IT Security
Application security, Career development, Career in Information Security, Careers in networking, Certification and specializations, Certifications, CISSP, CISSP certification, Desktop security, IT careers, MCSA, MCSE, Microsoft Windows, Network security, Networking, Networking certifications, Platform Security, Security, Security certifications, Security management, Security Program Management, Securitychannel, Staffing, Windows Security
With all the talk about security certifications and working in IT security being hot right now and in the future, I was wondering if it would make more sense to try and get the Security + certification before trying to get another IT certification such as the MCSA (Microsoft Certified Systems Administrator)? I’ve heard that most certifications (other than security) don’t mean that much anymore to employers, and that skills now beat having certifications. Also, I noticed for many other security certifications such as the CISSP, the requirements to take the test are very strict, in that you need to have 5 years of experience working in security. How does one get that experience if they’ve never specifically worked in security? What if someone was more of an IT Generalist, or IT jack-of-all-trades where they worked? I think I want to head in the security direction, but how do I do it? For the past couple of years, I’ve worked for a small firm where I am the only one that does all the IT stuff, and security was really never an everyday issue. My job title probably ties more closely to an IT Administrator or Systems Administrator. I appreciate any help and feedback. Thanks very much.
Software/Hardware used:
Software/Hardware used:
ASKED:
June 16, 2008 2:47 PM
UPDATED:
June 18, 2008 9:11 AM
Answer Wiki:
I have both the Security+ & Certified Ethical Hacker certifications. I think it is valuable to have these types of non-vendor specific certs as well as the CISSP. These are kind of like moving from an associates degree to bachelor's and then to a master's degree. They can and do all build on each other and the maturity of knowledge increases as you move through the path. Being a generalist is not a bad thing but you do need to focus on some specialty that is of value to the organization for which you work. You are on the path that I was over 10 years ago. Just keep moving forward and you will do well!
To see all answers submitted to the Answer Wiki: View Answer History.
If You want to be Security guy first You have to know what You want to secure, OS or network or ….. Whatever You decide You should be first expert in that field before You start “securing”, eg if u want to be networt security expert get expertise from seting up, maintaining and documenting networks and various protocols and technologies related to networks, get certification from that area and then start “security story”. Why? If u want to know how your network or OS could be compromised u have to know it’s architecture, common and possible configurations, how it is often used and the best way for getting that knowledge is to become engineer and administrator of particular enviroment first. Cheers!