Certifications in Information Security
The information I am going to give is my own personal vision, I do not hold the full truth. This entry was updated on 15/07/2018, it may be outdated.
Quite many friends ask me about how to work in the field of information security. I once had these doubts too, and the information on the web is partial, insufficient or outdated.
First, some common doubts:
No, it does not. However, I think the career provides knowledge and a discipline/consistency that is difficult to achieve by yourself.
I recommend studying a degree in Computer Science. On the other hand, with effort and dedication you can skip this, but your first steps in the field of information security will be slower and you'll have to demonstrate more than your colleagues.
How much time should I spend studying on this field?
It depends on the person and the previous knowledge you already have. But to sum up: a lot! No one becomes a 'hacker' in a couple of afternoons.
What are companies asking for?
Experience, studies, and Certifications. We are going to talk about certifications in this post.Certifications are a kind of degree/accreditation to be renewed every few years. They are validated by independent bodies (e.g. Cisco).
 | ||||
| We're into the first branch. Information Security. |
Bad things about certifications: they cost a lot of money, they have to be renewed X years, some paid courses are prohibitive.
INTERMEDIATE CERTIFICATIONS NON-RELATED TO INFORMATION SECURITY:
These certifications are not exactly IT security certifications, but they provide interesting insights and can be the way to get your first job in the IT field while you gain experience and prepare for other certifications. The knowledge you get with this certifications will help to develop yourself in IT Security.
CCNA Routing and Switching: Cisco certification for networks. The price is usually around 400-500€.
LPI Linux: Linux server sysadmin certification. The price is usually around 300€.
RHCSA y RHCE: Linux Server sysadmin Certification by Red Hat. Better rated than Lpi Linux. About 500-600.
INTERMEDIATE CERTIFICATIONS RELATED TO INFORMATION SECURITY:
CCNA Security: Cisco certification for network security. The price is usually around 400-500€. CCNA Routing and switching is required to obtain this certification.Comptia Security+: Certification by Comptia. The price is 299€.
CEH: Certified Ethical Hacker: The price is around 1600€ per course+test. The course is necessary if you do not have 2 years of demonstrable experience in the field. Personally, I don't recommend it unless you're not worried about the money.
ADVANCE CERTIFICATIONS RELATED TO INFORMATION SECURITY:
CISA: Certification of Information Systems Auditor by ITACA. Very often they ask for it. About 600€.
CCNP Security: Advanced CISCO certification in network security. About 500€.
OSCP: Offensive Security Certified Professional. One of the most difficult. With this one you'll be raffled off. About 800€ with access to Labs. The test is from home.
CISSP: Another highly valued certification. Requires 5 years of experience. About 500-700€ per person.
CONCLUSION:
It's a good idea to go for some intermediate certification and start working in an average Helpdesk company and gradually learn, get more certifications and improve your professional profile.
The most important thing is experience and getting your feet in this field, so forget about getting 7 certificates and then looking for job, it's much better to get a couple of basic certifications and start working.
The certifications themselves are wet paper, they are not a guarantee that you will find a job. However, they are a good sign of differentiation that can make you more attractive than other people looking for work in this area.
Without certifications or experience the initial barrier is very difficult or almost impossible to overcome.
The most important thing is experience and getting your feet in this field, so forget about getting 7 certificates and then looking for job, it's much better to get a couple of basic certifications and start working.
The certifications themselves are wet paper, they are not a guarantee that you will find a job. However, they are a good sign of differentiation that can make you more attractive than other people looking for work in this area.
Without certifications or experience the initial barrier is very difficult or almost impossible to overcome.