Security Management

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi Lads,

As some of you know i'm looking to get into security management but not quite sure where to start. I'll be doing my Msc in Security Management in October. But I would like to plan my certification track at the same time. I have been working in IT for the past 5 years in various engineer roles from sys engineers to voice networks etc. I also currently hold a fair bit of certs: MCSE, MCDBA, MCITP: EA, CCNA, CCDA, CompTIA Linux+

These are the sec management certs which i have found after some research:

CISSP
GIAC Security Leadership Certification (GSLC)
Certified Information Security Manager (CISM)
Certified Authorization Professional (CAP)
GIAC Legal Issues (GLEG)
Prince2

You may notice the PRINCE2 and the CISSP in there ;) belive me their needed Project management work pays well :P


Now the stepping stone for me would be CompTIA Security+ or GSEC (GIAC Security Essentials Certification). Not sure which one to go with.

Can someone advice me if my plan is any good? I know the basic concepts of security but i sitll think i need to start at the bottom as with everything and work my way up.

Do you think the cert track which i have chosen is feasable or have i missed some excellent management certs??

Thanks

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I've seen a few people on here with prince2, what is the purpose of it?

 

Prince2 is a project management methodology.

 

I'm intruiged as to how worthy some of these GIAC qualifications are worthwhile, outside of GSEC/GISF. They seem to have so many!!

Anyway, depending what field you are I guess they get quite specific. My plan is:

-Security+ (waiting on the 2011 exam)
-GSEC
-GISF

These two will complement each other, but the GSEC is harder and much deeper than the Security+. I have been looking into getting some revision material and it's damn near sparse. On Amazon, one book is from 2009, the others are from 2003! So maybe it's only training courses?

Anyway, in 2011 when those are done, work will be sending me on:

-ISO27001 Implementor
-Certified Security Management Principles

This is for the internal work, so I have no idea what this will entail but it looks good. Again it's branching away from the technical work which is good for me. I tend to get bored with the technical stuff after a while, but I hope this will stay true!

When those are done, I'm looking at:

-CISSP (This is for uni, they are partners and will give us the training course and exam for free. I'll just be an associate until I get an extra 3 years of experience)
-CISA (This is the route I'll like to lead down. Since I am already in the financial industry I can easily adapt a lot of the principles from my line of work, to a financial auditing role which is my ultimate role)

The other two I'll be looking into are again more specific to financial institutes like Sarbanes–Oxley and COBIT. Which I suggest you look into also.

Have you started to think about your thesis yet?! I have been thinking about mine but I am not too sure if it's too technical for my ultimate job roles! I've been on MSN too, I was sleeping last night though

*edit* This is over 3 years, also I'll be doing my MSc in Information Security too, so busy times ahead!

 

So this can be used by anyone, not just people in IT?

 

Yes : http://www.ogc.gov.uk/methods_prince_2.asp

 

Reading that makes me think thank god i dont have to manage projects

 

From what I understand financial auditing is a quite different kettle of fish, better to study accounting or finance.

These are related to regulatory compliance, incredibly dull and for the clipboard hugging pen pushers amongst us.

Good project management requires a lot more than just a PRINCE2 cert. It's not 'their', its 'they're', a contraction of 'they are'.

 

Sorry I meant I am in the IT industry for the finanicial sector