Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 294
  • Last Modified:

How to become a great security professional

I am currently getting prepared to be able to do a full time job on the security aspects of a network on either the government(most prefered) or a private company in the enxt 5 years.
How should I get prepared to be a good security professional and to land the jobs?

- Currently I am working for a company of hotels doing general IT and telephony duties. Currently administer by myself 4 hotels and 3 offices along with 2 other hotels freelancing. Used to do side jobs for over 12 years now (computer repair and network troubleshooting).
- Currently I am Comptia A+, Network+, Security+ and Server+ certified.
- Bachelors in Information Technology, network administration concentration 3.9 GPA.
- Taking my 70-270 next week and hopefully turning MCSE in the next 5 months.
- Speak spanish, english and learning japanese.
- Have novice experience on linux and unix.
- Novice experience programing in visual basic.
- Experience repairing and programing phone systems (PBX).
- Experience in electronics both for home and for circuit including soldering.

Here are my plans for the future:
- Finish my MCSA and MCSE.
- Get linux certified and hopefully do about 50% of my computer time on linux.
- Learn some C, dont know what other language could help me.

What should I add to my plans? Where should be be moving in the career ladder? Could someone with experience on the security area guide me on what should I do in the next 5 to 10 years?

4 Solutions
In most private areas certifications are next to useless, especially microsoft ones, a+, and basic cisco ones.  But when you work for the government (I used to) where they want to show rank in any way they can, they can be useful.

I'd really suggest going for some serious cisco classes in security.  Notice that I said classes, and not tests.  The tests are decent, but if you take a good cisco class at a local community college you'll have access to simulation networks using equipment and technologies that you won't even get to encounter in your average IT job, especially coming in with no experience.  Nothing beats experience, and those cisco classes are a great way to get it with out actually having a job in that field yet.
You may also look at the CISSP and GSEC other security related certifications.


You can find the CISSP in a lo of places.

arrkerr1624 is right, Cisco experience, and qualifications are going to be vital for your plans.
As far as Linux is concerned, you will also need Perl script, easy enough to pick up on the job, but will help getting a job in the first place.
Also some detailed knowledge of main Web applications vital, IIS Apache, Exchange, Groupware, etc, if you don't understand how they work, you can't protect them.
Finally keeping abreast of current malware, and solutions will help, Virus, Spyware, try and find a couple of good malware forums, and check regularly.
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

My advice: plan to go into security consultancy first. It's the fastest way to get loads of experience on diferent projects.
And to get into security consultancy your certifications will certainly determine how easy it is to get there.

First your MCSE: change your plan slightly and make sure you follow the MCSE:Security track, not the plain one. One of the additional requirements is that you have a Security+, which you already have.
For Linux : LPI's LPIC-3 has some security in it, and it's also a lot more.
Also indeed some CISCO may be needed.

In the longer term I recommend adding a vendor independent and broad security certification. And go for the industry gold standard immediatly: CISSP. (ISC)2 ( https://www.isc2.org ) very closely guards the value if this cert. They recently changed the requirements for entry to having at least 5 years full time experience in infosec in at least 2 of the 10 domains. And another CISSP has to vow for you. You also have to show your continued professional education each 3 years, or retake the exam.
If you don't have the needed experience you can still take the exam and become an associate. You can not wear the CISSP title until you fully qualify, but it will show your dedication to get into a (junior) infosec position.

Still later on, if you are interested in a security management position then go for a CISM.
Or if you want to move into auditing: a CISA.
Or if you want to stay in the more technical zone and are interested in ethical hacking: CEH.

Consider starting as a junior to build experience. As someone already mentioned: experience is key.
One warning: don't forget to follow your heart: there are so many opportunities and further specialisations within infosec that it's easy to get on a sidetrack. Just do what you like to do.

Also, get into the action after hours and start networking: become member of e.g. ISSA.  http://www.issa.org/ They have chapters all over the world and their magazine alone is worth the price of the membership fee.

Success with your further carreer!

supercoquiAuthor Commented:
Thanks everyone for your input! I am trying to land an infosec job, but for the time been until I and one I want to keep on preparing.
Thx, and have a great security future!


Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now