1

I’m 17, and am a somewhat-employee at a mid sized organization. I say “somewhat” as I started out as an intern about six months ago, and am now in an odd state that I can only think to describe as “permanent intern.”

I’d like to aggressively move forward in IT, and am planning on staying as far away from college as humanly possible. From the wisdom I’ve gathered, certifications are a valuable complement to experience, competency, and the invaluable good recommendation of former employers.

I’m currently in a solidly Microsoft environment (2008 R2, Windows 7, SQL, SSRS, AD, O365, etc.), but I have spent a good portion of my life toying with Linux in pseudo*-server settings. What I’m really interested in is IT security though. I love abstract concepts of security, and also the technical, individual details. I literally get

I want to know what other IT people would see as useful certifications toward that direction. Vendor specific would be great, and in order in which to get them.

I’m working on the ever-so-boring-and-stupid A+ (possibly a waste of my time, but cheap insurance for résumés), and will probably proceed to Network+ (I really love networking too), and then Security+.

As an aside, I read the introduction to one of Bruce Schneier’s books on security and was so captivated I almost broke my self-imposed financial cap on book purchases. That dude is seriously awesome. I also picked up a used copy of his Practical Cryptography; It’s great, as a person who skips over the mathematics.

*That's an accidental pun.
12 Spice ups
2

The CompTIA certs are a nice starting point and will give you a broad generalized base of knowledge. For me, getting A+ and N+ filled in a lot if know-how gaps for me. Security+ is also nice to have, and is not a walk in the park like A+/N+.

As far as the college thing, many employers, sadly, want someone with a 4 year degree so they can work help desk, BUT many will waive the college thing if you have, say, 3-5 years of experience.

IT security is not getting any smaller, so if you know what you are doing and can hold a conversation with a business person, you will always be in demand.

I would recommend that you rush wildy down the IT path that excites you the most, because of you love AND are good at what you do, you basically become irresistible.

Bottom line- certs at good, college is good, but experience, passion and networking trump them all.

5 Spice ups
3

Personally I think these are a waste of time and money. Companies have changed their outlook on IT certs and it’s mainly a plus to have them compared to years ago when it was a must. Just look at most job postings. It’s experience and education that seems to be best practice these days. If you do want to get one though, I would aim more toward the CCNA as you will learn some network skills and Cisco training. If you go for certs, go for the training side of mind, not a cert guy looking or thinking you can make more money just because you have more paper on the wall.

1 Spice up
4

I’ll advise if you are going to go for any certs, since you already have six months experience, even as an intern, skip the A+. Start with Network+. If networking is what you want, then pick a path and plan for traveling down that road.

As for college, that is going to be up to you. At your age, I would advise get a degree and get it out of the way, that way later in life you don’t have to worry about it. Yes, there are places that will not even look at your resume unless you have a degree. Even if you have years of experience. Why? Different companies, different requirements. Even an associates would be a good.

Having experience will get you the job. Having certifications and degrees just help to open the door and get by HR (in many cases).

2 Spice ups
5

The first book I bought by Bruce Schneier was “Secrets & lies”. The ad for this said “System Administrators who read this book will quickly lose the will to live”. This peaked my interest and I now have several of his books; including one that I scored at IP-EXPO a couple of years ago, signed by Bruce himself. (He is a really cool and interesting guy to talk to; we spent about 5 minutes chatting after one of the sessions that he did).

Although vendor certs are OK, they often don’t give you the whole picture, just the part that relates to their technology. They also tend to change a lot so you could get caught in a cycle of constantly chasing upgrades to certs which can work out quite expensive.

There are some distance learning options that allow you to get highly respected qualifications whilst working. You should consider these as they will usually go a little bit more into the “whys” and “why nots”, rather than just the party line output in vendor certs.

If you find that security is definitely your thing, I would suggest that you look to SANS ( www.sans.org ). Most countries also have other options; in the UK the big one is Shrivenham ( www.da.mod.uk ) but there are many others.

However, I’d also recommend that if you do go into that, you should have more than a passing knowledge of the Cisco iOS. It’s also worth having a reasonable understanding of scripting in different products so that you can switch between them.

1 Spice up
6

If you want to get into IT security then CISSP is good once you have 5 years of industry working…esp if you’re in the USA.

Other good ones are the Comptia Security+ and CASP. which you can lead into CISSP.

In the mean time I’d start on the MSCE course of exams and certs. You’ll never be at a loss with those behind you.

2 Spice ups
7

CISSP is the daddy of all IT Security certs, but you need to KEEP it, and to do that you attend conferences, publish, and maintain a high profile within the system so it is apparent you are still utilising the skills learned, AND improving on them

to get there, I would suggest CCNA / MCSA - MCSE is better, but SA is the first part of it - you can always add the missing bit :o)

but crucially C|EH - Certified Ethical Hacker - those who have this can get into pen testing etc, real hands on IT security work

CompTIA are great ENTRY level certs, as stated earlier, you already have experience, so ditch A+, I found Security + a breeze, but it was a subject I was interested in, and I too had read lots of books on the subject

you are young, so you have one thing most here do not, and that is time, you can afford to make a mistake, and still have time to try again, but time is one way, and if you get it right first time, saves a lot of feckin about later in life :o)

you appear to have a clear notion of where you want to be and what you want to do, you just need to start out on lifes great journey, and let “Illegitimi non carborundum” be your watchword, luck to you

4 Spice ups
8

<Furiously scratches down notes; draws out a timeframe>

So I’m fairly sure I just had a life-changing fifteen minutes reading the above advice just now. Funny – the times you decide on what you’re going to try to learn in the next few years and do serious life planning.

I need to get my butt in gear. Thank you guys.

3 Spice ups
9

17 & on Spiceworks…I think you’re already ahead of the game.

8 Spice ups
10

As suggested by others > Start with Security+, CEH (if you really want to indepth into penetration testing and such), then you should be prepared to do CISSP.

1 Spice up
11

Have you thought about just going for the degree in network security, look at some college sites and see what is included in their degree programs - here is the one at Pace University: Network Security Degree to get you started

12

Love the pseudo/sudo pun even if it was accidental.

To echo others if you’re set on going down the path of security I’d say Security+, CEH and eventually the CISSP as your end goal. Might be good to throw the MCSA: Server 2012 in there also as many corporate environments are going to be Windows Server platforms and you should have a good understanding if you’re going to be securing them or testing the security of them.

1 Spice up