Re: Security Certifications. Help needed

[salgak () speakeasy net]

> -----Original Message-----
> From: Mix [mailto:Silver_ptps () hotmail com]
> Sent: Thursday, August 14, 2003 01:22 PM
> To: security-basics () securityfocus com
> Subject: Security Certifications. Help needed

> Hi all.
>
> I am a security specialist wannabee, i have an MCSE on NT4 platform and a
> MCP in windows 2000 and i am currently studying to become a CCNA and
> Security + certified Profeessional.
>
> Where should i go from here? can you point out some other certifications
> around available that should help me in this IT Security area?

First. . . you need broader OS experience.  Win2K and some flavor of UNIX/Linux.  Preferably multiple flavors.   You 
can NEVER learn enough UNIX in computing. . .

Then the question becomes, what PART of security do you want to do ?  Policies ?  Firewalls ? VPNs? Intrusion Detection 
?  Forensics ?  Vulnerability Assessment/Penetration Testing ?

Security isn't a monolithic area.

Eventually, get a GIAC or a CISSP.  The GIAC credential is, IMHO, the better one, but the CISSP is better known.  So 
people ask for it, just like they ask for MCSEs (most amusingly, I saw an ad for a Solaris Administrator, no mention of 
Windows systems. . .but MCSE was required.)

Learn a few open-source apps.  SNORT and TRIPWIRE come in handy.  Use PUTTY on your Windows boxes, and let your users 
use them instead of Telnet and FTP. . .





---------------------------------------------------------------------------
----------------------------------------------------------------------------