Re: need some advice please (rather long read)

[Isaac Perez Moncho <suscripcions () tsolucio com>]

Hi Matt,
you thought about SANS certifications?
take a look on GSEC, maybe the only than can be compared to CISSP but is 
more technical, and do it (if you can) with a local mentor.
If you do it, take GOLD certification, as it is far more recognised than 
silver.
GSEC doesn't require work experience and you learn a lot.
By your reading, and not knowing what you really know about security, I 
think it can expand you technical knowledge and give yoyu a good 
background in logical security or highlevel stuff.
The local mentor will introduce you to people that works with security, 
the mentor and maybe the other students.
If you demonstrate that you are good in the class and in the paper for 
gold, you will be in a better position to apply for jobs.
Hope that helps.

En/na Matt ha escrit:
> Hi everybody,
> I recently signed up for this list and it appears that this would be
> the place to ask for some advice. First off I apologize for the long
> note but I'm a bit frustrated and I'm hoping that by providing enough
> detail that I may be able to find some direction. Thanks in advance
> for taking the time to read my book!
>
> I'm currently looking for work in the Austin area and it seems that
> I'm either overqualified or under qualified for the positions that
> come up. I'm trying to determine if there is something I could do to
> improve my resume or some certifications I should pursue. My goal of
> course is CISSP but I don't feel that my experience would fit the
> criteria because even though I did security related jobs it was not in
> my "job title" I may be wrong about this and it would be great if
> somebody who is a CISSP or knows these kinds of things could take the
> some time to look at my resume and give me some advice.
>
> I currently have certs for Security +, MCP, A+ as well as some vendor
> specific certs that I picked up with various companies I've worked
> for. I am considering something like the TICSA and the CCNA but I'm
> not sure which certs would be the most advantageous.
>
> The good and the bad I think is my experience, lack thereof or how I
> portray it. I started off as an aviation electronics tech in the Navy
> from which I worked at a cable company doing repairs, then tech
> support (phone) then I moved to a startup company where I did
> everything from technical writing to desktop support to managing the
> phone system. After the crash I went back to school and got my college
> degree. Then I went to work for a VAR doing everything you can think
> of for small to med size business. Everything from removing spyware to
> managing user accounts to troubleshooting network problems, wireless,
> hipaa compliance for doctors offices and more. (good old jack of all
> trades master of non) It appears that due to this that I am
> "overqualified" for entry level stuff and "under qualified" for any
> full blown security positions.
>
> I have a broad background as in I've done everything from shell
> scripting to troubleshooting and repairing circuit boards to the
> component level (I really don't enjoy and wish to say away from this)
> My interests are on the security side but the "experience" I have are
> things like discovering a server that was rootkitted at one company
> (where there was no full time security position) or going into a large
> real estate firm and tracking down and eliminating a worm that had
> infiltrated their network. I have learned a lot on my own using
> Nessus, Netstumbler, Snort and things like this out of curiosity but
> the only experience I have with the corporate stuff like ISS is
> finding some online training programs or reading articles that I have
> googled.
>
> I was hoping that the Security + cert and my experience, education and
> other certs would put me in a decent position to pick up something at
> least entry level in the security field but I'm beginning to wonder.
>
> Thanks in advance for any useful advice!
> Matt
>
>
>   


--
Isaac Perez Moncho 
GSEC, SSP-GHD, SSP-MPA, Microsoft MCP.
JPL TSolucio S.L
www.tsolucio.com