Comments on: How I got into Security http://elamb.org/how-i-got-in-security/ don't be sheeple Wed, 17 Mar 2010 01:36:37 -0700 http://wordpress.org/?v=2.8.3 hourly 1 By: elamb.security http://elamb.org/how-i-got-in-security/comment-page-1/#comment-1658 elamb.security Mon, 25 Jun 2007 16:43:10 +0000 http://elamb.org/how-i-got-in-security/#comment-1658 If a Security Analyst knows their stuff really well and/or has a computer security degree I don't think think they should have to have a certification. A cert does not necessarily mean your good or even smart. But the IT industry sets the standards on that stuff and they want that extra assurance that security guys are good. Some govt agencies (as least in North America) now absolutely require security certifications for employment. the ideal certification (right now) is the CISSP. But some alternatives are the CISA (really good for financial orgs), CISM, or CISSM (more for information security management). These are fairly difficult certifications to get but VERY respected in the security world (even over a degree sometimes which makes no sense to me). I would say that the Security is a good cert to start with. SANS has a bunch of decent certs as well such as the GSEC that are well respected in the industry. If one had to get cert I would make sure it matched their level of responsibility. For example, a lower level security guy who only looks as audit logs all day might only need a security , but a security engineer who does security policies, security audits and maybe even manages security personell might consider getting a CISSP. There is also the CEH which is for pentesting and the CFI for forensics. If a Security Analyst knows their stuff really well and/or has a computer security degree I don’t think think they should have to have a certification. A cert does not necessarily mean your good or even smart. But the IT industry sets the standards on that stuff and they want that extra assurance that security guys are good.

Some govt agencies (as least in North America) now absolutely require security certifications for employment.

the ideal certification (right now) is the CISSP. But some alternatives are the CISA (really good for financial orgs), CISM, or CISSM (more for information security management).

These are fairly difficult certifications to get but VERY respected in the security world (even over a degree sometimes which makes no sense to me).

I would say that the Security is a good cert to start with. SANS has a bunch of decent certs as well such as the GSEC that are well respected in the industry.

If one had to get cert I would make sure it matched their level of responsibility. For example, a lower level security guy who only looks as audit logs all day might only need a security , but a security engineer who does security policies, security audits and maybe even manages security personell might consider getting a CISSP.

There is also the CEH which is for pentesting and the CFI for forensics.

]]> By: Ashish http://elamb.org/how-i-got-in-security/comment-page-1/#comment-1358 Ashish Sun, 24 Jun 2007 09:03:51 +0000 http://elamb.org/how-i-got-in-security/#comment-1358 Hi, Wat sort of certification you think a person should have to become security analyst. Though i am working with a IT firm, as security engineer. Regards Ashish Hi,

Wat sort of certification you think a person should have to become security analyst. Though i am working with a IT firm, as security engineer.

Regards
Ashish

]]>