Cyber Security Certification best to branch into the Technology Security World

Victor Diaz
Victor Diaz used Ask the Experts™
on
Greetings! I have well over 15 years in the I.T. world specifically in working with Servers & Workstations, I am considering branching out to another field in the I.T. world specifically in the Cyber Security. I have minimal I.T. Security related experience and knowledge.
Q4U: What Cyber Security Certification would be ideal for a novice like me?
There are so many and I would like to focus on the one that will open the doors to that side of the I.T. world.
Thank you in advance!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Devin BeckerIdentity Management and Security
Distinguished Expert 2018
Commented:
Victor,

According to the CompTIA career certification roadmap here: https://certification.comptia.org/why-certify/roadmap Under the Information Security section. I'd probably start with the CompTIA security Triage, which is:
  • Security+ - General Security Certification for networks, applications, data, access and identity management, and cryptography
  • CySa+ - Focuses on threat detection tools utilized for protecting applications and systems
  • PenTest+ - Focuses on penetration testing and vulnerability assessment

These three should give you a good enough base to be able to get out and start getting in field experience, and since you have 15 years of experience, these are intermediate since you already have the main fundamentals of IT from working with Servers and Workstations for 15+ years. From these you can also move into certifications like: Certified Ethical Hacker, etc.

Also worth noting, that if you aren't familiar with networking(which plays a big part in cyber security, to either do CompTIA Network+, or something like the CCENT/CCNA from Cisco.

Hopefully this helps you out.

Devin Becker
DevOps Associate @ EE
David FavorFractional CTO
Distinguished Expert 2018
Commented:
Generally clients concerned with certifications tend to pay the lowest.

Rather than investing time + money getting certifications, invest your time into learning security, then give talks to local groups about your experiences.

You'll have way fewer clients/headaches + far more money (and free time).

Tip: If you focus on client side security, you'll tend toward in person work at physical locations. This is the lowest income potential.

Tip: If you focus on server side security, likely all your work will be from the comfort of your home. This is the highest income potential.
A bit tangential to your path, however if you have not done it already, I would suggest looking at ITIL fundamentals certification. It easy to do, and a lot of corporates seem to value it highly.

The next one would probably be CCNA - Security. Much harder.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Exec Consultant
Distinguished Expert 2018
Commented:
Cyber Security is itself a big topic; you can start from anywhere and once you have your foot in the door, explore and navigate the domain.  

There are various subdomains which you can choose to master– pen-testing, malware analysis, security auditing, Security operations center, Incident handling, reverse engineering, etc.

You are not expected to master all of it but some knowledge of the domains will always be helpful to connect the dots afterward.

Below are just some consideration to focus to beef up a strong footing into this field.

Basic skills required - No matter what your experience and the choice of a subdomain, the knowledge of networks is something you cannot do without in cybersecurity. You may refer to the CCNA routing and switching study material for getting the basics clear. Once you are done with networks, go for network security concepts– algorithms, security configurations of devices, encryption, etc.

Basic computer knowledge - This knowledge can help the users with memory forensics, system hardening, access management, penetration testing, etc. I believe your vast experience in this field is going to give a good headstart.

At least one computer language - One thing missing in the cybersecurity domain is enough number of professionals with knowledge of coding. If you dig deep enough, you will observe that almost everything drills down to code. Consider going for only two languages – Python and C.

Security device deployment and Network security - If you have interest in firewalls, proxies, and other security devices and how they are fitted in the network, this is your piece. If you get a chance to work with the deployment team, go for it.

Pentesting - If you have the attitude to break into networks and applications, you should hunt for pentesting projects. You can set up a lab in your personal laptop using VirtualBox for practicing pentesting. You can find vulnerable machines online to download, learn and test your skills on.

Lastly, below are a few certifications to consider. Start with CEH if you are really a newbie to security or want to enter the domain.
CEH: Certified Ethical Hacker.
CISM: Certified Information Security Manager.
CompTIA Security+
CISSP: Certified Information Systems Security Professional.
GSEC: SANS GIAC Security Essentials.

Being very choosy in the first place will not pay off very well later. Try to gain enough experience– even it is operations.

There is another thing to consider is most certification requires to neet continuing professional education (CPE) requirements. So getting into area of your passion and strength will help to sustain.

Cybersecurity is a fast pace domain and threat trend change fast while the defender is catching up. You have to get use to it as new technologies requires security folks to stay ahead to secure them too otherwise it is opening up holes unintentionally.
Commented:
Cybersecurity refers to the protection of personal or organizational information or information resources from unauthorized access, attacks, theft, or data damage. As a cybersecurity professional, your responsibility is to identify risks and protect your systems from them.

https://www.sans.org cybersecurity training organization. SANS provides security resources such as the Reading Room (white papers) and the Internet Storm Center (threat/vulnerability alerts).
https://iase.disa.mil/iawip/pages/iabaseline.aspx DoD Approved 8570 Baseline Certifications

There are many certifications available to cybersecurity professionals today.
Certified Ethical Hacker (CEH)
GIAC Certified Incident Handler (GCIH)
Offensive Security Certified Professional (OSCP)
Certified Information Systems Security Professional (CISSP)
Cybersecurity Analyst (CySA+)
Certified information Security Manager (CISM)
Certified Information Security Practitioner (CSX-P)

Read:
Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It
Data and Goliath: The Hidden Battle to Collect Your Data and Control Your World
Victor DiazSr. Systems\Network Administrator

Author

Commented:
Where do I start to thank all that participated in answering my question? ALL of you assisted me in gaining some guidance of where to begin on this new IT endeavor. Understood that this Cyber Security field is broad to say the least and that heavy education paths are required to get into it, the same goes with the ever changing trends in it which also requires continual studying. Like the medical careers new illnesses, new treatments, & new medicines require continual training and education. Again, thank you all. May you continue providing leadership and guidance in all that you do!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial