How to become a great security professional

Posted on 2007-10-03
Last Modified: 2013-11-29
I am currently getting prepared to be able to do a full time job on the security aspects of a network on either the government(most prefered) or a private company in the enxt 5 years.
How should I get prepared to be a good security professional and to land the jobs?

- Currently I am working for a company of hotels doing general IT and telephony duties. Currently administer by myself 4 hotels and 3 offices along with 2 other hotels freelancing. Used to do side jobs for over 12 years now (computer repair and network troubleshooting).
- Currently I am Comptia A+, Network+, Security+ and Server+ certified.
- Bachelors in Information Technology, network administration concentration 3.9 GPA.
- Taking my 70-270 next week and hopefully turning MCSE in the next 5 months.
- Speak spanish, english and learning japanese.
- Have novice experience on linux and unix.
- Novice experience programing in visual basic.
- Experience repairing and programing phone systems (PBX).
- Experience in electronics both for home and for circuit including soldering.

Here are my plans for the future:
- Finish my MCSA and MCSE.
- Get linux certified and hopefully do about 50% of my computer time on linux.
- Learn some C, dont know what other language could help me.

What should I add to my plans? Where should be be moving in the career ladder? Could someone with experience on the security area guide me on what should I do in the next 5 to 10 years?

Question by:supercoqui
    LVL 14

    Assisted Solution

    In most private areas certifications are next to useless, especially microsoft ones, a+, and basic cisco ones.  But when you work for the government (I used to) where they want to show rank in any way they can, they can be useful.

    I'd really suggest going for some serious cisco classes in security.  Notice that I said classes, and not tests.  The tests are decent, but if you take a good cisco class at a local community college you'll have access to simulation networks using equipment and technologies that you won't even get to encounter in your average IT job, especially coming in with no experience.  Nothing beats experience, and those cisco classes are a great way to get it with out actually having a job in that field yet.
    LVL 9

    Assisted Solution

    You may also look at the CISSP and GSEC other security related certifications.

    You can find the CISSP in a lo of places.

    LVL 9

    Assisted Solution

    arrkerr1624 is right, Cisco experience, and qualifications are going to be vital for your plans.
    As far as Linux is concerned, you will also need Perl script, easy enough to pick up on the job, but will help getting a job in the first place.
    Also some detailed knowledge of main Web applications vital, IIS Apache, Exchange, Groupware, etc, if you don't understand how they work, you can't protect them.
    Finally keeping abreast of current malware, and solutions will help, Virus, Spyware, try and find a couple of good malware forums, and check regularly.
    LVL 18

    Accepted Solution

    My advice: plan to go into security consultancy first. It's the fastest way to get loads of experience on diferent projects.
    And to get into security consultancy your certifications will certainly determine how easy it is to get there.

    First your MCSE: change your plan slightly and make sure you follow the MCSE:Security track, not the plain one. One of the additional requirements is that you have a Security+, which you already have.
    For Linux : LPI's LPIC-3 has some security in it, and it's also a lot more.
    Also indeed some CISCO may be needed.

    In the longer term I recommend adding a vendor independent and broad security certification. And go for the industry gold standard immediatly: CISSP. (ISC)2 ( ) very closely guards the value if this cert. They recently changed the requirements for entry to having at least 5 years full time experience in infosec in at least 2 of the 10 domains. And another CISSP has to vow for you. You also have to show your continued professional education each 3 years, or retake the exam.
    If you don't have the needed experience you can still take the exam and become an associate. You can not wear the CISSP title until you fully qualify, but it will show your dedication to get into a (junior) infosec position.

    Still later on, if you are interested in a security management position then go for a CISM.
    Or if you want to move into auditing: a CISA.
    Or if you want to stay in the more technical zone and are interested in ethical hacking: CEH.

    Consider starting as a junior to build experience. As someone already mentioned: experience is key.
    One warning: don't forget to follow your heart: there are so many opportunities and further specialisations within infosec that it's easy to get on a sidetrack. Just do what you like to do.

    Also, get into the action after hours and start networking: become member of e.g. ISSA. They have chapters all over the world and their magazine alone is worth the price of the membership fee.

    Success with your further carreer!


    Author Comment

    Thanks everyone for your input! I am trying to land an infosec job, but for the time been until I and one I want to keep on preparing.
    LVL 18

    Expert Comment

    Thx, and have a great security future!


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    Title # Comments Views Activity
    CCTV Security Cameras 4 60
    WinxDVD Platinum 12 43
    Cylinder Head Right or Left 11 39
    OWASP ZAP get started. Step 2. 2 31
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    The Bounty Board allows you to request an article or video on any technical topic, or fulfill a bounty request to earn points. Watch this video to learn how to use the Bounty Board to get the content you want, earn points, and browse submitted bount…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now