Re: RE: Value of certifications

["Nathalie Vaiser, RFC, FMM" <nat () ultraservice com>]

At 12:58 PM 4/27/2007, you wrote:
> Nathalie,
> Be patient.
> Get the real world experience - there's no substitute for it.
> Do it at work and do it in your own time.
> Setup your own home-network and play with it.

Thanks for the reply. I completely agree, but getting real world 
experience is the problem - I'm too new to actually get a job in any 
field of IT security.

And since I'm going to spend time studying on my own, I'd like to 
have something to show for it at the same time at least (i.e. - a 
degree, or certification)

I'd really love some advice on this...

I don't have a bachelors degree. I see quite a few job offers that 
require one.  I only did one year of University (10 years ago) in 
Marketing.  Would doing night classes in a University program (or 
online program) relating to IT be helpful?  I've seen some a degree 
'Information Systems Security' that may be interesting. It would be 
expensive and take a long time to finish part-time.  I'm not sure if 
I'm better off with certifications or a bachelors degree  (academic 
and real-world is also very different I believe)

I am working for a web hosting company right now as a Level I Systems 
Administrator, so my position is not really giving much security 
experience (only a little here and there as it pertains to some 
security issues or abuse issues.).  My employer will not pay for 
certifications, so I'm on my own there.

I'm starting to play around with VMWare as a way of putting together 
a virtual network at home.  I already have a home network (home 
network, I emphasize).  Linksys Cable/DSL router, a couple of hubs, 
and a wireless router.  It's not really real world as I don't have a 
static IP, so I'm using port forwarding on the router to send certain 
traffic to my Linux box. My other PCs are Windows. Soon I will 
probably set up an old laptop I have as a firewall for the network, 
that will be good experience.



> Security is a large area. Find a field that you consider interesting
> and one that you feel you have an aptitude for - seek to become an
> expert in it. Whether it is securing applications, Crypto, Firewalls
> and Networks, Pen-testing...  the list goes on and on. Try to keep
> abrest of the other domains and technology, but remain focused on your
> core strengths.

I'm still trying to determine what my focus should be.  I'm not a 
programmer at all, not very good in math either if that helps you 
make any suggestions.

I am interested in pen-testing, IDS/firewalls, server security 
(preventing hackers, etc.).

I am considering perhaps studying for the CEH (Certified Ethical 
Hacker), mostly because it's seems very interesting, and it is some 
type of security-related certification.



Any thoughts, suggestions, and feedback based on the information I 
provided would be much appreciated.


Thanks
Nathalie





> Basically, don't get a certification for the sake of it. The people
> that are hiring you (unless you plan to become just another number in
> a HR system) should be more interested in what you've done and what
> you can do. If the employer is more interested in the certification
> than in your actual experience and knowledge, then they aren't worth
> working for (IMHO).
>
> Good luck,
>
> ys
>
> On 26/04/07, Nathalie Vaiser, RFC, FMM <nat () ultraservice com> wrote:
> > Hi guys,
> >
> > What would be recommend for someone who is fairly new to the IT-world
> > and has a strong interest in security?
> >
> > The CISSP requires 4 or 5 years of related work experience.
> >
> > Would Security+ be recommended in that case? Or is there another suggestion?
> >
> >
> >
> > Thanks
> > Nathalie
>
>
>
> --
> Yousef Syed
> "To ask a question is to show ignorance; not to ask a question, means
> you remain ignorant" - Japanese Proverb