comptia security +

fire_munki · 11 May 2012 at 18:17

Hello, this is my next aim to learn.
If any one here has done it what is a good book? I've read the all in one guide before is the 301any good?

mr_stat · 11 May 2012 at 18:59

Decided against the compTIA security+ as it doesn't seem to have that solid of a reputation (seems to be seen as very basic material). Have you considered SANS' GIAC certs - pretty tough but nice and indepth.

Ev0 · 11 May 2012 at 21:39

Depends on what you want out of it, what you do, and what your levels of knowledge are already.

Sec+ is a very good introduction to things but doesn't really go into much detail.

I'd recommend it if you're just starting out in security or you're not there now but would like to be. Would also go as far to say it'd be handy for most people in an IT dept to do it as it gives a decent enough general overview of the area.

I'd have said the SANS GIAC certs are the next stage really, plus it depends what area of security you want to go into (secure development, pen testing, infosec management etc) as to what you'd pick to do afterwards.

As for books when I did it the Mike Meyers passport one was very good so that's the one I'd recommend.

Any other questions just shout

mr_stat · 11 May 2012 at 21:51

I'm not sure I agree with that post to be perfectly honest. If you are paying yourself for a qualification I can say personally that the CompTIA security + is not even considered by us at all (employment wise). The level of detail seems to low. When I was considering options for an introudction to info security, it really was the bottom rung. If your employer is paying, then that's a different matter, but as an individual, then I feel you have better options.

Ev0 · 11 May 2012 at 22:03

If you're self funding/studying with the difficulty level of Sec+ it's just really the cost of a book and exam which isn't much.

As said it depends on why you want to do it, in your example if you want it to go get an info sec job then yeah it's not 'good' enough on it's own. But then if you're totally new to the field then there's no point going straight in for something higher and would likely nly be going for an entry level position anyway.

I'd agree that Sec+ isn't going to go getting you any jobs on it's own, I never said it would, just that it's a good intro to the field.

Could also then help you decide first if you like security, and secondly what you want to do in security.

The GIAC Sec essentials is a good one but if you're totally new to the area maybe not the easiest way to start.

Most security jobs only ever seem to list a couple of security certs in their requirements anyway, and Sec+ and SANS aren't the most common.

mr_stat · 11 May 2012 at 22:12

I understand your comments, I guess, I feel sometimes OCUK'ers are thinking a qualification is there way to a high paid (in this case info sec) job. I feel whilst the sec+ qualification is certainly worthwhile, it in no way indicates any ability in the area. It's not a snob thing it's a depth thing.

I tend to rate the GIAC exams just because when I attend them, they do seem to teach material that is real, current and challenging. But many courses like CEH and others like sec+ seem to be the high level and not on a level to actually instruct people on how to deal with threats.

Whatever the OP decides, I wish him the best luck in discovering more information on the info sec world.

Ev0 · 11 May 2012 at 22:17

Well I'm certainly not saying it's a ticket to a high paid job, that's what the CISSP is for

Which again doesn't have much depth at all, but at the end of the day if it gets me the job I want I'm not complaining!

The GIAC stuff is great for depth, as are the proper pen test tracks (Check/Crest/Tigerscheme), a lot of other certs in the area are pretty general.

mr_stat · 11 May 2012 at 22:20

I think we agree Evo

Best of luck to you and the OP

fire_munki · 12 May 2012 at 12:35

I think for my current skill set to in depth would just confuse me.

It's something I think I could be interested in and a book to read through would seem to be the best way to find out before spending a lot of money on courses.

As wrong as it sounds these days, I'm not a particularly materialistic person so using it as a route to a high paid just isn't what I'm looking for, I'd rather be happy in my job.

J.B · 12 May 2012 at 13:40

Ev0 said:
Well I'm certainly not saying it's a ticket to a high paid job, that's what the CISSP is for

Which again doesn't have much depth at all, but at the end of the day if it gets me the job I want I'm not complaining!

The GIAC stuff is great for depth, as are the proper pen test tracks (Check/Crest/Tigerscheme), a lot of other certs in the area are pretty general.

Woooo CHECK and CREST!

The funny thing about the CISSP is they are well respected, yet everyone has one :confused:

Ev0 · 13 May 2012 at 11:49

fire_munki said:
I think for my current skill set to in depth would just confuse me.

It's something I think I could be interested in and a book to read through would seem to be the best way to find out before spending a lot of money on courses.

I'd say pick up the Mike Meyers passport book on Sec+ and have a read to see if you like things.

J.B said:
The funny thing about the CISSP is they are well respected, yet everyone has one

Whilst a lot of people do have CISSP it's still very much in demand as I get contacted about jobs all the time still and I'm not even looking anymore!

Saying that I've noticed from my last few places of work that it's one of those things that so many people have on their to do list but never get round to it. They all have the books lying around and keep saying 'yeah I really should do it' but they never do

End of the day if you need it to 'play the game' then who am I to argue, if it's one more thing that helps get that job you want then fair enough.

fire_munki · 13 May 2012 at 21:25

So I don't fall foul of the no-competitors rule, is this ISBN: 0071771476 the one I should be looking for?
The passport doesn't look very informative more practice exams.
This one also got a few good reviews: 1463762364.

Ev0 · 13 May 2012 at 22:00

ISBN 0071770380 looks like the updated one of the copy I had. Leant it to a friend ages ago and haven't had it back

fire_munki · 14 May 2012 at 11:46

Feel I should a bit more about me and my knowledge (joke):
I've just passed my N+ and am working as a basic 1st line support role, I've also got a Diploma of HE in Comp Sys Eng but this doesn't have any bearing on any real specific technical processes.

As I said I like the sound of the security course but is it worth trying the Microsoft/CISCO certs before hand?

Pajeh · 14 May 2012 at 12:52

What jobs roles are you thinking about? Have a look at some job specs and see what certifications are wanted.

CISSP is always good to have. Assuming you don't have the 5 years experience required you could still take the exam and become an associate of (ISC).
https://www.isc2.org/associates/default.aspx

If you want something more technical then look at CREST Registered Tester.
http://www.crest-approved.org/registered_tester.html

fire_munki · 14 May 2012 at 13:33

CISSP looks like I wouldn't have the experiance to go there just yet.

Job wise, I'm keeping my options open for most low level roles, I don't know enough to specialise, hence trying to work out where I go from here.
MCIPT Server Admin was my other idea.

Ev0 · 14 May 2012 at 14:53

Yeah going on what you've said CISSP is not for you yet

If it's the management side of things you wanted to go down then you could start with the ISEB (or whatever they've recently changed their name to) CISMP, and the ISC2 SSCP (the 'baby' CISSP).

But I understand that's probably all way off and you just want to expand you're learning a bit, get the Sec+ book and enjoy (or not if you hate it).