5

I am an application developer in MNC with 2 year experience. What are the basic certification or course should I do what can help myself to shift in security field?

AviD
  • 72,138
  • 22
  • 136
  • 218
Shuvankar Sarkar
  • 151
  • 1
  • 4
  • 1
    This is a bit of a subjective question - I would advise reading some of the Related Questions in that sidebar on the right. – Rory Alsop Dec 19 '12 at 15:26

4 Answers4

7

My employer required CompTIA's Security+ certification for entry-level positions. It will give you the basics. Despite criticism for its form (multiple-choice answers), by actually doing the course and studying on areas where you lack knowledge, you will get a decent start about security. After that it may become a matter of choosing where you want to go next such as malware analysis, penetration testing, intrusion analysis, forensics, etc.

So start with Security+. It's the most basic and possibly the most common entry level certification.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
user1068775
  • 189
  • 2
4

Systems Security Certified Practitioner (SSCP) only requires one year and is a little more conceptual than Security+.

https://www.isc2.org/sscp/default.aspx

Emmanuel Goldstein
  • 157
  • 3
2

start with Security+ and purchase this book from amazon CompTIA Security+: Get Certified Get Ahead and also after you pass your Security+ Exam you have to choose which direction you want to go to like Penetration testing , forensics , malware analysis and focus on it .

P3nT3ster
  • 877
  • 7
  • 10
1

I was also a developer for a long time and just recently switched over to security full time.

I didn't have a lot of hands-on experience, so i decided to take SANS GSEC exam with the week long bootcamp. So with this, i got hands on experience with an amazing instructor.

So when i went into my interviews, they would ask, have you ever used snort? Do you know how to use wireshark filters, have you much experience with iptables? I could say yes to all those things. (Granted it was only for the class, but still, some familiarity helps)

The only problem with SANS training is that it isn't cheap. Just to sit the exam was $700. (it's a 5 hour long exam). But i'll say this much, almost everyone interviewing me knew the quality of SANS training. Everyone kind of acknowledged when they asked about it and nodded their head in a positive manner.

That was my experience.

Since you have development experience, think about volunteering to something like OPENSCAP. This is a open source RHEL/CENTOS vulnerability scanner, which will give you experience in spotting and fixing vulns in Linux.

Could be helpful to show that you are active in working on security tools in your spare time.

That's what worked for me. May not work for everyone. I'm now doing incident response and i'm responsible for cloud security at a large security vendor and couldn't be happier.

Btw - i also had Security+ on my resume and nobody ever even asked about it...my experience.

mumbles
  • 380
  • 1
  • 2
  • 12