Dear Certmag: Experience Key in Starting Security Career
I’m 40 years old and would like to pursue a network security career. Currently I’m attending an A+ certification class, a 6-month course, completely entry level, and doing Net+ next. Everyone says Cisco is the way to go. I can’t afford to make any mistakes at this point: I am changing careers as I have spent the last 10 years as a supervisor for a national tree-trimming company. Any help or advice would be great for this rookie.
It’s great that you have a goal in mind already, but please realize that most companies will require you to have previous IT experience in network administration before they will employ you in the security field of IT. I don’t want to dishearten you; I just want you to be aware.
First, take a look at the U.S. Department of Defense Directive 8570.1 (DOD 8570.1). It’s aimed mainly for government employees who conduct information assurance (e.g., IT security) functions, but it does provide good guidelines for security certifications in other sectors.
With that in mind, I would strongly advise you take a look at the CompTIA Security+. It is a vendor-neutral, entry-level security certificate and provides a good basis on which to build. I also would have advised ISC2’s Systems Security Certified Practitioner (SSCP), but for that you need at least a year of experience, so the Associate of (ISC)² is a better choice.
Going for the Cisco Certified Network Associate (CCNA), in particular the security specialization, could be dicey at this time. That’s because the CCNA is vendor-specific and expires after three years, and there is no guarantee that you’ll be working with Cisco in three years, especially when starting out. Therefore, I’d recommend going for the Cisco Certified Entry Networking Technician (CCENT) to give you a good overview and a base for further Cisco certifications.
I also recommend you consider these two entry-level security certifications: Security Certified Network Specialist (SCNS), which requires that you have either the Security+ certification or equivalent work experience, and the EC-Council E-Business Security Exam, which covers information security from an organization’s point of view.
This is a difficult time. Months of layoffs at some tech-savvy companies have created a glut of newly available, skilled IT professionals who will be competing with you for each open position.
Network security in particular requires the expert-level grasp of basic technology skills upon which to build more specific knowledge. Further, companies want to be comfortable with your technical prowess in being able to grasp the challenges and threats facing their particular enterprise.
Focus on building your certification portfolio and your experience in a nonspecific administration context first. You will need to be intimately familiar with the physical and logical networking of a company, as well as Windows and Linux operating systems, as these are the operating environments of most large firms.
Finish your CompTIA certification and then pursue the Security+ credential. The Security+ is a cross-vendor, entry-level certification.
Also, plan on spending some time learning the compliance aspects of the security management space. Many of the security positions in the industry are with organizations that have a compliance requirement pursuant to such regulations as outlined by the Sarbanes-Oxley Act (SOX), the Payment Card Industry (PCI) and the DOD. Recognizing how those compliance requirements work will give you a head start toward building the skills, certifications and experience you will need for your longer-term security career.