IT Employment

General discussion


Entering the Information Security Field

I am a recent graduate with a B.S. in Management Information Security (Systems sorry I have Security on my mind lol). I have always been interested in Information Security, but I understand that I need to get more experience under my belt to reach my goal.

I just had a few questions. Which would be the best route to get into Information Security? Right now I have been offered three options for certification courses:

Package One: A+, Network+, MCP Windows XP Professional, Security+, and CCNA
Package Two: A+, Network+, Security+

Which would be the best value to attempt to get an entry level job in Information Security? I know certifications do not guarantee a job, but it will help in my experience.

My second question would be related to the second. Should I just skip both packages and aim for MCSA (or MCSE?) I see that they both include the Security+ information.

Also if you want to input any more comments about getting into IS for future references would be excellent. Thank you.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

So what specifically do you want to do?

by Tig2 In reply to Entering the Information ...

I am in Data Security. My primary focus is from the governance and compliance view.

If you are primarily interested in network security, you want to look at Security+ and possibly the Cisco security cert.

You don't meed the A+. I have one but only because I used to do warranty support for IBM and Compaq/HP.

If you want to work on the compliance/governance side, you want to be looking at CISSP for starters.

The MCP and CCNA won't do you much good. Neither will the A+ or Network+. A professional org will be more help as will a grounding in risk management.

Check this link: for some good information and use Google. Google is your friend.

Ask me anything on security, always happy to help any way I can.

Good luck!

Collapse -

Career Focus

by dspeacock In reply to So what specifically do y ...

As usual, Tigger has good advice. The only thing I would suggest you do differently, without knowing your background, is forgo the Network+/Security+ and go for the SSCP (also from if networking is your thing. It covers most of the CISSP CBK, but is more geared to the operational side of the house, unlike the CISSP which is more managerial in focus.

Figure out where you want to go, and what you'd like your focus to be, and ask questions (remembering that the only dumb question is the one you don't ask). Like Tigger, I'd be happy to answer any I can, or point you in the right direction.

Collapse -

CISSP Requires Work Experience

by C L Kerr In reply to Career Focus

isc2 will not give you a CISSP without work experience though.

You can also check ISACA's CISM.

Collapse -

CISSP Requires Work Experience

by dspeacock In reply to CISSP Requires Work Exper ...

This is true. I had to submit a resume as well as certification from another CISSP or C Level executive in my company before I could use the title.

What IS available is the "Associate" of CISSP which means you've passed the test, but don't have the requisite experience yet. Once that is gained, you can use the title.

Collapse -

My approach

by Tig2 In reply to CISSP Requires Work Exper ...

Has been to find a mentor now (CISSP) who will validate my experience in addition to my resume and work with that individual on certification pathing.

I am fortunate to have the requisite experience but will likely stay with the ISC's recommendation that I work closely with a mentor for at least a year.

You can also submit additional proofs of competency with your background.

Collapse -


by dspeacock In reply to My approach


You are so right in this approach. My immediate supervisor here has been a CISSP for almost 10 years and I'm looking at this contract as one great big learning and validation experience. She even has me prepping for the CISA in June (she's taking it too).

I knew a fair bit, but only in 3-4 of the areas of the I'm getting hands on in the other areas and this can ONLY be a positive thing. Too bad this is such a short contract :-(

Collapse -

Great replies!

by GRIMMJOW In reply to Entering the Information ...

Thank you very much, each of you have helped me with some sight of which way I want to go. I want to work more on the network security side of things and then I'll see from there.

Thank you again, hopefully this thread will be able to help someone else in the future.

Collapse -

Thank you!

by zdnet4clgomez In reply to Great replies!

You're a little a head of me with finished in your BS in MIS, am still going to school to earn my BS in IT, and looking for the right path to becoming a professonial in infosec with networking-management. I have the same desire that you're going through, want to be in the infosec field, earn numerous certs and especially obtaining CISSP cert.
Your questions in the blog, give me a direction to follow, want to thank you and other that replied.
Let help each other out and good luck.


Collapse -


by IT cowgirl In reply to Entering the Information ...

I have worked with several groups of security persons with their Security certs, but had no idea where to place their security devices on their network.

If you do not understand how the network actually functions, then knowing only security is not enough. You need to know and understand both.

I am earning my CCNA, then CCNP, then the CCSP and more Security from there.

Collapse -

What do you know already?

by jdlane In reply to CCNA!

Your choices for certification paths may be of use. Like the other's have suggested, experience is required for the higher level certs i.e CISSP. Even CCNA could prove difficult if you don't have the knowledge required of the Network+ exam.

If you are already well versed in the networking world but are completely new to the security world I would check out Security +, and along the way as you get experienced, look at CISSP.

Related Discussions

Related Forums