1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Career Advise needed for Security Consulting

Discussion in 'Network Security' started by ZeeIsOn, Apr 5, 2013.

  1. ZeeIsOn

    ZeeIsOn New Member

    6
    0
    13
    Hi Guys,

    I Have currently got CCNA, CCNA Security, CCNP, Comptia Security+ and currently studying for CCNP security (starting with VPN). I want to be a security consultant by profession and was wondering if anyone here can advise me the next best steps. I plan to do CISSP and Ethical Hacker courses after the CCNP security, and also ISO2007?

    Advise appreciated :)

    Regards

    Zee
     
    Certifications: Beng Computing Degree, CCNA, ITILv3 Foundation, CCNA Security, Comptia Security +, CCNP
    WIP: CCSP (Now known as CCNP security, then CEH, CISSP and maybe CCNA Voice/Video coz I have know Idea about those!)
  2. Beerbaron

    Beerbaron Megabyte Poster

    545
    9
    76
    I'm currently studying for the CCENT exam. Once I have done the CCNA I'm looking at the Certified ethical hacker course. I think you have listed most of the relevant courses. Maybe something in computer forensics.
     
    Certifications: BSc (Hons), MSc, ITIL v3F, MCP, MCDST, MCITP: edst7, MCTS, MCSA: Server 2003, MCSA: Windows 7, N+, NVQ IT lvl 3, MCSA Windows 7, VCP5, CCENT, CEH
    WIP: CISSP
  3. Rob1234

    Rob1234 Megabyte Poster

    782
    24
    69
    What experience do you have?
     
    Certifications: A few.
  4. ZeeIsOn

    ZeeIsOn New Member

    6
    0
    13
    Hi Guys :)

    Rob1234,

    I have 3 years experience working Service desk/2nd line and also 3 years experience as a Network Engineer; NOC 1 year and almost 2 years in 3rd Line Network Administrator.

    Computer forensics sounds interesting but I don't think a certification is available for that, maybe a degree? :S
     
    Certifications: Beng Computing Degree, CCNA, ITILv3 Foundation, CCNA Security, Comptia Security +, CCNP
    WIP: CCSP (Now known as CCNP security, then CEH, CISSP and maybe CCNA Voice/Video coz I have know Idea about those!)
  5. Rob1234

    Rob1234 Megabyte Poster

    782
    24
    69
    Sounds like you have a good background to start moving into security.
    There is plenty of forensics certs here is a few:

    GIAC Computer Forensics Certifications

    The International Society of Forensic Computer Examiners - ISFCE

    Although might not be as interesting as you think forensics would be :)
     
    Certifications: A few.
  6. Monkeychops

    Monkeychops Kilobyte Poster

    286
    15
    25
    The serious pen testing certification/qualification paths are CREST or Tigerscheme, basically anything that gives you CHECK status.

    Ethical Hacker cert isn't a bad way to go, but the above qualifications really mean business.

    As for consulting, as much as people may disagree and find it not practical enough the CISSP is what most people ask for, employers and their clients.
     
    Last edited: Apr 8, 2013
  7. ZeeIsOn

    ZeeIsOn New Member

    6
    0
    13
    Hello :)

    Thanks for the links Rob, your right it doesn't seem as interesting LOL

    I am more interested in CREST and Tigerscheme mentioned by Monkeychops. What does "CHECK" stand for?
    Will most probably look into doing this after CISSP so I do have a long ways to go ZZZzzZZ :(

    Thanks for your contribution
     
    Certifications: Beng Computing Degree, CCNA, ITILv3 Foundation, CCNA Security, Comptia Security +, CCNP
    WIP: CCSP (Now known as CCNP security, then CEH, CISSP and maybe CCNA Voice/Video coz I have know Idea about those!)
  8. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    You may want to have a chat with some security guys before taking the CISSP, I know a lot of hands on Security guys all laugh at the CISSP certification and say it's more aimed at managers rather than practitioners so if you want to actually be a hands on type of guy you may want to not bother with CISSP at the moment.

    Just as a side note, the hands on security guys I know are proper security guys, they are involved with the various Hacking events that occur around the world, have the various Hacking\Pen Testing experience and certifications and they all agree that CISSP isn't the way to go if you want to do Pen Testing\Hacking.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  9. Monkeychops

    Monkeychops Kilobyte Poster

    286
    15
    25
    Yup it's not a hands on cert at all, it's a manager/consulting cert. Plus remember you need the x years in a full time security role to qualify for the experience requirements.

    It's value is that is it is used/requested as a requirement for a lot for those sorts of positions, and as said also clients of consultancies often want people with that cert assigned to their account security wise.

    As is always said on here, along with every other area of IT, security is a varied field with many possible professions within. You need to tailor your plans to where it is you want to end up.

    If it's hands on you want then go down the CeH to start/Sans/GIAC route ultimately ending up with either CREST or Tigerscheme to get you your CHECK status.

    CHECK is the CESG (i.e UK Government) scheme that approves a CHECK provider to perform security testing on government restricted systems.

    Whilst this isn't required for non governmental systems it's generally seen as a good think to have and a lot of testing companies will want people to have it as it makes you more marketable, able to work on government clients, and ultimately you can probably be charged out for more £££ ;)

    There are 2 levels of status, check team member and check team leader (with team leader have 2 streams, either web apps or infrastructure).

    Start looking round at testing companies like NCC and their vacancies to see what they ask for and work towards those skills (Penetration Testing Consultant).

    I did testing for a while, it was fun for the brief time I did it but have since moved on to a role that at the moment suits my home life (and bank balance!) more, a tester is largely on the road all week.

    As another side note, the security guys I know/have worked alongside are also 'proper' security guys from a wide range of areas, including many reasonably well known, within the field.

    What certs was it that your guys recommend, I've never looked into the SANS/GIAC stuff in too much detail but seem to vaguely remember you mentioning something like that previously, and maybe the OSCP? Be interested to know what people's thoughts are outside of the usual CHECK type stuff.
     
    Last edited: Apr 9, 2013

Share This Page

Loading...