.

Advice for a Network Security career plan

<<

landen99

Newbie
Newbie

Posts: 3

Joined: Wed Jan 13, 2010 1:21 pm

Post Wed Jan 13, 2010 1:43 pm

Advice for a Network Security career plan

I need some advice for a plan to become a network security professional, including how and when to get work experience and certifications.  For others in a similar situation, the advice here should be tailored to someone who has not got their foot in the door, who loves hacking and computer programming, and who has a BS degree outside of computers but has realized that security is where their heart lies.

I love programming.  I began with DOS/Basic in the mid-90s, and worked my way through: Pascal, C, Matlab, VBA, Fortran, and bash (linux basic), though I have only used VBA and bash in work as an engineer.  So no IT experience and no Computer Science degree (actually its Physics but that is not helpful to me), though I am pursuing a Masters in IT with a Security emphasis.  I understand computers very well with A+ certification, and I have heard recommendations about CISSP, Security+ (some question this one), Network+, and EC (Ethical Hacker).  I understand the basics of malware and network mechanics with the different communication layers.  I have a CEH review guide, a Hacking for dummies book, and an Operating Systems Security book which I am studying at the moment.

Now I need to understand what to do, so I can focus my efforts and make a difference.  Certifications require experience, but the right jobs require certification and experience.  What should I do and what kind of timetable am I looking at for each step?  Thank you very much in advance.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Jan 13, 2010 2:20 pm

Re: Advice for a Network Security career plan

Welcome to the forums, landen99.

First I would recommend to read a few of the other threads, as there are similar questions with lots of answers already given.

Shortly two of the certifications which can be recommended are Security+ by CompTIA and CEH by EC-Council, both to be said beginner certifications.

CISSP is certainly great, though it is probably not for you at the moment. OSCP is often recommended after having already obtained some of the basic skills (e.g. after S+ or CEH) and depending on your overall knowledge of security.

Reading books is good, other things you could do include building your own lab and practicing there. Browsing though this and several other sites should help you too to get many interesting reads, whitepapers, recommendations etc.
Meeting with local groups may help you too to learn some new things and have some nice discussions.

Also you could try to apply for a job offering which sounds interesting for you - even if you may not fulfill all requirements - could be something like network engineer, sysadmin etc., so not directly focused on security only.
<<

landen99

Newbie
Newbie

Posts: 3

Joined: Wed Jan 13, 2010 1:21 pm

Post Wed Jan 13, 2010 2:51 pm

Re: Advice for a Network Security career plan

I have read many threads but none of them address the situation (or remotely similar situation) of being completely new to the entire IT field by experience, well-versed in computer IT and programming by personal study, private work, and interest, let alone working with a degree and experience in a very different, but still technical field.  Also, I am looking for specific time lines as a specific guide.  For instance, beginning with a recommendation of steps 1 and 2 concurrently for 6-12 months and 12 months respectively; where the steps are identified and requirements are noted for commencing each step.  I have looked far and wide to find only bits and pieces of this information not compiled together into useful and understandable form as a guide.

CEH by EC-Council may be said a beginner certification, but I know it requires 2 years of experience and Security+ (DeFino, 2010, p. xviii) for the self study program; otherwise the official course program (pricey) is required.

When are CISSP or OSCP for me?  When and for what jobs are they helpful?

How do I build my own lab and practice there and what does that mean exactly?  Is that just running Wireshark and other programs on other networks on my home computer, and if so how does that help my application?  How do I find these local groups of which you speak?  What roles, if any more, should they play in my career, beyond networking and interesting technical discussions?

Applications to job offerings which sounds interesting for me have met a dead wall, so some suggestions would be useful here.  Jobs like network engineer, sysadmin etc., usually require 3-10 years of experience and never give me feedback, let alone rejection letters, on my application.  But going these other directions implies that I know how to make them best fit into my plan to advance my career as a hacker/IT security pro, but at this moment I do not know how.

More advice needed, please.

DeFino. (2010). Official CEH Review Guide.  p. xviii
Last edited by landen99 on Wed Jan 13, 2010 4:05 pm, edited 1 time in total.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Jan 13, 2010 4:43 pm

Re: Advice for a Network Security career plan

CISSP is to be said one of the (if not the) most sought certificate and the test should be quite hard. IIRC you also need 5 years of working experience, though I am not sure on this one, so I would say it is something to look at again in future.

In regards to OSCP people often say that some basic knowledge is necessary (so S+ and CEH would be a good start) in order to pass, though I have seen people who did OSCP without anything else before.

How to build your own lab... there are several threads about exactly this question, so take your time. ;)
A book which might interest you in regards to this is Professional Penetration Testing: Creating and Operating a Formal Hacking Lab or if you would prefer not to spend any money take a look at this tutorial on Security Aegis.

Groups can be found e.g. through Google.

Giving a accurate timetable for everything is hardly possible because it really depends on the individual - some learn new things very fast while others need more time, have previous knowledge or experience etc.

Scheduling one exam after another would probably a good and common way to proceed.
Last edited by UNIX on Wed Jan 13, 2010 4:49 pm, edited 1 time in total.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jan 14, 2010 8:32 am

Re: Advice for a Network Security career plan

With no experience and no IT degree [yet], you're probably looking at entry-level support positions: helpdesk, desktop support, jr. Sys/Net Admin (and others similar). Yeah, it might be a lower position than you'd like, but it's getting your foot in the door and gaining you some experience. Once you're in, you can show off your other knowledge and skills and work on that promotion.

It wouldn't hurt to have a couple of the entry-level certifications as soon as you're ready. You mentioned the A+, it'd probably help to grab a Network+ and a Security+ as well. It sounds like you have that knowledge, now you just need to have something that proves you know it. Without any experience, certifications are your way of displaying what you know. Having that combination should certainly get you into an entry position and having the Security+ will set you on a good path for a security career.

As for a timeline, you're probably looking at being in an entry-level spot anywhere from 6 months to 2 years. This will give you time to get the experience needed to move up as a Network Admin, System Admin or possibly into some sort of security role. If you have any particular interest in a certain area, it wouldn't hurt to go get a GIAC certification while you're gaining your experience.

The CISSP requires 5 years of security experience - so you've got some time on this one but this is probably going to be something you'll want to focus on down the road. It will certainly help you out once you have that Masters in IT [security] and probably set you up for a management position (at which point most of your technical stuff will go out the window anyway). I believe your degree will knock off a year (maybe 2) from that requirement - check the ISC2 site for details.

It's an interesting situation, I'm sure some others will have some advice for you as well.

Oh, and welcome to the site :)

BillV
<<

adamj

User avatar

Newbie
Newbie

Posts: 17

Joined: Wed Jan 23, 2008 11:49 pm

Location: Maryland

Post Mon Jan 18, 2010 8:24 am

Re: Advice for a Network Security career plan

This is just my impression, but I believe CISSP is meant to be a more general, risk management type course.  Yes it's long, difficult and expensive, but if you are interested in technical skills, it may not be so helpful anyway.  I would perhaps look at GSEC (vendor neutral, which is always a plus I think), or CCNA.  As much as it bugs me that a lot of people, primarily recruitment staff and managers, see Cisco certifications as being security-related, they will help you get jobs.  A CCNA should get you a reasonable networking job, which you can leverage to find a security-related position, and perhaps look at doing more specific security certs then.
Good luck!
<<

Ash Chole

User avatar

Newbie
Newbie

Posts: 21

Joined: Sun Nov 01, 2009 9:56 pm

Post Mon Feb 15, 2010 9:42 am

Re: Advice for a Network Security career plan

Couple of questions for you.
Where do you live?
Where are you getting your MS from?
Are you an on-campus or online student?
Are you required to take cert tests as part of grade?
Does your school require you to do an internship?
Does your school have a career center?
Do you have time to volunteer?

As simple as the ?'s are they will go a long way to deciding what you should do and how you could go about it.

Return to General Certification

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software