Jump to content

Advice Sought: Transitioning Career From Windows Generalist To Information Security


Recommended Posts

Posted

Below is my current working plan to refocus my career in IT from Windows administration to information security. It’s a 2 fold plan, starting with getting a couple of MS certs based on what I do in my current day to day work to buff my resume and salary a bit; then redirect to security. I realize there is a long running debate about the value of certifications; but just take my word for it that in the DC are job market, the more you have on paper, the better for you. I thought about saving myself a few months and skipping the MS certs, but they are such low hanging fruit for me at this point, why not just get the paper and maybe get a 20% pay bump.

I’m looking for any and all advice and feedback from people working in the IT field that work in security, or that have made a similar transition.

The general plan.

Establishing Credentials to match experience.

MCITP: Windows Server 2008 Server Administrator, 3 MCTS Exams

Purely Monitary, based on analysis of Washington, DC area job market.

MCITP: SharePoint 2010 Administration, 2 Exams (Thought about going Exchange here instead.)

Pivoting to Security

Security+, 1 exam

CEH, 1 exam

CISSP

The goal here is pretty simple in theory. I have a bachelors in comp sci, and I’ve been a Windows admin for about 10 years. During this time I’ve been the dictionary definition of a generalist; doing everything from Active Directory, Exchange, SharePoint, and of course tech support. I’ve done about 6 months total of VMware and Cisco stuff on the side. I have always have a strong interest in security and have made it my hobby, so at this point in my career, I want to begin focusing in security heavily, while at the same time getting some paperwork to back my experience in the field in order to maximize my income. I won’t get to deep into that part, just general reasons like hitting 30, wanting to buy a place soon, etc, etc. DC is a great job market for IT, but it is expensive.

By doing the MCITP, I’m just getting what I’ve been doing day to day on paper. Its only 3 relatively easy exams so why not. By getting one specialist cert, at this point I’m thinking SharePoint, I can go one level deeper into Microsoft and get to the next salary level in DC. I had deliberated between SharePoint or Exchange and ultimately settled on SharePoint.

After knocking those out as a resume buff, I want to begin the turn toward security. I know enough Linux to get by with help from Google and pull off most tasks on the desktop or server, so I wasn’t planning to get a Linux cert at this point. Instead I was going to do the Security+, CEH, and by that point I should have the requirements met to sit for the CISSP.

Posted

I've got a similar route to yourself. I live in the UK And have 10 years + in support, the majority being in system admin. I'm also looking to move into security and the CEH is the course i'm looking at. I believe that the course offers alot more than the other security courses because it puts you in the mind of the hacker. i'll be keeping a eye on the post to see what advice other people offer.

  • 2 weeks later...
Guest Deleted_Account
Posted

Below is my current working plan to refocus my career in IT from Windows administration to information security. It’s a 2 fold plan, starting with getting a couple of MS certs based on what I do in my current day to day work to buff my resume and salary a bit; then redirect to security. I realize there is a long running debate about the value of certifications; but just take my word for it that in the DC are job market, the more you have on paper, the better for you. I thought about saving myself a few months and skipping the MS certs, but they are such low hanging fruit for me at this point, why not just get the paper and maybe get a 20% pay bump.

I’m looking for any and all advice and feedback from people working in the IT field that work in security, or that have made a similar transition.

The general plan.

Establishing Credentials to match experience.

MCITP: Windows Server 2008 Server Administrator, 3 MCTS Exams

Purely Monitary, based on analysis of Washington, DC area job market.

MCITP: SharePoint 2010 Administration, 2 Exams (Thought about going Exchange here instead.)

Pivoting to Security

Security+, 1 exam

CEH, 1 exam

CISSP

The goal here is pretty simple in theory. I have a bachelors in comp sci, and I’ve been a Windows admin for about 10 years. During this time I’ve been the dictionary definition of a generalist; doing everything from Active Directory, Exchange, SharePoint, and of course tech support. I’ve done about 6 months total of VMware and Cisco stuff on the side. I have always have a strong interest in security and have made it my hobby, so at this point in my career, I want to begin focusing in security heavily, while at the same time getting some paperwork to back my experience in the field in order to maximize my income. I won’t get to deep into that part, just general reasons like hitting 30, wanting to buy a place soon, etc, etc. DC is a great job market for IT, but it is expensive.

By doing the MCITP, I’m just getting what I’ve been doing day to day on paper. Its only 3 relatively easy exams so why not. By getting one specialist cert, at this point I’m thinking SharePoint, I can go one level deeper into Microsoft and get to the next salary level in DC. I had deliberated between SharePoint or Exchange and ultimately settled on SharePoint.

After knocking those out as a resume buff, I want to begin the turn toward security. I know enough Linux to get by with help from Google and pull off most tasks on the desktop or server, so I wasn’t planning to get a Linux cert at this point. Instead I was going to do the Security+, CEH, and by that point I should have the requirements met to sit for the CISSP.

Wait you have a BSC in comp sci? Why do you need the certs than? Provide I do live here in Canada but once you have a degree in comp sci it basically equivelant to having all those certs + better in companies eye's as it takes longer to get (4 years). Any ways I digress, I did the way you mentioned (pretty same certs too) I also have a few more that are niche (needed for my current job;private sector/military ). That is a good way to tranfer ;) best of luck too!

Posted (edited)

Wait you have a BSC in comp sci? Why do you need the certs than? Provide I do live here in Canada but once you have a degree in comp sci it basically equivelant to having all those certs + better in companies eye's as it takes longer to get (4 years). Any ways I digress, I did the way you mentioned (pretty same certs too) I also have a few more that are niche (needed for my current job;private sector/military ). That is a good way to tranfer ;) best of luck too!

Well, university degrees may offer a better training, but I do believe that if you want to advance your career you will need more than just a degree. Certifications are the way to move up on the ladder, plus experience of course. Most companies nowadays when hiring new staffs, they will be looking for what other qualifications you may have.

I'm aiming to get my security+ certification sometime this year.

Edited by Infiltrator
Posted

In the Washington DC area, having a CISSP = instant job. (Well, you also need to be clearable.)

The government and all their contractors are snatching up CISSPs even with virtually no experience. And I hear the pay isn't terrible either.

The Sec+ won't really buy you much since CISSP supersedes it. I would suggest trying Linux+ instead. Windows isn't the only operating system out there and it wouldn't hurt to learn a bit about *nix systems.

  • 3 weeks later...
Posted

I was looking at the Security+ to gain educational hours towards the CISSP. Unless they changed it, you needed a certain amount of hours with a direct security title or educational hours in security to even quality to take the exam.

Also, I'm getting certs even with a college degree because in DC area, the college graduation is better then 94%, so you still need to stand out.

Thanks for the responses.

Posted

I recently moved from support to info sec. The advice I would give you, if you are wanting to get a certification, look into CISSP, or GPEN. CISSP is good (most books read like a lawyer manual) but business like it a lot. According to Global Knowledge, the GPEN is more desireable to busineses than the CEH. I guess its an acceptance thing :)

Advice about the job: If you work for a public company that has rules and regulations that they must comply to (i.e. Sarbanes-Oxley, ect...) then an info sec job will be more about policy and ensuring that policy is being followed via audits and such. What I have learned is that although cool info sec stuff happens, more often than not, an info sec job is being able to come up with good security policy, ensure it is followed and report on it. again your results may vary, depending on the exact job title that you have and what company you work for. I hope this helps.

  • 4 weeks later...
Posted

ya i'm starting out with my ccna/ccnp, working through my associates in computer science, then taking my cissp, some offensive security classes, possibly ceh, and then finishing off my bachelors in computer science. im not sure which aspect of computer security i want to go into, but i know i want to go into computer security... im figuring ill just figure it out as i go one step at a time.

  • 1 month later...
Posted

My suggestion to you is CISSP, CEH, Linux+, and if you want to go a LOT further with adding fluff to your resume get the Offensive Security certs. Expensive as hell but worth it in my opinion. CISSP will get you into most businesses from what I've heard though.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...