Career Advise needed for Security Consulting

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi Guys,

I Have currently got CCNA, CCNA Security, CCNP, Comptia Security+ and currently studying for CCNP security (starting with VPN). I want to be a security consultant by profession and was wondering if anyone here can advise me the next best steps. I plan to do CISSP and Ethical Hacker courses after the CCNP security, and also ISO2007?

Advise appreciated

Regards

Zee

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I'm currently studying for the CCENT exam. Once I have done the CCNA I'm looking at the Certified ethical hacker course. I think you have listed most of the relevant courses. Maybe something in computer forensics.

 

What experience do you have?

 

Hi Guys

Rob1234,

I have 3 years experience working Service desk/2nd line and also 3 years experience as a Network Engineer; NOC 1 year and almost 2 years in 3rd Line Network Administrator.

Computer forensics sounds interesting but I don't think a certification is available for that, maybe a degree? :S

 

Sounds like you have a good background to start moving into security.
There is plenty of forensics certs here is a few:

GIAC Computer Forensics Certifications

The International Society of Forensic Computer Examiners - ISFCE

Although might not be as interesting as you think forensics would be

 

The serious pen testing certification/qualification paths are CREST or Tigerscheme, basically anything that gives you CHECK status.

Ethical Hacker cert isn't a bad way to go, but the above qualifications really mean business.

As for consulting, as much as people may disagree and find it not practical enough the CISSP is what most people ask for, employers and their clients.

 

Hello

Thanks for the links Rob, your right it doesn't seem as interesting LOL

I am more interested in CREST and Tigerscheme mentioned by Monkeychops. What does "CHECK" stand for?
Will most probably look into doing this after CISSP so I do have a long ways to go ZZZzzZZ

Thanks for your contribution

 

You may want to have a chat with some security guys before taking the CISSP, I know a lot of hands on Security guys all laugh at the CISSP certification and say it's more aimed at managers rather than practitioners so if you want to actually be a hands on type of guy you may want to not bother with CISSP at the moment.

Just as a side note, the hands on security guys I know are proper security guys, they are involved with the various Hacking events that occur around the world, have the various Hacking\Pen Testing experience and certifications and they all agree that CISSP isn't the way to go if you want to do Pen Testing\Hacking.

 

Yup it's not a hands on cert at all, it's a manager/consulting cert. Plus remember you need the x years in a full time security role to qualify for the experience requirements.

It's value is that is it is used/requested as a requirement for a lot for those sorts of positions, and as said also clients of consultancies often want people with that cert assigned to their account security wise.

As is always said on here, along with every other area of IT, security is a varied field with many possible professions within. You need to tailor your plans to where it is you want to end up.

If it's hands on you want then go down the CeH to start/Sans/GIAC route ultimately ending up with either CREST or Tigerscheme to get you your CHECK status.

CHECK is the CESG (i.e UK Government) scheme that approves a CHECK provider to perform security testing on government restricted systems.

Whilst this isn't required for non governmental systems it's generally seen as a good think to have and a lot of testing companies will want people to have it as it makes you more marketable, able to work on government clients, and ultimately you can probably be charged out for more £££ ;)

There are 2 levels of status, check team member and check team leader (with team leader have 2 streams, either web apps or infrastructure).

Start looking round at testing companies like NCC and their vacancies to see what they ask for and work towards those skills (Penetration Testing Consultant).

I did testing for a while, it was fun for the brief time I did it but have since moved on to a role that at the moment suits my home life (and bank balance!) more, a tester is largely on the road all week.

As another side note, the security guys I know/have worked alongside are also 'proper' security guys from a wide range of areas, including many reasonably well known, within the field.

What certs was it that your guys recommend, I've never looked into the SANS/GIAC stuff in too much detail but seem to vaguely remember you mentioning something like that previously, and maybe the OSCP? Be interested to know what people's thoughts are outside of the usual CHECK type stuff.