IT Employment

General discussion


Entering the Information Security Field

I am a recent graduate with a B.S. in Management Information Security (Systems sorry I have Security on my mind lol). I have always been interested in Information Security, but I understand that I need to get more experience under my belt to reach my goal.

I just had a few questions. Which would be the best route to get into Information Security? Right now I have been offered three options for certification courses:

Package One: A+, Network+, MCP Windows XP Professional, Security+, and CCNA
Package Two: A+, Network+, Security+

Which would be the best value to attempt to get an entry level job in Information Security? I know certifications do not guarantee a job, but it will help in my experience.

My second question would be related to the second. Should I just skip both packages and aim for MCSA (or MCSE?) I see that they both include the Security+ information.

Also if you want to input any more comments about getting into IS for future references would be excellent. Thank you.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Common mistake

by zbatia In reply to Entering the Information ...

Being in the IT field for more than 15 years and teaching folks since 1993, I know quite a bit about the IT, and particularly about IT security. I began my journey in that field by taking the responsibility for managing one firewall. It was a good start. It gave me a lot of exposure to the IT security, forced me to read about various protocols in depth, concepts, and it forced me to learn UNIX.

The common mistake is to start the career by taking the certification classes or exams. The concept "certification" is about certifying the skills you already have. So, my suggestion (if you really want to be a high-level professional), start with hands-on experience.
If you want to know more about certifications, read my article published in 2002 that (some people believe) still has some value:

Find the way to get some exposure to the security appliances (firewalls, proxy servers, content filters, IDS), software (basically the same but software-based), tools (scanners, packet capturing/analyzing, sniffers, etc), and as a ?must? read the literature and security-related articles that will expand your horizon. Be a volunteer, find a mentor, or at least build a small network at home and play with the evaluation copies (or freeware) of various software utilities/programs/firewalls. Learn how to harden the OS or web server, etc. Build a Linux server and workstation. Talk to your management and express your interest to get more exposure/responsibilities to IT security. Show it as a potential benefit to your organization.

Another suggestion is not taking the short-term training classes but rather buying the multimedia-based self-training software with live instructors that present the topics you want to learn. There are many benefits (like repeating, stopping, portability, rewinding, pausing, etc). Some of the vendors also offer online mentoring in addition to the software. All this works fine if you have enough self-discipline.

If you follow the path that I suggest, the certifications will be achieved easier and will add the value to your hands-on experience. Don?t forget that in the security field the employers are looking for real-world experience. So, the abbreviation letters after your last name will be more powerful if you have something in your resume that highlights your hands-on skills.

I would not suggest the CISSP certification at all at this stage of your career. The CISSP certification is valuable when you have substantial experience (5-7 years) in the information security field. It is mostly designed for the management (or at least, senior-level) security professionals. That certification can give you more opportunities to get better paying job but at the right time. If some of the folks disagree with me I would forward them to the article above where I describe the dentist who just got certified.

If you still seriously consider CISSP as one of your choices, at least you can get more information and links about it here: (this site also has a comprehensive Index of free IT security resources) and here (about the exam itself):

Best of luck in your career!

Collapse -

Best Multimedia Self Study Training Available

by bradhola In reply to Common mistake

Wondering what you recommend for multimedia self study training as there are so many out there? Thanks

Collapse -

Entering the security field

by tejasbhosale008 In reply to Entering the Information ...

I want to enter in the security field what can i do . Shoudl i do CEH or any other thing. please help me

Related Discussions

Related Forums