|
Home > Archive > Certifications and IT jobs/Salaries > October 2001 > IT Security cert area advice needed
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IT Security cert area advice needed
|
|
| BootData 2001-10-24, 6:42 am |
| hi...
one of my friends has been aasking me on how to switch job to IT security area.
obviously I'm no wiser than he is regarding to this matter. Can anyone advice?
what kind of skills, experience, certifications, etc required?
thanks a lot...
any comments'll be greatly appreciated  | |
|
| Unless you are working witht the secruity area, otherwise it is very difficult. Security required you to know the system very well. There are few cert out there, but they all required you to be on the field. They need proof from your job.
Certification is to increase your knowledge. It will not get you into the area.
Checkpoint will be exception! | |
| Gareth Leung 2001-10-24, 7:01 am |
| Certified Informaiton Systems Security Professional - CISSP | |
| THELAIR 2001-10-24, 10:08 pm |
| computer security requires advanced knowledge of all major areas of computers nad IT...
you cant do a proper network vulnerabilty scan with out having a fairly indepth understanding of how computer networks nad the OSI works.
you cant write policies and procedures with out understanding how a business and its users works and flows.
you cant provide a secure software solutions with out knowing how to write clean code.
You cant implement a multi firewall install in a multi os/multi hardware facility with out understanding Microsoft and Unix/Linux environment, and other proprietary hardware systems.
can't provide effective forensics capablities if you dont understand how hard drives work, where a user can hide data, and experiecen with various forms of media storage, from DAT tapes to CD's to floppies etc.
So you can see, that security really needs a broad area of expertise in order to be considered a true comp sec expert.
Sure, you can get your Checkpoint Firewall-1 cert, but your really pigeon holing your abilities if thats all you can do.
CISSP for the overall stuff
CISA for auditing (goes really well if your a CPA/CA (chartered public accountants))
SANS - they have various levels. | |
| ccieToBe 2001-10-25, 9:55 am |
| quote:
Originally posted by THELAIR
computer security requires advanced knowledge of all major areas of computers nad IT...
you cant do a proper network vulnerabilty scan with out having a fairly indepth understanding of how computer networks nad the OSI works.
you cant write policies and procedures with out understanding how a business and its users works and flows.
you cant provide a secure software solutions with out knowing how to write clean code.
You cant implement a multi firewall install in a multi os/multi hardware facility with out understanding Microsoft and Unix/Linux environment, and other proprietary hardware systems.
can't provide effective forensics capablities if you dont understand how hard drives work, where a user can hide data, and experiecen with various forms of media storage, from DAT tapes to CD's to floppies etc.
So you can see, that security really needs a broad area of expertise in order to be considered a true comp sec expert.
Sure, you can get your Checkpoint Firewall-1 cert, but your really pigeon holing your abilities if thats all you can do.
CISSP for the overall stuff
CISA for auditing (goes really well if your a CPA/CA (chartered public accountants))
SANS - they have various levels.
Great post THELAIR, I have some questions for you. I'm really interested in all the security areas you mentioned except programming. How proficient in programming do you think one needs to be in order to get far in the security field? What languages do you recommend learning and to what extent? Right now I primarily use shell scripting and a little Perl. | |
|
| Security is hot, but not for everybody.
Who really do understand the idea and the power behind it. Those people who have been on the field for long time or specialized in the security will be the one that get the good sit this time.
 | |
| BootData 2001-10-26, 1:19 am |
| actually this makes me to wonder:
if the security industry only needs experienced people in this area, then how about the NEWER guys trying to get into this field? | |
| THELAIR 2001-10-26, 4:43 pm |
| CCIEtoBe
In regards to programming, the 'real' hackers are the ones who wrote the scripts that hte script kiddies use. It helps if you can whip up a quick simple application to do somthing that you need to have done quickly that doesnt exist elsewhere.
Also, alot of the IDS log programs have their own lil language, for example SNORT. So being able to understnad how to do basic programming helps.
I am terrible when it comes to programming, but i know enough that i can see pointers, function calls, variables and get a general sense of how a program works if i look at hte source code, I also know how to execute it. :P
For security, if your tasked with the job of providing indepth code auditing to seek out errors, stack/buffer overflows, vulnerabilities etc, then you have to be a programming god, but secure software development is a whole sub set of security that one can specialize in. But in general it helps if you can understand it a lil bit.
And I agree, Security is not for everybody. Some may fidn it boring or not quite what htey expected. Alot of documentation and paperwork comes with the job, even more so if your tasked with developing policies and procedures.
For those that are 'jr' or entry level (i include myself in that area) you have to have some decent backup experience. I have 6 years of overall IT exposure. With the last 3 being heavily concentrated on microsoft solutions and networks. So when im told to develop an encompasing policy guideline for users of a 1,000+ employee company I know what sorta things need to be done and looked at when it comes to the windows world.
So to break into security, id say try and find an area that you want to specialize in and go for it, but realize that the more general knowledge of comptuers you have really pays off int eh security field.
Get a base foundation in somthing, MCSE, CCNA/CCNP, Citrix, linux/solaris, unix... and then expand on that...
go for the CISSP, go for the Cisco Managing cisco security or their Cisco security specialist track... look up the different SANS certs you can get, they have many specilizations...
Do that, and you should be able to have somthing to offer to a company
hope that helps.
BTW, im studying for the CISA right now (systems auditing exam) and hten probably one or 2 of the SANS certs. Probably the windows one and incident handler one. | |
| ccieToBe 2001-10-26, 5:14 pm |
| quote:
Originally posted by THELAIR
CCIEtoBe
In regards to programming, the 'real' hackers are the ones who wrote the scripts that hte script kiddies use. It helps if you can whip up a quick simple application to do somthing that you need to have done quickly that doesnt exist elsewhere.
Also, alot of the IDS log programs have their own lil language, for example SNORT. So being able to understnad how to do basic programming helps.
I am terrible when it comes to programming, but i know enough that i can see pointers, function calls, variables and get a general sense of how a program works if i look at hte source code, I also know how to execute it. :P
For security, if your tasked with the job of providing indepth code auditing to seek out errors, stack/buffer overflows, vulnerabilities etc, then you have to be a programming god, but secure software development is a whole sub set of security that one can specialize in. But in general it helps if you can understand it a lil bit.
And I agree, Security is not for everybody. Some may fidn it boring or not quite what htey expected. Alot of documentation and paperwork comes with the job, even more so if your tasked with developing policies and procedures.
For those that are 'jr' or entry level (i include myself in that area) you have to have some decent backup experience. I have 6 years of overall IT exposure. With the last 3 being heavily concentrated on microsoft solutions and networks. So when im told to develop an encompasing policy guideline for users of a 1,000+ employee company I know what sorta things need to be done and looked at when it comes to the windows world.
So to break into security, id say try and find an area that you want to specialize in and go for it, but realize that the more general knowledge of comptuers you have really pays off int eh security field.
Get a base foundation in somthing, MCSE, CCNA/CCNP, Citrix, linux/solaris, unix... and then expand on that...
go for the CISSP, go for the Cisco Managing cisco security or their Cisco security specialist track... look up the different SANS certs you can get, they have many specilizations...
Do that, and you should be able to have somthing to offer to a company
hope that helps.
BTW, im studying for the CISA right now (systems auditing exam) and hten probably one or 2 of the SANS certs. Probably the windows one and incident handler one.
Thanks for the info. |
|
|
|
|