Network Security Certification

Posted on 2004-09-16
Medium Priority
Last Modified: 2013-11-16
My career is going nowhere. I've worked in Desktop Support for 6 years.  I make a low salary with no opportunities for advancement. I'd like some feedback about getting a Network Security Certification.  Here are my questions:
Is this a good field to get into?  
What level of pay can I expect?
Which is the best certification to do?
Will  the Cisco Cert. Security professional help me get a good job that pays well?
Question by:romansoldier

Expert Comment

ID: 12085247
I can only answer this from personal experience so it's not a definitive answer.

 1. Yes it is, the way I see it not only is it a facinating aspect of it but even as technology change, there will always be a need for security practitioners.

 2. Depends, being a DTS person I have to assume that you higher level experience is limited, it would help to get a broader field of experience in networking, infrastructures etc rather that just desktop, easier said than done I know, I personally would advide going to a 3rd line support level first to get a better overall knowledge which you will need, you wont need to become an expert in everything (nobody is an expert, anyone that says different is wrong! they just know more and have had more experience). There's nothing to stop you hitting the books or the web either, there's a world of info out there.

 3. Like everything pay depends on experience and capabilities and usualy cames as part of a track record. From what I have seen (and I guess this depends on where your from) a professional security persona earns about the same or more as a thrid line manager, but less that someone like a CCIE.

4. The qualifications get you through the door, they do, like any qual, show a certain level of knowledge but don't always prove understanding or experience. However it's better to have them than not of course...anything that gets you the interview. The trouble is, with a lack of experience security exams are not straight forward, you may be able to get it from a book and learn "parrot fashion" but you'll trip up on your fuirst job when you don't know what you are talking about.

I realise my comments are not uplifting but I think they are realisitc. If you enjoy IT half of the fun is the learning and exploration of new things.

I don't think you can do it overnight but then again it shouldn;t take forever, move up the scale to third line for a couple of years and then you'll be more prepared.

However, like anything this is just my opinion, I will be curious to see the comments of those who disagree :)

Best Wishes and good luck......it is worth the pursuit


Expert Comment

ID: 12085877
This has happened to me.

What i have done is as follows.
I took my own personal time out to read books. I kept my DTS jobs running in the back ground (wishing every day i could leave and do something interesting and worthwhile) and i read books about CCNA networking (its going to be hard to become a network security specialist if you dont know the difference between layer 3 routing and layer 2 switching. Programming, learning new os's. etc etc.
While going at work i looked at other things. Then one day i was offered the chance to do both DTS and programming/implementations.
I took it. I am now on the way to becoming CCNA certified, MCSE, .NET compliant and lots more.

My advice is, learn in your own time, there are not many jobs out there that will train you up from scratch, but there are chances to learn on base knowledge you already have. I could already do programming and had a basic networking background before i embarked on the CCNA and later on a networking job. While at the job i have the chance to expand my programming (diverging into .NET) and also doing system builds, and also being given some after hours work to earn some extra money.

But waffle aside, learn in your own time (read CCNA then do Cisco security, cos if you cant configure a router you sure as hell aint going to secure one down to a multitude of possible attacks) maybe ask your boss if there is a chance to get some extra qualifications during quiet periods. learn programming so you can code your own overflows, pen test suites that sort of thing. There are not many good security testers out there who cant code. Those that cant code and call themselves security experts are just fooling themselves. Gain MCSE in NT and start to use Linux. All this will help to get you out of a boring rut known as DTS (damn tedious sh1t (can we say that here??)) I should know, it is exactly what i did.
THe field of security is good, but almot every man and his dog are doing it now. The world is starting to get flooded with "security experts". Check Bugtraq and all the people who post to that. Only the best will get the good money. Those, most probably like myself, will stay getting better but never shining out above the rest. Id expect you to be able to get at least 25K in uk for security work, possibly more the bigger the array of things you can audit. In the us id guess at least 35K but it does depend who you are working for and what they need securing.

But learn your CCNA, Some programming, Windows Certs and go for the Cisco Security modules. Good luck!

I know you can do it. Just give it time and determination. Afterall, you have nothing to lose, just everything to gain!

Expert Comment

ID: 12147076
Check out Comptia Security+ to get your foot in the door.
The best way to find out is to dabble in it and see if you like it.

Accepted Solution

megalodonsec earned 500 total points
ID: 12254520
While not very popular, my perspective is quite different regarding certifications. I have achieved many of them and most are worthless.
Here is a list of the ones I have achieved over the past 9 years:
A+, MCSE(x2), MCT, CCNP, CCDP, CCSP, ISSP, CISSP, and the written CCIE Security.
Only twice have any of them had an effect on getting a better job which were the CCIE written and CISSP, both of which require a great deal of dedication. The CISSP requires 4 years of Security experience and the CCIE can be a nightmare to achieve.
Having recently been looking in the job market it has become clear that the most sought after credentials you can have if you want to be in Security are a degree and of course experience.
In my opinion you should look at what you really want to be doing 5 and even 10 years from now and focus strictly on that vs. chasing a bunch of worthless certs which you'll never use anyway. Make your next job choice move you closer to that goal.
The CCSP would be great if you want to be a "Cisco Security Professional" but only because of the knowledge you would gain, don't expect it to land you in a Network engineers seat.
The last point I want to make is to clarify the current Security market, I am now making $20k less than I was two years ago and it's only getting worse. The only real money left in security is management, coding, or compliance auditing (consulting).
I don't want to discourage anyone from studying or getting certified but just be aware of what it's really worth. Any arguments are welcome and appreciated :)

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Data security in the cloud is very much like a security in an on-premises data center - only without costs for maintaining facilities and computer hardware.
An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question