What is the best path to enter into security field and get hand-on for job opportunity. I have been doing help-desk stuff for 0ver 15 years and some sys admin role but I really like security. I do not have any Cisco certification and my Server 2008 Enterprise administrator expired a while back with no use at my current job. I already have Security+ and CEH 8. My CEH8 will expire next year. Do I need to take Security+ again or should I not worry about it? Also, I believe the next step should be CISSP. May you recommend what path or course should I take next.
Entering into Cyber Security
There are two perspectives here you have to take into account. First, IT security jobs normally require of years of work experience. Secondly, an IT Certification doesn't validate work experience; it tends to validate knowledge.
To get into the IT Security without IT Security experience is not easy, any look at job-hiring sites will prove that when you look at the required experience. Many companies will allow you substitute the certification in place of college credit. So where you'll see a job that requires a Bachelor of Science in Computer related field and 7 years of experience; you may see where it says you can substitute industry recognized certifications for that undergraduate degree. Sometimes, it's more experience with no college degree as well.
The key with the certifications, especially in the IT Security field, is to maintain current certifications because the field changes often. This is why most companies do not have lifetime certifications any longer. Expiring certifications probably will need to be updated if you're looking for a job in that field. You'll need to see what the job requires and at least update those certifications.
The CISSP certification considered the premier security certification to hold because every industry around the globe recognizes it as the certification to have. I believe someone who has CISSP has to vouch for you.
Security+ is a great foundational security cert to have and I would pursue that one if the job required it but not if that specific job didn't when you could be working something like the CISSP.
Suggestion on path:
- Find the job and look at the requirements for applying.
- Look at the certifications requirements, work on the one you have or no longer have that can get you the interview of the job.
- Then tell them your goal of achieving the CISSP and do that one too.