IT Certifications and Careers (Official Discussion Thread)

StretfordRed

Afro-European
Joined
Feb 9, 2014
Messages
11,169
Reputation
-2,060
Daps
32,576
Why do companies look down on CEH? I'd think they'd love a CEH lol. but could you explain to me why that is, that they look down on CEH?

and what is OSCP and SANS?

CEH is/was seen as the kiddy pen-testing certification as it is all book based. The OSCP is seen by many pen testers and pen test organisations to be the defacto certificate

OCSP is run by the guys who do Backtrack Linux/Kali Linux: https://www.offensive-security.com/...cp-offensive-security-certified-professional/

SANS are the (pretty much) defect training organisation, who in turn provide GIAC training courses (GCIA, GCIH, GREM, etc): http://www.sans.org. Their courses are expensive and most people have their funded by the work place. Else wise you can do work/study where you be an assistant in the class and be able to take the course at a very cheap rate

Security certifications are difficult in terms of usefulness. Most of them are useless without experience. But that experience can just be running labs at home, but you need to be more than a paper cert
 
Joined
Oct 19, 2013
Messages
428
Reputation
190
Daps
894
what's CISSP?
Its a security certification. Its in very high demand. And more importantly, it gives you a very broad knowledge of the infosec realm. From there you have a better idea which direction to proceed as its a HUGE field. Below are the domains for this certification:

The CISSP® domains are drawn from various information security topics within the (ISC)²®CBK®. The CISSP CBK consists of the following 10 domains:

  • Access Control – A collection of mechanisms that work together to create securityarchitecture to protect the assets of the information system
    • Concepts/Methodologies/Techniques
    • Effectiveness
    • Attacks
  • Telecommunications and Network Security – Discusses network structures, transmission methods, transport formats and security measures used to provideavailability, integrity, and confidentiality
    • Network Architecture and Design
    • Communication Channels
    • Network Components
    • Network Attacks
  • Information Security Governance and Risk Management – The identification of anorganization’s information assets and the development, documentation andimplementation of policies, standards, procedures, and guidelines
    • Security Governance and Policy
    • Information Classification/Ownership
    • Contractual Agreements and Procurement Processes
    • Risk Management Concepts
    • Personnel Security
    • Security Education, Training and Awareness
    • Certification and Accreditation
  • Software Development Security – Refers to the controls that are included within systems and applications software and the steps used in their development
    • Systems Development Life Cycle (SDLC)
    • Application Environment and Security Controls
    • Effectiveness of Application Security
  • Cryptography – The principles, means and methods of disguising information toensure its integrity, confidentiality, and authenticity
    • Encryption Concepts
    • Digital Signatures
    • Cryptanalytic Attacks
    • Public Key Infrastructure (PKI)
    • Information Hiding Alternatives
  • Security Architecture and Design – Contains the concepts, principles, structuresand standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels ofconfidentiality, integrity, and availability
    • Fundamental Concepts of Security Models
    • Capabilities of Information Systems (e.g. memory protection, virtualization)
    • Countermeasure Principles
    • Vulnerabilities and Threats (e.g. cloud computing, aggregation, data flow control)
  • Operations Security – Used to identify the controls over hardware, media and theoperators with access privileges to any of these resources
    • Resource Protection
    • Incident Response
    • Attack Prevention and Response
    • Patch and Vulnerability Management
  • Business Continuity and Disaster Recovery Planning – Addresses thepreservation of the business in the face of major disruptions to normal businessoperations
    • Business Impact Analysis
    • Recovery Strategy
    • Disaster Recovery Process
    • Provide Training
  • Legal, Regulations, Investigations and Compliance – Addresses computer crime laws and regulations, the investigative measures and techniques that can be used todetermine if a crime has been committed, and methods to gather evidence
  • Physical (Environmental) Security – Addresses the threats, vulnerabilities, andcountermeasures that can be utilized to physically protect an enterprise’s resourcesand sensitive information
    • Site/Facility Design Considerations
    • Perimeter Security
    • Internal Security
    • Facilities Security
 
Last edited:

Pyrexcup

Superstar
Joined
Dec 30, 2012
Messages
4,746
Reputation
765
Daps
14,814
Reppin
NULL
To be honest my ENTIRE tech experience is > 6 years But I know my shyt with the best of them so I'm kind of an outlier when it comes to years experience/pay rate.

There's pretty much three keys to BI Development...

1. Data Discovery and Integration
2. Data Analytics
3. Data Visualization and Reporting

You should have heavy SQL knowledge, data warehouse and database development knowledge (Teradata, SQL Server, Oracal, DB2, Hadoop, Etc.), how to use an ETL tool to move and integrate data (SSIS, Informatica, etc.), how to use tools for data analysis and analytics (SSAS, SAS, Tableau, Excel, Microstrategy, etc.), and data visualization (Tableau, SAS, SSRS, Excel, Microstrategy, Qlikview, etc.)

BI is a very broad topic that requires you to wear a couple of different hats but this ^ is the 20,000 foot overview. You're basically the person that's allowing the company to make data-driven decisions.
looking to get into BI or QA myself just been too lazy:sadcam:
 

acri1

The Chosen 1
Supporter
Joined
May 2, 2012
Messages
24,006
Reputation
3,755
Daps
105,014
Reppin
Detroit
Any advice or specific posts for a 18 year old? Hook me up.

Go to school, if you're not already in one.

It's true that you don't necessarily have to have a degree to work in IT, but it'll make it a lot easier to get your foot in the door. More importantly, if you enroll in an IT program you'll meet people that already work in the industry, and they might be able to put in a good word for you or help you get a job. Like a lot of people say, sometimes it's not just what you know but who you know. Doesn't even have to be at a university either, there are community colleges with pretty good IT programs. Even getting your associates will make it a lot easier to land your first job.

In the current economy, a lot of time HR departments will throw your resume in the bushes of general principle if you don't have some sort of education, even if it's not strictly required for the job.
 

ADK

Cleaner, I got this.
Supporter
Joined
Apr 7, 2013
Messages
17,356
Reputation
1,949
Daps
66,077
Reppin
Charlotte
Go to school, if you're not already in one.

It's true that you don't necessarily have to have a degree to work in IT, but it'll make it a lot easier to get your foot in the door. More importantly, if you enroll in an IT program you'll meet people that already work in the industry, and they might be able to put in a good word for you or help you get a job. Like a lot of people say, sometimes it's not just what you know but who you know. Doesn't even have to be at a university either, there are community colleges with pretty good IT programs. Even getting your associates will make it a lot easier to land your first job.

In the current economy, a lot of time HR departments will throw your resume in the bushes of general principle if you don't have some sort of education, even if it's not strictly required for the job.
IT is just computer programming aint it? Correct me if I'm wrong though :lupe:
 

acri1

The Chosen 1
Supporter
Joined
May 2, 2012
Messages
24,006
Reputation
3,755
Daps
105,014
Reppin
Detroit
IT is just computer programming aint it? Correct me if I'm wrong though :lupe:

Not at all, in fact some people don't even consider programming to be IT. There are a LOT of areas in the field you can go into, for example -

-Tech Support/Helpdesk
-PC Tech
-Network/Server Administration
-Database Administration
-Website Design
-Project Management
-Business Analysis
-IT Security
-E-commerce

Nobody does all of this, you have to specialize in something. I work in IT but I know little about programming. That's why it's important to go to school and figure out what you want to do, because just saying you want to work in "IT" is vague.
 

semtex

:)
Joined
May 1, 2012
Messages
20,310
Reputation
3,396
Daps
46,188
Not at all, in fact some people don't even consider programming to be IT. There are a LOT of areas in the field you can go into, for example -

-Tech Support/Helpdesk
-PC Tech
-Network/Server Administration
-Database Administration
-Website Design
-Project Management
-Business Analysis
-IT Security
-E-commerce

Nobody does all of this, you have to specialize in something. I work in IT but I know little about programming. That's why it's important to go to school and figure out what you want to do, because just saying you want to work in "IT" is vague.
Yeah IT and development are two diff things @ADK

IT has more to do with infrastructure
 
  • Dap
Reactions: ADK
Joined
Oct 19, 2013
Messages
428
Reputation
190
Daps
894
^^^^ I posted this on another board. Will post it here too. Hope it helps.

How to get into IT - A Primer

I see this question come up a lot so i figured i would put this together. Hopefully others can add to it and we can make this a sticky for newcomers.

In IT, employers will be looking for many things. However typically those things fall into the following categories: Experience and Education. However, Experience is most important, followed by Education. However, your education is what may get you into an interview so that you can explain your experience. Both are important. And you can (and many people do) get a job with only one. However you may be at a disadvantage.

Experience

To get experience can be difficult when your starting off. How can you get experience with no experience. Employers will be more willing to take a chance on you if you have certs or a degree. But there is nothing stoping you from gaining experience on your own. Offer to fix your friends and families computers. Build a home lab and setup your own domain, servers(VMWare) and network. Get good enough and you can throw it on your resume. Now you have experience.

Also, you want to take roles that will allow you to gain experience and learn new skills or technologies. Your first job don’t focus on pay. Focus on getting a role where you can learn a ton.

While you are getting that experience, its important that you increase your education. So always look towards getting a degree or adding certs. Those are your key to getting more experience and furthering your career. In IT, to be successful you will constantly need to be farthing your education and your experience. Get lazy in one area and you will regret it.

Education

Is a degree worth it?

  • Yes. Absolutely. A B.S. degree will benefit you in the long run. Now, typically it will help you in the middle/later stages in your career more than the beginning. However, for more skilled or higher paying roles they will be asking for a Comp Sci degree. And there are entry level positions that will take people with just a degree and no experience.

  • Also having a degree gives you more flexibility as you move between different areas of IT. Employers will be more willing to take a chance on those with a degree than those without. You will also have a much stronger foundation of knowledge which will allow you to learn new technologies faster and overall be better at your job. This is not to say you can’t get into and be successful in IT without a degree. But this is the less risk averse route.
What type of degree?

  • Best option is a Computer Science degree IMO. Keep in mind, this does not mean you have to be a programmer. The Comp Sci curriculum teaches you a strong foundation of how computers work (hardware, software and networking and how they all work together). This will be helpful in all areas of IT. Also learning to program teaches you logic. Again, this helps you to be able to figure out complex issues in IT even with no prior exposure. Also having some basic coding knowledge will also help you in IT.

  • There are other degrees out there like security, MIS, etc. however, Comp Sci seems to still be the one in demand. Plus i think its best not to pigeonhole yourself into one area so early in your career.
But this doesn’t train me for IT.

  • Most Comp Sci curriculums do not teach you stuff to get IT certs or to do a traditional IT role per se. It doesn’t necessarily teach you how to install and troubleshoot windows. But again, the knowledge that you learn will go a long way to benefit you in the long run and allow you to learn and pick things up quickly.

  • If you go this route, as a result of not getting traditional training or experience, you must get some experience/certs while in school. Most schools have a help desk or hire computer lab monitors. They usually hire students and are flexible. get a job there. you will graduate with a degree and a few years experience. Getting a job will be easy.

  • It would be also ideal to get a cert or two. Maybe while on summer break or something. See the section on certs.
What about Associates Degree?

  • Nothing wrong with this path. However understand that this isn’t a computer science degree so it won’t do much for you in the job search. However, you should be able to put it towards a Bachelors at some point. Make sure the classes you take will transfer to a 4 year program so you don’t have to retake them.
What about Online Programs?

  • Nothing wrong with this path either. Just make sure its accredited.
What if i can’t afford it?

  • Not everyone can. Not everyone wants to go into debt. There are many paths into IT. So instead of a Degree, get some certs and some experience first, then look towards getting a degree once your making some money.
Is it bad if i just get certs and no degree?

  • No. Just keep in mind this may hurt you later in your career, and restrict the number of positions you have access to. But if you have strong skills and lots of experience there should be no reason you can’t be successful and have a long career. And at the beginning of your career, the degree will hurt you less. But for more technical areas such as security or management roles, they may be looking for someone with a degree. It would suck to reach a ceiling later in your career and wish you could have gone back and got a degree. So, if you don’t have one, try to grab one (maybe online) at some point to give yourself better options as you get deeper in your career.
Certs

What certs should i get?

  • There are a ton of certs out there. What i usually recommend is for whatever jobs you are looking to achieve, browse the jobs boards and see what they are looking for in your area. If your looking for entry level jobs and most of the positions are looking for A+ and Net+ certs then get those. If your in the Security field and the jobs you want are looking for a CISSP, get that. All certs are beneficial, but it really depends on where you are in your career and what jobs you are going for.

  • If your just starting out, i would start with the basics. A+ and Net+. And even Sec +) Many entry level roles ask for these. They are usually a pretty quick study as well, so just bang those out. Then after that, look at building a foundation of OS + Networking. This will provide you a good foundation. If you want to play it safe go the Microsoft route. Or, go for linux. Or even Mac. Microsoft route will likely give you more options which is good to have when looking for a job. As for the networking route, go for the CCNA. Even if you don’t want to be a network admin, having this knowledge will help you in most areas of IT. Net+ should give you a good kickstart towards studying for the CCNA.

  • Do your best to have a skill set or certs that make you stick out. This means look at what areas are hot and maybe get a cert there. Or get a cert that makes you stick out. Early in my career, i had my MCSE and apple certs. This got me some pretty solid opportunities early on because not many folks had that skill set.

  • As for whats hot? Virtualization, Cloud, Security, Big Data.
What type of job should i get?

  • If your just starting out, take any role you can get to gain experience. whether thats Helpdesk, a NOC, Geek Squad or even starting your own computer business. Just get some experience and than after a year or two look at moving to a new role to gain some more experience. Try not to stay in a role where you aren’t building your experience. If you have been there for 4 years and aren’t doing anything new, look for something else. Don’t stay stagnant.

  • Once you have that base education, and after you start getting some experience, its time to decide what areas you want to take your IT career. Keep in mind IT is huge. You can stay in desktop or go the sysadmin route. You can go the networking route. Security, Vmware, Database, etc. Go for what you like. there will be a cert in that area for you to get.

  • Also keep your mind open to other IT roles. IT is constantly changing. Traditional IT is sort of going away as organizations tend to reduce in house staff and lean on vendors or cloud providers to maintain systems. With that being the case, there are many IT roles to be had with Hardware and software vendors. Whether its consulting, implementing the hardware or software(post sales engineer, systems engineer, field engineer, solution architect), helping to sell it (pre sales engineer), supporting and troubleshooting it (field engineer) there are many options and the pay in these areas is usually really good and better than traditional IT roles.

  • There are also roles in Project Management in IT or Management level positions in organizations where you can use your technical knowledge to manage vendors and implement/maintain the infrastructure.

  • Note that more of these newer roles require soft skills like being able to talk to customers. So don’t forget to build up these skills.
What if i am switching careers and want to get into IT late?

  • No problem. Go for it. However, if you can leverage some of the skills from your previous career do it. If your coming from the business side or sales, look at some sales engineering roles. Might be easier to get your foot in the door. Were you a write? Look at technical writing.

  • I will also add that many have observed significant age discrimination in IT. What this means is that the older you get, you need to best position yourself for the future. If your a sysadmin later in your career, they may be able to get a sysadmin thats younger and cheaper. So make sure you are building your skills so that you are employable if you get laid off late in your career. Moving to management roles may help those that are older.
Reposting this again.
 
Joined
Oct 19, 2013
Messages
428
Reputation
190
Daps
894
Not at all, in fact some people don't even consider programming to be IT. There are a LOT of areas in the field you can go into, for example -

-Tech Support/Helpdesk
-PC Tech
-Network/Server Administration
-Database Administration
-Website Design
-Project Management
-Business Analysis
-IT Security
-E-commerce

Nobody does all of this, you have to specialize in something. I work in IT but I know little about programming. That's why it's important to go to school and figure out what you want to do, because just saying you want to work in "IT" is vague.

What he said. Look IT is so broad. No matter what background you can likely leverage it in IT in some way. It doesnt just have to be programming or fixing windows. Nowadays its those non traditional roles that seem to be where its at. And at the root of those is being able to translate technical topics to non technical people as well as impacting the business. Get into a role like that and you are good to go. And you may not even need to be all that technical to do so. But you will always need to stay current and keep learning, especially whats hot in order to stay relevant. And having a good educational foundation will make it easier for you to move between these different roles and learn new things.

:sas2:
 

Nomadum

Woke Dreamer
Joined
Dec 23, 2014
Messages
4,622
Reputation
-705
Daps
9,074
Reppin
Nothing
Its a security certification. Its in very high demand. And more importantly, it gives you a very broad knowledge of the infosec realm. From there you have a better idea which direction to proceed as its a HUGE field. Below are the domains for this certification:

The CISSP® domains are drawn from various information security topics within the (ISC)²®CBK®. The CISSP CBK consists of the following 10 domains:

  • Access Control – A collection of mechanisms that work together to create securityarchitecture to protect the assets of the information system
    • Concepts/Methodologies/Techniques
    • Effectiveness
    • Attacks
  • Telecommunications and Network Security – Discusses network structures, transmission methods, transport formats and security measures used to provideavailability, integrity, and confidentiality
    • Network Architecture and Design
    • Communication Channels
    • Network Components
    • Network Attacks
  • Information Security Governance and Risk Management – The identification of anorganization’s information assets and the development, documentation andimplementation of policies, standards, procedures, and guidelines
    • Security Governance and Policy
    • Information Classification/Ownership
    • Contractual Agreements and Procurement Processes
    • Risk Management Concepts
    • Personnel Security
    • Security Education, Training and Awareness
    • Certification and Accreditation
  • Software Development Security – Refers to the controls that are included within systems and applications software and the steps used in their development
    • Systems Development Life Cycle (SDLC)
    • Application Environment and Security Controls
    • Effectiveness of Application Security
  • Cryptography – The principles, means and methods of disguising information toensure its integrity, confidentiality, and authenticity
    • Encryption Concepts
    • Digital Signatures
    • Cryptanalytic Attacks
    • Public Key Infrastructure (PKI)
    • Information Hiding Alternatives
  • Security Architecture and Design – Contains the concepts, principles, structuresand standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels ofconfidentiality, integrity, and availability
    • Fundamental Concepts of Security Models
    • Capabilities of Information Systems (e.g. memory protection, virtualization)
    • Countermeasure Principles
    • Vulnerabilities and Threats (e.g. cloud computing, aggregation, data flow control)
  • Operations Security – Used to identify the controls over hardware, media and theoperators with access privileges to any of these resources
    • Resource Protection
    • Incident Response
    • Attack Prevention and Response
    • Patch and Vulnerability Management
  • Business Continuity and Disaster Recovery Planning – Addresses thepreservation of the business in the face of major disruptions to normal businessoperations
    • Business Impact Analysis
    • Recovery Strategy
    • Disaster Recovery Process
    • Provide Training
  • Legal, Regulations, Investigations and Compliance – Addresses computer crime laws and regulations, the investigative measures and techniques that can be used todetermine if a crime has been committed, and methods to gather evidence
  • Physical (Environmental) Security – Addresses the threats, vulnerabilities, andcountermeasures that can be utilized to physically protect an enterprise’s resourcesand sensitive information
    • Site/Facility Design Considerations
    • Perimeter Security
    • Internal Security
    • Facilities Security

Cryptography seem's like what I'd be interested in. thanks for the information my dude!
 

Nomadum

Woke Dreamer
Joined
Dec 23, 2014
Messages
4,622
Reputation
-705
Daps
9,074
Reppin
Nothing
CEH is/was seen as the kiddy pen-testing certification as it is all book based. The OSCP is seen by many pen testers and pen test organisations to be the defacto certificate

OCSP is run by the guys who do Backtrack Linux/Kali Linux: https://www.offensive-security.com/...cp-offensive-security-certified-professional/

SANS are the (pretty much) defect training organisation, who in turn provide GIAC training courses (GCIA, GCIH, GREM, etc): http://www.sans.org. Their courses are expensive and most people have their funded by the work place. Else wise you can do work/study where you be an assistant in the class and be able to take the course at a very cheap rate

Security certifications are difficult in terms of usefulness. Most of them are useless without experience. But that experience can just be running labs at home, but you need to be more than a paper cert

Thanks for the clarification!
I'll definitely look in OCSP. I was thinking CEH would open me up to more security related gig's but since you broke it down like that, I'll research other options.
 
Joined
Oct 19, 2013
Messages
428
Reputation
190
Daps
894
Thanks for the clarification!
I'll definitely look in OCSP. I was thinking CEH would open me up to more security related gig's but since you broke it down like that, I'll research other options.
At the end of the day, look at the jobs in your area and see what they are asking for. Let that dictate the order in which you get your certs. If that means getting CEH do that.
 

StretfordRed

Afro-European
Joined
Feb 9, 2014
Messages
11,169
Reputation
-2,060
Daps
32,576
Thanks for the clarification!
I'll definitely look in OCSP. I was thinking CEH would open me up to more security related gig's but since you broke it down like that, I'll research other options.

I work in security, so I know most of the good ways in. Although my current field is very niche (Intrusion Analyst/malware Analyst)

Let me know if you need more help!
 
Top