Suggestions needed on continuing my Information Security Career
Hello...........I'm an IT professional with 5 yrs of experience in Software Quality Assurance and Information Security.............when I say InfoSec, I mean I have experience getting my organization ISO27001:2005 certified.................mostly my job was concentrated on the Process Compliance part of it................and also the entire cycle of ISMS implmentation..................as my long dreaded dream I want to continue my career in only Information Security but I dont have a specific idea as where to start from how to start from................I'm interested in safeguarding networks, database security, cryptography and encryption...................It would be highly appreciable if someone can guide me on this with respect to the courses or training to be taken so that I can be part of a real team tackling the Information Security issues..................Thanking you in anticipation...................
Software/Hardware used:
Software/Hardware used:
ASKED:
April 28, 2008 5:30 AM
UPDATED:
April 30, 2008 1:53 AM
Answer Wiki:
Wow... well if you were really involved in the ISO27001:2005 certification for your organization, you should have a broad understanding of infosec. Were there any particular areas of ISO27001 that caught your interest? There are certifications like <a href="http://certification.comptia.org/security/default.aspx">CompTia's Security+</a>, or CISSP or CISM from <a href="https://www.isc2.org/cgi-bin/index.cgi">ISC2</a>. Another option to understand the technology and thought process from the hacker's viewpoint is the <a href="http://www.eccouncil.org/">Certified Ethical Hacker</a> coursework. The <a href="http://www.sans.org/">SANS</a> group is another great source of infosec education. The more you understand about networks the better off you will be. Cisco security education would also be useful.
Good luck in your career!
To see all answers submitted to the Answer Wiki: View Answer History.
I agree with Labnuke99. The understanding of networks and the technical underpinnings of security will help you more than anything. I certainly understand where you’re coming from. There are so many paths to go down. People ask me this question all the time. Check out the articles I’ve written on information security careers here:
http://www.principlelogic.com/careers.html
Also, I’d be remiss if I didn’t tell you about an audio program I developed on this very topic called Getting Started in Security.
I hope these help get you pointed in the right direction.
Hi Mexicanblu,
It might all depend if you prefer mostly the “tech” or the “policy” side of the InfoSec coin (although ideally you should have a good understanding of both sides), and also the career development path that you might be able to choose at your current job (as jumping to a new job with new, unproven skills might be a bit hard): are you able to keep working in InfoSec where you’re currently employed?
The certifications mentioned are all quite good, maybe CISSP could give a good theoretical baseline of “all” the security domains, then as you (or your employer for you, maybe?) choose where to specialize in, more “hands-on” certifications can be added.
Good tech training can also be obtained from SANS ( http://www.sans.org/ ), among other sources.
The best for you!
Diego.