IT Certifications and Careers (Official Discussion Thread)

[slikkp]

Senior job title gets you the most money. My salary jumped 30K in just 3 years going from Security Analyst to Cybersecurity Engineer. Don't ever accept a job with a shytty generic job title. Once you've got Senior or Engineer in your job title they have to pay you.

No lies here. I just accepted a job offer for a 40k bump because I had Sr in my job title. I've only been a Sr for a year .

 

[Trustus]

The Security+ only really matters for Federal Government jobs. You'll earn way more money learning IT Security technology. Because companies are getting their ass kicked by hackers. They'll pay big money to people who can stop the bleeding.

So, get a CEH or pentest+ cert after security+?

 

[-deleted-]

So, get a CEH or pentest+ cert after security+?

I think if you are going the Pen Tester route you would need a CEH anyway

I heard the CySA+ is a good one to get after Sec+ though and that the exam is very very similar

 

[daboywonder2002]

What job title sounds better, Application Analyst or Application Specialist? I wonder if job titles can make a huge difference when people look at your resume.

 

[JT-Money]

So, get a CEH or pentest+ cert after security+?

I would get whichever one has the most hits on job boards. But the problem is none of them will really help you on the job. Most security jobs involve babysitting security technology like firewalls, proxies, antivirus etc.

Sure it's good to have all this IT Security knowledge. But the people running these companies could care less. They ignore cybersecurity best practices anyway. All they want is someone to manage the overpriced security equipment they own. And take the fall if a breach happens.

You're almost better off finding out what security technology a company runs. Downloading trial versions of it and learning it inside and out. Because that's all you'll be doing on the job anyway. Since most IT security departments are severely understaffed. If you master the leading Security vendors technology you'll never be without a job.

I get calls all the time from recruiters about some obscure technology I have on my resume. That a company is willing to pay 6 figures for someone babysit it for a few months.

They could care less about hiring someone that can determine if they've been hacked or not. And in most cases they don't want to know if they've been hacked.

All upper management knows is they paid a ton of money for some buggy security product. And they need to justify that purchase by keeping it up and running. The key is to find a vendor with a halfway decent security product to hitch your wagon too. Because if you pick one of these dying companies like McAfee or Symantec you'll be in the same boat as them.

 

[Trustus]

I think if you are going the Pen Tester route you would need a CEH anyway

I heard the CySA+ is a good one to get after Sec+ though and that the exam is very very similar

Yeah, that's what I heard also and Comptia said both pentest+ and CySA+ follows the Secrity+, I'm torn what to go for next and don't want to waste time on something that's not going to help in the long run

I would get whichever one has the most hits on job boards. But the problem is none of them will really help you on the job. Most security jobs involve babysitting security technology like firewalls, proxies, antivirus etc.

Sure it's good to have all this IT Security knowledge. But the people running these companies could care less. They ignore cybersecurity best practices anyway. All they want is someone to manage the overpriced security equipment they own. And take the fall if a breach happens.

You're almost better off finding out what security technology a company runs. Downloading trial versions of it and learning it inside and out. Because that's all you'll be doing on the job anyway. Since most IT security departments are severely understaffed. If you master the leading Security vendors technology you'll never be without a job.

I get calls all the time from recruiters about some obscure technology I have on my resume. That a company is willing to pay 6 figures for someone babysit it for a few months.

They could care less about hiring someone that can determine if they've been hacked or not. And in most cases they don't want to know if they've been hacked.

All upper management knows is they paid a ton of money for some buggy security product. And they need to justify that purchase by keeping it up and running. The key is to find a vendor with a halfway decent security product to hitch your wagon too. Because if you pick one of these dying companies like McAfee or Symantec you'll be in the same boat as them.

Good lookin out on the info so, look at the job posting and study what they are using get good at and apply to these jobs? I want to get out of help desk/desktop support as fast as possible.

 

[-deleted-]

Yeah, that's what I heard also and Comptia said both pentest+ and CySA+ follows the Secrity+, I'm torn what to go for next and don't want to waste time on something that's not going to help in the long run

At my last job I had a coworker who's cousin worked as a pen tester clocking over 6 figs remotely, he had the GSEC cert

I honestly think the Pentest + and CySA+ will help in the long run, it is really the skills you know when it comes to this and those two can't hurt if you know the material

 

[-deleted-]

Since there's a bunch of cats going down the security path, here are some skills that has been extremely valuable in helping me get high paying contracts:

Information Security
Active Directory Administration and Security - AD is the main LDAP provider for most organizations so you're going to have learn how to administer AD and secure it.

• Understand AD group scope and how they're used
• Understand the Active Directory schema and how to modify it
• Understand AD CS and how to configure and troubles LDAPS
• Know how to create/manage AD objects
• A strong understanding of group policy

Public Key Infrastructure - Encryption and PKI are fundamental concepts in info sec and you should have a strong understanding of how it works:

• Understanding the various types of encryption algorithms
• Understanding Certificate Authorities, their role, and how they work
• Understanding key management
• Understanding Certificate Templates and how they're used (Active Directory)
• Know how to deploy certificates to users/computers
• Understand auto-enrollment, certificate renewals and expiration

Security Standards - security standards and governance are what gives security teams the legal backing and provides industry best practices in securing environments

• NIST 800-53 - the most common info sec standard. Familiarize yourself with it.
• ISO27001 - another security standard
• PCI DSS - the industry standard for companies that accept credit card transactions (Visa, MC, Discover, AMEX)
• HIPAA - the government privacy standard for the healthcare industry. There are HIPAA security rules the provide guidance for securing ePHI.
• FISMA - standard mandated by the federal government. A lot of federal jobs have a requirement for having the CISSP which is the standard.

Network Security
Firewalls/VPNs- Firewalls segment and analyze network traffic and allow data in and out the network based on rules and policies. VPN's provide security communication over a public network (the internet for example)

• Cisco ASA - firewall/VPN appliance by Cisco. The CCNA Security, CCNP Security, and CCIE Security exams covers configuring, installing and troubleshooting these devices
• Checkpoint - firewall/VPN appliance manufacturer. The CCSA and CCSE exams cover checkpoint appliances

IPS/IDS - these devices monitor network traffic for network based attacks. There's a bunch of different vendors that create IPS/IDS software. Find one that has a free trial/software and start familiarizing yourself with it.

DLP - these appliances monitors network traffic to ensure that confidential data isn't setup on the network (social security numbers, company secrets, HIPAA data, credit card data, etc). There's a bunch of DLP vendors (I'm most familiar with Symantec).

Vulnerabilities and Exploits - vulnerabilities are weaknesses in software/configuration.

• WSUS - main tool used to patch Windows devices in a corporate environment
• SCCM - Microsoft product for pushing out patches and configuration changes
• Exploit-DB - site with known exploits
• CVE Search - site that lists known vulnerabilities
• Kali Linux - Linux distro created for the PEN testing community. It has a ton of pre installed network intrusion tools
• Metasploit - Exploit framework used to find and exploit known vulnerabilities
• Nessus - Vulnerability scanner used to find vulnerabilities on hosts/subnets

Certifications
Security+ - Cert offerred by CompTIA. Good if you have less than 5 years of experience
CISSP - One of the most request info sec certs. Requires 5 years of experience to be eligible. This is the cert you MUST have.
OSCP - All about pen testing. One of the best courses I've taken.
CEH - Highly requested cert for anyone wanting to be involved with pen testing
CISA/CISM - highly requested certis from ISACA. Mostly for folks in the auditing/management side.

If I get some time this weekend, I'll post some links on how to setup a lab to do some pen testing at home. IMO it's easier to understand security concepts and principles once you've successfully compromised a system.

Proud of myself for having experience with most of the shyt in this post....

 

[-deleted-]

I go there from time to time but the discussions aren't as active and not to mention relatable as the coli. I've noticed that you asked a lot of the same questions in this thread, what exactly is it that you need answers to of advice on?

for anyone black reading this,

thecoli more specifically this thread is the best source on the internet for black ppl to learn about IT. Reddit don't got shyt compared to this. You have older brothers here that literally give you the sauce step by step with their own experiences....reddit is filled with non-blacks who aren't even confident in themselves

just being black alone you got the sauce, in this thread you have the sauce and the source. use it

 

[se1f_made]

I agree in regards to the perspective that coli brehs can relate to and e-mentorship or guidance but as far as the tech goes, industry innovations, etc then that information is available in several places on the net not just the coli

for anyone black reading this,

thecoli more specifically this thread is the best source on the internet for black ppl to learn about IT. Reddit don't got shyt compared to this. You have older brothers here that literally give you the sauce step by step with their own experiences....reddit is filled with non-blacks who aren't even confident in themselves

just being black alone you got the sauce, in this thread you have the sauce and the source. use it

 

[Ice_MF_Mike]

What job title sounds better, Application Analyst or Application Specialist? I wonder if job titles can make a huge difference when people look at your resume.

Titles dont matter for the most part. I'm gonna suss out if you are right for the role or not regardless and likely not even look at the titles. Maybe the title might help someone like a recruiter to take a second look but after that, it wont matter a ton.

 

[Ice_MF_Mike]

For my IT journey, I will be moving over to reddit, I think them cacs will help a bit... it's a huge site with many subforums so I should be alright. I will post when I get the mcsa cert.

Just remember the advice you are given is only as good as the source. Get advice, but verify and take it with a grain of salt. Do the research for yourself as well. What worked for someone else might not work for you bruh.

 

[Scott Larock]

Just remember the advice you are given is only as good as the source. Get advice, but verify and take it with a grain of salt. Do the research for yourself as well. What worked for someone else might not work for you bruh.

Yeah I bushed reddit, and I stick with the coli and bgol, I got some free training from a brotha over there.

 

[Ice_MF_Mike]

Since there's a bunch of cats going down the security path, here are some skills that has been extremely valuable in helping me get high paying contracts:

Information Security
Active Directory Administration and Security - AD is the main LDAP provider for most organizations so you're going to have learn how to administer AD and secure it.

• Understand AD group scope and how they're used
• Understand the Active Directory schema and how to modify it
• Understand AD CS and how to configure and troubles LDAPS
• Know how to create/manage AD objects
• A strong understanding of group policy

Public Key Infrastructure - Encryption and PKI are fundamental concepts in info sec and you should have a strong understanding of how it works:

• Understanding the various types of encryption algorithms
• Understanding Certificate Authorities, their role, and how they work
• Understanding key management
• Understanding Certificate Templates and how they're used (Active Directory)
• Know how to deploy certificates to users/computers
• Understand auto-enrollment, certificate renewals and expiration

Security Standards - security standards and governance are what gives security teams the legal backing and provides industry best practices in securing environments

• NIST 800-53 - the most common info sec standard. Familiarize yourself with it.
• ISO27001 - another security standard
• PCI DSS - the industry standard for companies that accept credit card transactions (Visa, MC, Discover, AMEX)
• HIPAA - the government privacy standard for the healthcare industry. There are HIPAA security rules the provide guidance for securing ePHI.
• FISMA - standard mandated by the federal government. A lot of federal jobs have a requirement for having the CISSP which is the standard.

Network Security
Firewalls/VPNs- Firewalls segment and analyze network traffic and allow data in and out the network based on rules and policies. VPN's provide security communication over a public network (the internet for example)

• Cisco ASA - firewall/VPN appliance by Cisco. The CCNA Security, CCNP Security, and CCIE Security exams covers configuring, installing and troubleshooting these devices
• Checkpoint - firewall/VPN appliance manufacturer. The CCSA and CCSE exams cover checkpoint appliances

IPS/IDS - these devices monitor network traffic for network based attacks. There's a bunch of different vendors that create IPS/IDS software. Find one that has a free trial/software and start familiarizing yourself with it.

DLP - these appliances monitors network traffic to ensure that confidential data isn't setup on the network (social security numbers, company secrets, HIPAA data, credit card data, etc). There's a bunch of DLP vendors (I'm most familiar with Symantec).

Vulnerabilities and Exploits - vulnerabilities are weaknesses in software/configuration.

• WSUS - main tool used to patch Windows devices in a corporate environment
• SCCM - Microsoft product for pushing out patches and configuration changes
• Exploit-DB - site with known exploits
• CVE Search - site that lists known vulnerabilities
• Kali Linux - Linux distro created for the PEN testing community. It has a ton of pre installed network intrusion tools
• Metasploit - Exploit framework used to find and exploit known vulnerabilities
• Nessus - Vulnerability scanner used to find vulnerabilities on hosts/subnets

Certifications
Security+ - Cert offerred by CompTIA. Good if you have less than 5 years of experience
CISSP - One of the most request info sec certs. Requires 5 years of experience to be eligible. This is the cert you MUST have.
OSCP - All about pen testing. One of the best courses I've taken.
CEH - Highly requested cert for anyone wanting to be involved with pen testing
CISA/CISM - highly requested certis from ISACA. Mostly for folks in the auditing/management side.

If I get some time this weekend, I'll post some links on how to setup a lab to do some pen testing at home. IMO it's easier to understand security concepts and principles once you've successfully compromised a system.

Solid list. Just wanted to add one more resource to get familiar with: Matrix - Enterprise | MITRE ATT&CK®

 

[Ice_MF_Mike]

Yeah I bushed reddit, and I stick with the coli and bgol, I got some free training from a brotha over there.

Dont get me wrong there is good info there too and alot of it. But some folks will post something that is dead wrong just because they dont know much about IT. Then people follow that advice blindly and end up unemployed or cant find jobs. Its unfortunate.