RE: which of these ways (if any) are the best to switch to it sec?!?

["Justin Ross" <jross () cricketcommunications com>]

 Well you could parlay your router, switch, server experience into a
network security career. The first thing you should decide is what
security position interests you? Penetration tester, network security,
policy/risk management, auditing, secure programming consultant,
forensics? There is a plethora of security jobs/specialties out there,
each requiring different skill sets (Programming, Engineering, hacking,
etc.) and experience.

My advice initially wouldn't be to go down the CEH path, because it is
more penetration testing/hacking focused; and without experience, I'm
not sure that will be a valuable cert to get your foot in the door. It's
just not that necessary of a certification, though I have noticed that
more DOD contractors/civilian employees are getting it (after they get
their CISSP usually). While penetration testing is a great career, it
also requires (in my opinion) a programming background or at least
fairly in-depth knowledge of programming, and while CEH doesn't make you
a penetration tester, it also doesn't make you a security
expert/professional either. 

You could go the CCSP (Cisco Certified Security Professional) route,
which requires a CCNA which may help you should you get a job in network
support. I would also recommend the CISSP, and though I rarely recommend
the Security+, in your case (depending on your experience/knowledge
level) may be very beneficial. The CISSP is almost like a high school
diploma for security professionals, if you don't have it you will lose a
lot of opportunities. You might just get by reading the security+ book
too and not take the certification, because it's value is questionable
like the A+ (in my opinion).

I would also recommend reading as much security information that you can
online and books, maybe invest in a safari membership and soak in as
much as possible from the books available there
(http://safari.oreilly.com/browse?category=itbooks.security)

If I were you, based on your experience, my certification/knowledge path
would be:
1. Read as many books and security/hacking websites as you can focusing
specifically on security related topics like VPN's, Hacking exposed,
Linux Security, Router security, etc. Read through the DOD STIG's and
self-study why they say to turn certain things on and certain things
off.
2. CCNA/CCSP
3. CISSP (read a good CISSP book like CISSP all-in-one by Shon Harris
while you're studying your CCNA/CCSP materials just to reinforce what
you are learning from a non-vendor specific resource)
4. GIAC

While you won't be able to do all of them at once, it would be an
excellent path to get you into the security profession and give you a
really solid background to succeed in my opinion.

Justin.Ross
Security Engineer

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of allerena () optonline net
Sent: Monday, July 30, 2007 7:37 PM
To: security-basics () lists securityfocus com
Subject: which of these ways (if any) are the best to switch to it
sec?!?

I am getting out of the Marine Corps within the next month and am
looking to continue my career in the IT industry that I had prior to
enlisting.  I would like to switch over the security side of IT, but
before I enlisted, I was working with the standard networking portion
(routers, switches, servers).  

While looking online, I saw a couple different roads that I could go
down, but am wondering which of these, (if any), is the way to go.  

I saw a boot camp for the Certified Ethical Hacker, and was also looking
at the GIAC certs.  The beginner certs seem to be the Information
Security Fundamentals, and Security Essentials Certification.  Are these
the way to go to try and restart my IT career and point it in the path
of the security field?  If not, what would you suggest?  Also, do you
believe that this would be enough to get me an entry level job with
security? 

Since I am about to be unemployed, I dont have many restrictions,
besides money. ;)  My current budget is about 6000 to spend on classes /
certs- and I would love to buy some books and learn as much as I could
that way, however after looking at the curriculum for the CEH, it seems
that hands on is the best way for me to become truly proficient in the
material.  I will have an abundance of time in my job search (I have
already started looking and applying for standard networking jobs) for
me to take classes at any part of the country at any time.  However, if
taking one or two of these classes / certs will not be enough, then I
don't know if it is feasible.  I am a quick and adept learner so I feel
that I will be able to absorb knowledge pretty quickly, but since I do
not know much about this field, or programming, I am hesitant about
which direction to take.

Thanks in advance for your time and all replies that I receive!

-A