What Qualifications To Go For? (2nd line support wanting to go into security)

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all - looking for a little advice.

I've been working for an investment bank as a hardware support engineer with some exposure to desktop support for 6 months. I cover 1st and some 2nd line support.

I'm 26. Got about over 2 years IT experience covering desktop support and a bit of manager-facing application support. I've got a BSc Hons in Computing and a few Bloomberg entry qualifications, but nothing else.

I want to get into Information Security / Info Risk - not just the techy side, but also in relation to compliance and business processes.

I've got an appraisal coming up in January and my manager has said I can have some professional training in 2007.

What would be the best approach for me to take?

I was thinking of a Network+ and Security+ (missing out the A+) and then think about a MCSE Security some time in the future.

Would that be the best direction to head or or should I jump straight into some MCPs?

Thanks

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Net+ and Sec+ are good to get at your level. Keep building experience, gaining responsibility, and passing certification exams (such as those MCP exams, moving towards MCSE:Security). You'll get there.

Best of luck!

 

Keep in mind that Microsoft isn't the entire universe when it comes to security certification paths. I found a link to a list of security certifications that might open up some options for you.

 

Cheers for the replies

 

Self Study A+, Net+, and Security+. Professional training in Cisco CCNA/CCDA would be beneficial if you want to get into perimeter security or the Microsoft track if you want to get into application security.

 

Don't skip the A+, fundamental knowledge will be usefull regardless of which direction you decide to take in your career. I agree with the comptia certs though, they should give you a good solid grounding.

 

As someone who works in the Security field - gawd knows how I managed to get into it!

It might not help you much, but the best advice I can give you is that you have to absolutely LOVE IT Security to specialise in it. I have been in IT for years now and, after an abortive attempt at going down the DBA route (I thought I would love it, but was bored to tears after 18 months) I decided I was going to push myself to get into Security. Its always been the area of IT that most interested me anyway, and I figured, what the hell, I'll never be out of work as a Sys Admin/Network Admin, and will always have the DBA thang to fall back on, so I decided to pimp myself around some of the better recruiters as a security specialist.

I've been the Network Security Officer for a police force for nearly a year now, and haven't looked back. When I first got the role, I didn't have a security-focused cert on my resume - I'm MCSE & MCBDA certified and (used to be) CCNA as well, but haven't got Security+ and my MCSE isn't the Sec track.

I've since got certified on Juniper Netscreen Firewalls because they're the ones I use in my job (or will be when i finally manage to (ahem) 'retire' the Borderwares that we currently still have in place) and am working towards the CEH, but I don't think that getting a security cert is necessarily a prerequisite for getting into the field.

Personally, I'd start with the Network+ to get yourself a good grounding in networking theory, then either take the Security+ to give you an understanding of exactly whats involved (it will be a basic understanding, but at least you'll get an overview of the skills necessary to succeed in the industry). The A+ won't provide you with any insight into the security aspects of IT, but is a good place to start out on the certification path. Then consider moving onto MCPs - I believe if you DO decide to take the Security+ this may count towards an MCSE (although I could be wrong, because I've never taken it!)

My main advice would be - don't expect to get into a security role overnight. When I asked my line manager why they chose me over the other candidates when i interviewed, he said it was partly the fact that I had a very broad range of skills on my CV, but also the fact that I gave some very in-depth answers to the technical questions they asked me. This came mainly from loving the subject - not from a piece of paper saying I knew what i was talking about - so it would seem that I got my job through enthusiasm more than anything!

Its like everything else - if you live it and breathe it, that shows through!

As for Compliance - well, as far as I can see you don't need much technical skill at all to do that. Most of the compliance people I've worked with have been absolutely frickin useless technically - they spend all their day either writing policies or running auditing software that a five year old could use. That said, to get HEAVILY involved in compliance requires some very serious certs like the CISSP and Masters degrees - you're really trying to run before you can walk if you want to go down that route though. Perhaps you could look into getting your current employer to get you ITIL certified? I did the foundation last year and am doing the practioner in a couple of months. It is DEADLY, DEADLY dull, but seems to be all the rage amongst IT director-type PHBs these days, so would look good on your CV.

 

Welcome to CF mate

 

Like zebulebu I tried the DB but was bored to tears. I too was interested in security (actually I came from a non IT background, I only got into IT about 7 years ago).

Anyway, I always knew security would be a big field and a growing one at that. I started with A+ (accidentally actually - how I got into IT was basically by accident and being a t the right or wrong place at the right or the wrong time - depending on how you look at it and I have looked at it both ways lol).

Anyway I then went for the net+ and some other IT qualification. I did a couple of MCPs and CCNA (which I enjoyed). I started workig for myself until I was employed at the Department of Agriculture.

In the meantime I had started the Security+ but took a long time as I was not exposed to the practical sides of it the way you really should be. But since working at the Civil Service in the server infrastructure team, I used my expwerience to learn and persue sec+.

After that I went for the other MCPs that would give me MCSA s security including ISA 2004 (which we use).

I will start CEH next week (paid for by the civil service) and look forward to completing CISSP in a couple of years.

As zebulebu said, you really have to want it and it is a very very vast field, some of which are more boring than DB.