-1

Im just starting out in school to study Network and Info Security. I know this is the field I want to invest my time and study into. Well over 200k security jobs went unfulfilled last year. My question is this - I know that real work experience is the most important factor that companies look at when comparing applicants. After factoring that in, what are the certifications that can not only help advance a career but aid in the work, itself, where security and entry-level is concerned? Again, I'm very new to this so certifications that would be available to someone fresh out of school.

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
Jeff Wilson
  • 7
  • 3
  • Pretty certain we have a dupe, but in any case this is opinion based. – Rory Alsop Oct 18 '14 at 15:10
  • I've already warned the author in a comment, but why it was deleted without a notice. – elsadek Oct 18 '14 at 18:25
  • Yes... this is opinion based. That is the entire point of the question - To gain professional opinion on the importance of certain certifications to someone just starting out. I apologize if this isnt the right forum. I'll go elsewhere. – Jeff Wilson Oct 20 '14 at 14:30

2 Answers2

1

I would advise to start with Comptia Security Plus after you gain some information security experience you can opt for C|EH or advanced certifications like CISSP/CISA/CISM (Sans - Intermediate and above Certs). Sec+ ->CEH->CISSP/CISA/CISM or Sec+ ->GCIH/GCIA->CISSP/CISA/CISM

You can opt for CISSP earlier in your career by taking the CISSP and if you pass you will be Associate of (ISC)²- CISSP ).

For information security experience is of most value and no certification can replace that but at the same time you learn and practice new things while studying for these certifications.

ciphercodes
  • 709
  • 4
  • 7
1

Just check the job sites and see what employers are asking for. My opinion -- seems like for Management type positions the CISSP is favored among others. For Analysts and Techs probably any cert that includes practical working knowledge (EC Council CEH) or lab components (Sans GIAC certs). How much money you have and are willing to spend on a certification will also determine your options. If you only can afford a few hundred dollars then the CEH is good place to start. On the other hand, if you have a few thousand dollars then nothing is probably better than a Sans GIAC cert -- any of them.

Some_Dude
  • 11
  • 1
  • 1
    You can't get a CISSP when you're just out of school. It requires five years of work experience in the InfoSec field. – Xander Oct 17 '14 at 21:33
  • True -- if you are talking about standard CISSP applicants. As already mentioned by ciphercodes, you may sit for the CISSP and upon passing become an Associate of (ISC)²- CISSP. As long as you communicate that first bit -- you could still leverage the CISSP designation for employment opportunities. https://www.isc2.org/how-to-become-an-associate.aspx If you don't like that option you can go after one of the other certs mentioned that require less experience. – Some_Dude Oct 17 '14 at 22:04
  • CISSP is really not for management. It is generally considered a reasonably broad but shallow cert suitable for junior security folks a few years into their career. Have a look at my blog post on this:http://security.blogoverflow.com/2013/03/presentations-starting-your-security-career-where-can-you-go/ – Rory Alsop Oct 19 '14 at 15:43
  • Excellent blog post and video, Rory. That is exactly what I was looking for! Would love to sit in on a talk like this but the area in which im located doesnt have any major jobs open for Information Security. I'll have to venture elsewhere so there isnt as much emphasis on training. Just the courses needed to graduate and that's it. – Jeff Wilson Oct 20 '14 at 14:35