Ask the Expert: Entry Level Certs
Although I’m currently working as a network administrator (with 8 years experience and an MCSE and CCNA) I’m planning to get into the information security field and want to work up from an entry level certification to an intermediate credential in the next two years. My current job has involved some security work for the past 3-4 years (working with Cisco PIX Firewalls, spam filtering, and patching and configuring MS stuff to stay as secure as possible).
For the entry-level certs, I’m looking for advice as to which of these I should pick: SANS GSEC, Security+, SCP SCNP or ISC2 SSCP. On the intermediate side, I figure if I go after SANS GSEC, I’ll get one or more additional SANS certs; otherwise, I’m inclined to go after the CISSP (and in that case, would you recommend I start with the SSCP?).
Paul K., San Antonio, TX
Reading your letter, I can tell you’ve already done some homework in this area. You certainly have picked an interesting subject to pursue, and your various candidate credentials show some thought and research behind your ideas. In fact, I think you’ve answered some of your questions for yourself without perhaps realizing it.
My advice is that you go one of two ways. First, there’s the SANS route (GSEC on to intermediate stuff, probably including at least firewall analyst or GCFW and Windows administrator or GCWN; ultimately you could even go on for the GSE if you wanted to). Second, you could start out with CompTIA Security+ and then go after CISSP. As yet, the SCP program doesn’t appear to have hit critical mass, and the SSCP enjoys nowhere near the same name recognition or cachet that its senior partner, the CISSP, possesses (anecdotal evidence from all 5 of my friends who’ve sat for the CISSP is that the ratio of CISSP to SSCP candidates is 20-to-1 or higher).
Given your background and your inclinations, you should do well in this field. Also, because you obviously work around Cisco systems and equipment, don’t forget to factor the CCSP and security specializations from that company into your future cert planning.