What Computer Security Certs for a career?

[BKLounger]

So i deal with a little security at my job now but i would really like to get into computer security as a career. Stuff like penetration testing, reverse engineering virus's and such. I know you need at lesat a couple years experience before you can sit for the cissp but but what about stuff like security+, certified ethical hacker or even just make sure i have the basics like ccna. I would love to hear the opinions of some other security professionals on what certs they think would be of any use.

 

[bsobel]

Originally posted by: BKLounger
So i deal with a little security at my job now but i would really like to get into computer security as a career. Stuff like penetration testing, reverse engineering virus's and such. I know you need at lesat a couple years experience before you can sit for the cissp but but what about stuff like security+, certified ethical hacker or even just make sure i have the basics like ccna. I would love to hear the opinions of some other security professionals on what certs they think would be of any use.

You already mentioned the CISSP, and I'd highly recommend working thru the requirements for that. If you find others on the way that will help you prepare, great. We do look for CISSP certificaiton for hiring for a lot of positions, as do many others in the industry. The others (IMHO) aren't as usefull and are less likely to make/break a job decision.

 

[ScottFern]

I am in the same exact boat as you BKLounger. I think it would be beneficial for both of us if we could get on a forum that has a lot of Cisco certified professionals to help with any advice or guidance. However, I have a feeling Cisco guys don't hang around on forums!

 

[elcamino74ss]

CISSP is pretty much it. CISA/CISM possibly. I got CISSP over 3 years ago and its well worth it. I have security+ too but just last year because my employer paid for the test. I just got the voucher, signed up for the test that day and went and passed it

I was working in the banking industry and got myself in the position when they created a full time infosec position it was mine. I did that briefly but then got recruited by my current employer and it was a no brainer. I know some people may not like my employer but its been a great opportunity for me.

I'd dare say the CEH is a waste and I was lucky enough to get to take two of the Foundstone Ultimate Hacking classes to get some additional formal training on pentesting, etc.

 

[BZeto]

Would anyone recommend having other certs before studying to take the CISSP? Only having the A+ right now (havent bothered trying to get others) is it possible to study and go directly for the CISSP?

 

[bsobel]

Originally posted by: BZeto
Would anyone recommend having other certs before studying to take the CISSP? Only having the A+ right now (havent bothered trying to get others) is it possible to study and go directly for the CISSP?

Yes with appropriate work experience.

 

[elcamino74ss]

CISSP was my first cert. I had 5+ years exp and a current CISSP that I had known for 5 years that endorsed me once I passed the exam.

 

[ScottFern]

What is on average the work experience and salary of a CISSP?

 

[Woodie]

For starters, the SANS courses/certs aren't bad. CISSP is worth more though.

 

[elcamino74ss]

Originally posted by: ScottFern
What is on average the work experience and salary of a CISSP?

Last numbers I saw was 70k avg for CISSP.

I can't complain. I've got about 10 yrs in IT and no degree with a CISSP and can support a family of 5 on one income.

 

[engineereeyore]

Cisco certifications are, or used to be anyway, always a good thing. I got the Network+ cert. and found it to be pretty useless, though it was about the easiest test I've ever taken. If you're doing networking and security, having Linux+ wouldn't hurt either just as a way to prove good knowledge of Linux since it's used a lot in security/networking. However, if you have previous work experience with Linux, you might not want to bother.

 

[bsobel]

Originally posted by: engineereeyore
Cisco certifications are, or used to be anyway, always a good thing. I got the Network+ cert. and found it to be pretty useless, though it was about the easiest test I've ever taken. If you're doing networking and security, having Linux+ wouldn't hurt either just as a way to prove good knowledge of Linux since it's used a lot in security/networking. However, if you have previous work experience with Linux, you might not want to bother.

Maybe on the network side, but for security certs Cisco is useless (MHO). Trust me, I'm not basing a hire decision on if he has one of those. If he's a CISSP he's at the minimum bar and the others are nice to have. If he has the others and he's not a CISSP, it will stand out.

 

[trmiv]

Originally posted by: bsobel
<blockquote>quote:
Originally posted by: BZeto
Would anyone recommend having other certs before studying to take the CISSP? Only having the A+ right now (havent bothered trying to get others) is it possible to study and go directly for the CISSP?</blockquote>

Yes with appropriate work experience.

I know this is an old thread, but it came up in a search I did on CISSP. I've been interested in obtaining a security cert, and just getting security experience, but I don't know where to start. I need work experience to obtain a CISSP, but how do I get security related work experience without an applicable cert? Right now I'm a desktop support tech with 7.5 years of experience in support (4 years in tech support, 3.5 in desktop support)and a BS in MIS degree who is totally burned out on desktop support, and I'm trying to figure out what to do next.

 

[Zugzwang152]

Originally posted by: trmiv

Originally posted by: bsobel
<blockquote>quote:
Originally posted by: BZeto
Would anyone recommend having other certs before studying to take the CISSP? Only having the A+ right now (havent bothered trying to get others) is it possible to study and go directly for the CISSP?</blockquote>

Yes with appropriate work experience.

I know this is an old thread, but it came up in a search I did on CISSP. I've been interested in obtaining a security cert, and just getting security experience, but I don't know where to start. I need work experience to obtain a CISSP, but how do I get security related work experience without an applicable cert? Right now I'm a desktop support tech with 7.5 years of experience in support (4 years in tech support, 3.5 in desktop support)and a BS in MIS degree who is totally burned out on desktop support, and I'm trying to figure out what to do next.

I was in the same boat as you, but with less experience. I just got lucky. You don't NEED a CISSP just to get your foot in the door.

I would suggest an entry-level security cert like Security+, or the GIAC GSEC before you attempt CISSP, simply because you can't get it without the experience. ISC2 requires you have certain position titles to count the experience towards their requirements.

As a desktop support tech, you probably have experience working with Windows? If so, why not try one of the Microsoft security exams? I'm reading a book for the 70-299 test at the moment (Implementing and Administering Security in a Windows 2003 Network, or something to that effect). There's a Designing Security exam as well. Both meet elective requirements for your MCSA/MCSE if you don't have one already. If you do, you can take these tests (and possibly a little more) to add the +Security designation to your MCSE.

 

[Zugzwang152]

Similar discussion went on here:
http://forums.anandtech.com/me...=2075968&enterthread=y

 

[trmiv]

Thanks for the advice I may look into those other certs. I've also been thinking of getting possibly a Red Hat cert or a general Linux cert.

 

[lusher]

CISSP test is really easy IMHO.

 

[trmiv]

How is it easy? I have no experience in that area at all.

 

[Zugzwang152]

Originally posted by: trmiv
How is it easy? I have no experience in that area at all.

It's "easy" because it's a standard multiple choice test that tests knowledge on a very well-defined set of knowledge. it's a very popular exam, so there's plenty of training material as well.

 

[Wapp]

Originally posted by: trmiv
Thanks for the advice I may look into those other certs. I've also been thinking of getting possibly a Red Hat cert or a general Linux cert.

You should take a look at the Security+ exam. It counts as one elective for the MCSE/MCSA. It waivers one year of experience for CISSP. And it is a requirement for IAT Level 2 and IAM Level 1 for DoD 8750.01.

 

[fartbag]

Originally posted by: lusher
CISSP test is really easy IMHO.

You need to stop drinking the Kool-Aid. I can't say that I've heard many CISSP's say that. Maybe you're a conehead.