs if someone else is going to pay, if not just buy the reference books and material and study.
I would say read some CCNA related material to increase your networking understanding, understand what you have in place in your organisation and study vendor technical documentation. Also the CISSP does cover a broad range of area (10 domains) and is also certainly worth studying even if you dont plan on doing the cert.

So basically just become a security sponge :)
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1256

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Jun 15, 2009 10:39 am

Re: Security Responsibility at work. What to study beforehand?

Normally I would agree with you dalepearson at the point that studying security material and practice it should be enough. But especially when loking for a new job or similar it may be the key to have actually a certificate which says that you have learned the stuff you are interested in at least once (I am assuming that no cheating was there).

When there are two persons with same skills etc., where one has a certificate and the other one not, the employer propably will take the one who has certificates.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Jun 15, 2009 12:24 pm

Re: Security Responsibility at work. What to study beforehand?

One thing I forgot, if you don't qualify for CISSP because you do not have enough work experience, you can shoot for Associate of ISC2.  If you pass the CISSP exam, you would become an Associate.  Once you reach the required work experience level, you would be upgraded to CISSP, providing you have maintained your cert.  Here is the link to this program:

http://www.isc2.org/how-to-become-an-associate.aspx
~~~~~~~~~~~~~~
Ketchup
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1911

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Jun 15, 2009 12:46 pm

Re: Security Responsibility at work. What to study beforehand?

Not to hijack the thread - this may help the original poster as well - but for those who have the CISSP and have been through the process, what can you tell us about the experience requirements? I have seen different things on the ISC2 site and in the information bulletin, but I'm still not sure if I'd be able to qualify. For example, will my work as a network administrator where I had security-related tasks, etc. count even though my primary job function wasn't security? I'm planning to take the exam at the beginning of October, just not sure whether I can go for the cert or need to get the associate. Thanks!
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Jun 15, 2009 1:55 pm

Re: Security Responsibility at work. What to study beforehand?

Bill, I think much of the experience requirement issues can be remedied with structuring your resume to emphasize work in one of the ISC2 security domains.  For example, if you are a Network Administrator with security-related duties, you can indicate that you are currently responsible for Operational Security.  I don't believe it matters whether or not your primary job description wasn't security,  at least it didn't for me.

I think that most of us here that are interested in security, have some sort of security-related work experience.  Even if you have done side gigs and volunteered, I believe that work still counts.  I think that you actually have to indicate on your resume which domain your experience applies towards. 

I think that if you are considering sitting for the CISSP exam, you should apply for the CISSP cert and not the Associate of CISSP.  Structure your resume to emphasize work in their 10 domains.  Let ISC2 decide whether or not you have enough experience.  Someone correct me if I am wrong, if you pass the CISSP exam and ISC2 determines you are lacking experience, they will automatically give you Associate status. 

Those are my two cents.
~~~~~~~~~~~~~~
Ketchup
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1911

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Jun 16, 2009 7:13 am

Re: Security Responsibility at work. What to study beforehand?

Perfect, thanks! :)
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Tue Jun 16, 2009 8:14 pm

Re: Security Responsibility at work. What to study beforehand?

dalepearson:

I agree with you in principle, I'm a really cheap guy.  Hate spending money for something I don't need.  I have to disagree on certs though.

Everyone knows (and argues) the value of having any given cert.  Sure it may get you hired, promoted above your peers, etc.  Maybe not.  Maybe it doesn't accurately measure what they claim it does.

I find the benefit of certification is forcing myself to learn on a schedule. I'll find time to tinker with other stuff if I don't schedule a test and get down to studying.  That's usually worth the exam fee right there.  The piece of paper I get later is just icing on the cake.

BillV:
I'll agree with Ketchup.  I'm not currently a CISSP (I'm taking that in Septermber).  I do know lots of people that have met the experience requirements with security related job functions that struck me as slightly dubious.  You should be fine.  Maybe you could add that you've been a frequent contributor on EH.net for X years (no joke, that ought to count for something).
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

p0et

User avatar

Full Member
Full Member

Posts: 197

Joined: Thu Nov 02, 2006 4:38 pm

Location: Victoria, Canada

Post Sat Jun 20, 2009 12:30 pm

Re: Security Responsibility at work. What to study beforehand?

Wow!  Thanks for all the great replies guys!  8)

I'll have a chat with the boss and see if I can get some more info on exactly what I'll be responsible for.  All I know for now is a good part of it will be Microsoft, with the Exchange Server and Active Directory.  That's why I was wondering if I should study the MCSE Security to get a good understanding of Exchange & AD security.  I'll check out the CCNA & Associate of ISC2 material too. 
GCIH, Security+, Network+, A+, MCP, DCSE

Return to Other

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software