Certification Advice

Discussion in 'Other IT certifications' started by Shajin, Jan 5, 2010.

  1. Shajin

    Shajin Bit Poster

    16
    0
    2
    Hi

    A complete newbie here.. So please be gentle with me :)

    This has probably been asked a million times before, but I think my case is slightly different. Hence the reason for my post. I have read the guide here for beginner's entry into Security, but I also needed your valuable opinion on the below certifications.

    I was looking to move into IT Security area and was wondering if any of the experts here could give me any advice on choosing the right certification.

    Let me start with a little bit of my background.. I have been in the IT industry for the past 8 years on and off, but not with much commercial experience. I have completed my MCSE 2003 few years back, but not had a chance to work much in a commercial environment. I had worked as an IT Support Engineer (for 1 year) for a small firm few years back. The firm got closed down and I was forced to take up a sales job (which involved very few IT skills). I set up my own IT Support business last year, supporting few of my clients on Microsoft platform, both server and clients. I have got experience in Windows 7/XP/Vista/2003, Office 2003/2007, Active Directory, Exchange Server, Backup, Firewalls, VPN, DNS, TCP/IP, WLAN, Antivirus, AntiSpyware, etc.

    As my business is not doing very well, I was looking to move into IT security, which I believe is very much in demand these days. Would you be able to recommend any certifications that the employers are looking for these days? I was looking to complete the certification and take up a suitable position is some company. If you can recommend any such certification for someone with my background, that would give me an entry into IT security, that would be very much appreciated. To start off with, I would think a generic rather than a vendor-specific certification would be more appropriate. What do you think? I am aware that certifications like CISSP, CISM, CISA are very much in demand these days, but these wouldn’t suit someone with my background. I was thinking of doing the CEH, but I was told that it was a bit advanced. The EC-Council’s Network Security Administrator (ENSA) looked quite interesting. Any ideas on this? The other options I have been given are Comptia Security+, CISMP, ECSA, a combination of CISMP, CEH and ECSA, etc. If you can give me any recommendations, I would be very much obliged.

    I have been doing a lot of research on this and struggling to make up my mind. I hope I can find a favorable answer here.

    Sorry for the long detailed mail. I thought it was essential for you to know my background to guide me to the 'right track'.

    Thanks for your time and patience.
     
  2. Bri1981

    Bri1981 Byte Poster

    207
    21
    27
    I think the Security+ would be a good place to start, with the experience you have the material should be relatively straightforward. Once this is out of the way (depending on what exams you completed for the MCSE) you may only need one more for the MCSE Security cert.
     
    Certifications: See signature
    WIP: MBA entry diploma
  3. Shajin

    Shajin Bit Poster

    16
    0
    2
    Thanks for your reply and suggestion..

    I compared the Security+ with ENSA and the ENSA seems to cover a wide range of topics.

    The following modules are covered in ENSA program:

    Module: Fundamentals of Network
    Module: Wireless Network Security
    Module: Web Security
    Module: Virtual Private Networks
    Module: Troubleshooting Network
    Module: Security Standards Organizations
    Module: Security Standards
    Module: Security Policy
    Module: Securing Modems
    Module: Protocol Analysis
    Module: Patch Management
    Module: Packet Filtering and Proxy Servers
    Module: Network Vulnerability Assessment
    Module: Network Security Threats
    Module: Network Security
    Module: Network Protocols
    Module: Log Analysis
    Module: Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS) Module: Incident Response
    Module: IEEE standards
    Module: Hardening Routers
    Module: Hardening Physical Security
    Module: Hardening Operating Systems
    Module: Firewalls
    Module: E-mail Security
    Module: Disaster Recovery and Planning
    Module: Creating Fault Tolerance
    Module: Bastion Host and Honeypots
    Module: Authentication: Encryption, Cryptography and Digital Signatures
    Module: Application Security

    whereas Security+ seems to cover the following:

    Day 1: Introduction to General Security Concepts
    InfoSec Overview and History
    Access Control
    Authentication
    Non-Essential Services/Systems/Protocols
    Attacks
    Malicious Code
    Social Engineering
    Auditing
    Remote Access
    Email
    Web
    Directory
    File Transfer
    Wireless
    Devices
    Media
    Security Topologies
    Intrusion Detection
    Security Baselines
    Day 2: Cryptography/Operational/Organizational Security
    Algorithms
    Concepts of Using Cryptography
    PKI
    Standards and Protocols
    Key Management/Certificate Lifecycle
    Suspension
    Recovery
    Renewal
    Destruction
    Key Usage
    Physical Security
    Disaster Recovery
    Business Continuity
    Policy and Procedures
    Privilege Management
    Forensics
    Risk Identification
    Education
    Documentation

    More information on the ENSA course and its contents are available on the EC-Council website:

    http://www.eccouncil.org/training/course_outline/ensa_course_outline.aspx

    Any good?

    Thanks!
     
    Last edited: Jan 5, 2010
  4. Shajin

    Shajin Bit Poster

    16
    0
    2
    Seems like nobody is interested in helping me.. :(
     
  5. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140
    Not so.

    I would suggest that Bri1981 is correct that Sec+ is a valid certificate to go for. It is certainly a certificate that can be used, or it certainly used to be, as an elective for the MS route. There is a book written by Darril Gibson which is very good. Its ISBN number is: ISBN-10: 1439236364.

    Following on from that, you could look at the likes of the CEH as appropriate certs where you hold the requisite knowledge.

    You may also wish to consider the likes of the CCNA, where you can work towards the CCNA Security certification, if you are working in a Cisco networking environment.

    Best of luck.

    John
     
  6. Trogdor

    Trogdor Kilobyte Poster Gold Member

    268
    11
    76
    I think the Security + exam is a good place to start. It also counts to adding a security specialisation to your MCSE, which is an added bonus. Realistically, I think you need some substantial commercial experience to get a position in security. What kind of experience do you have? What are you doing at the moment?
     
    Certifications: A+, Network+, Server+, PDI+, MCDST, HP APS Server, HP APS Desktop / Laptop
    WIP: ITIL, CCNA, MCSA, and BSc
  7. Shajin

    Shajin Bit Poster

    16
    0
    2
    Thanks for all your suggestions...

    The reason why I was considering ENSA over Security+ was that ENSA seemed more "hands-on" and seemed to cover a wide range of topics. I am not sure whether Security+ or ENSA is more in demand in the job market.

    @GiddyG
    As a starter to security, I thought a more generic certification would be more appropriate rather than going for a vendor-specific certification. I could look into that later on as I progress. What say?

    @ Trogdor
    My entire life history has been stated in the first post :) I am self-employed at the moment, supporting few of my clients mainly on Microsoft platform.

    All suggestions welcome.. Thanks!
     
  8. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140

    Well, the Security+ is vendor-neutral, hence it's always a good one to go for. There are a few books about Sec+ out as well. Personally, I think it would give you a very good grounding in security, over and above what you already know. Mind you, I find that with all of the subjects I read books about, even those I think I know quite well.

    Best of luck with your studies!
     
  9. Shajin

    Shajin Bit Poster

    16
    0
    2
    Thanks for your reply GiddyG.

    I understand that Security+ is a vendor-neutral certification. And so is ENSA. I wanted your opinions on which one to go for out of the two. I believe ENSA is a fairly new course which is why not many people have heard about this. The course curriculum looks very interesting. But how are EC-Council certifications generally? Do they have any upper hand over CompTia?

    Thanks!
     
  10. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140
    I do not believe that the ENSA certification would hold sway, certianly not at the moment. As has already been mentioned by me and others, the Sec+ can also be used as an elective against the MCSE. This, to my mind, makes it the certification of choice as a starter for ten.

    Someone like WagnerK (Ken) will no doubt have his own valid views on the matter.
     
  11. Shajin

    Shajin Bit Poster

    16
    0
    2
    Sorry if I sound dumb.. But who is WagnerK???
     
  12. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    He is another member here who knows lots about certifications and what will be best for you, why not PM him and ask him.

    I would also agree with above posts about that Sec+ would be better for you to do than the other one.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  13. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,140
    555
    383
    Sorry for the late reply, been very busy at work :(

    I agree with what's already been said, if you're trying to gain entry into the IT Security field, the bare minimum that I (as an IT manager) would like to see in a candiate (certification/knowledge wise) is the Comptia Security+.

    I would recommend doing your Security+, then using that whatever other MS exam(s) you need to top up your MCSE to the MCSE: Security.

    To tell you the truth, the only cert that is widely known is the CEH from the EC-Council. They are more US based, and while they are gaining more popularity (mainly really only due to the CEH). I would recommend looking into the ICS2 instead, nothing against the EC-Council, just that ICS2 already has a foot-hold in the UK/EC in fact global market and industry. Hence they are more recognised and accepted in the UK. Their entry level credential is the "Associate of (ISC)²".

    One thing that I would like to point out that you can gain all these certs/credentials, but you should also be getting the experience to back it up, otherwise (imo) it'd all be almost useless. Start implementing what you're learning/learnt on your clients networks, etc - with their permission first to get basic experience. If you're going to be looking for employment with a organisation then you may only get the entry level (possibly one level about that) IT Security post.

    Along with gaining membership into the ICS2, I would also recommend looking into Professional Membership of the BCS - if only to show that you're guided by the BCS Code of Conduct. I joined in support of the IT field and to gain my CITP, so I am pro them. Some find them useful, some don't.

    Hope this helps :)

    -Ken
     
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
  14. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140
    Thanks Ken. I knew you could add a bit of meat to the sandwich. :)
     
  15. Shajin

    Shajin Bit Poster

    16
    0
    2
    Thank you very much for all your help and advice.

    I think I will go with Security+ like all the experts here suggested.

    As I am spending the time and money for Security+ anyway, I wouldn't mind doing another course with it. What would go well with Security+? CEH? Network+? Server+ or any others that you can recommend?

    Also, does it add value if the certification is obtained from the UK? I was planning of getting it done outside the UK (may be India) as it is much cheaper.

    Thanks!
     
  16. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    You don't have to do your certs a training company or college you can self study. That is getting the books yourself and practicing and studying. And this will probably be cheaper than a school in India.

    You just pay and take the exams when your ready.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  17. Shajin

    Shajin Bit Poster

    16
    0
    2
    With a little baby in the house and wife working full time, I don't think self-study would be possible.

    How much are the exam fees anyway?
     
  18. Bri1981

    Bri1981 Byte Poster

    207
    21
    27
    Certifications: See signature
    WIP: MBA entry diploma
  19. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,140
    555
    383
    Why not? There are alot of us you have kids and wives/partners and manage to do it. I'm one of them...

    -Ken
     
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
  20. Shajin

    Shajin Bit Poster

    16
    0
    2
    Do you think self-study is possible for Security+? Is it only theory based? What about practical sessions? How many hours do you think I need to dedicate each week? Where can I get the study materials from?

    I know it is too many questions to ask at once.. Sorry I am a little bit excited about this.. :)

    Thanks!
     

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.