Hi Spiceheads!
I am doing helpdesk support as my official job title for the past 3 years, but as I am the sole IT person at my company (80+ employees), I obviously get to do all other sysadmin stuff.
I have learnt A+, Network+, Linux +, MCSA Server and more.
Since we use enterprise grade Cisco routers, I outsource that part, so I am not doing much networking.
For some reasons I am considering proceeding with Cyber Security in my career
My questions to you spiceheads are;
-
What do I need to know before proceeding to Cyber Security? Is it really for me?
-
What is an ideal learning path, in terms of certification, courses etc.? (at least to start with)
Note, that I would have up to 2 hours a day to get to learn. Any help is appreciated.
5 Spice ups
nelsonsa
(Nelson9480)
2
Networking and Linux is always a great basis for learning Security. As for whether it’s for you, well no one but you can answer that! You have to decide for yourself whether it’s where you want to be and what you want to do.
As for “ideal”. Well there isn’t a proscribed list you can intimately follow, but I’d probably suggest starting off with CompTIA Security+ then you could move onto either CASP or CISSP. There’s also OSCP and CEH, depending if you want to get into pen testing and ethical hacking.
Start looking within your own company about your security practices. Start talking to your boss about Business Continuity, Disaster Recovery and the company’s Information Security policy. Can you find ways of improving security via your network, physical space or procedures? See what it takes to get the business SOX or ISO 27001 compliant (even if you don’t actually go for the accreditation, it’ll help you gain an understanding of what’s expected).
Good luck!
1 Spice up
What kind of Security do you want to do?
I am an analyst/administrator. I unblock websites for business units, respond to alerts, and build firewalls. Saying “I want to work in security” is like saying “I want to work in computers”, you need to find something a little more specific.
2 Spice ups
cyberoptiq
(CyberOptiq)
4
This might help shed some light on your question:
https://www.technologyreview.com/the-download/609275/a-lack-of-cybersecurity-talent-is-driving-companies-to-use-ai-against-online/
Should you get into the cybersecurity field?? In my opinion, YES!! What have you got to lose?? Check out cybrary.it for free courses and if you’re a veteran check out the cybersecurity channel on Slack. They also provide help for veterans and free memberships to the Linux Academy for Linux courses. You’ll need to know some Linux/Unix if you plan to get into cybersecurity. Besides, it doesn’t hurt to know it anyway. If there’s anything else I or anyone here can help you with let us know or DM me. Good luck!!
@spiceuser-6w71b
1 Spice up
unfortunately this is something nobody can answer for you in regards to if you should go the security route.
ask yourself these questions then answer them internally:
why do I want to go down the IT security career path?
do I actually have an interest in IT security or am I going to do this in hopes of chasing a hefty salary?
if you have an interest good luck on your journey as IT security can be a great career field to dive into. but if you don’t it would suck getting deep into something you’re not interested in and could end up hating.
1 Spice up
Great tips in here, I really appreciate them.
That is exactly where I need more info before finalizing if I should go into Cyber Security. With little knowledge on what is available, it is complex to decide.
This is a good tip! As for BCDR I fully implemented and tested a plan, great idea to get compliant with one of the standards!
Thank you, will definitely take a look on cybrary.it
Simply because, setting up HA servers we need proper security – otherwise there is no HA!
I would definitely not consider it if the salary would be low… But the point is not actually the salary, rather that I sometimes try to hack our own site (and even paid for a pen-test, due to the lack of knowledge I have). Penetrating s system, AD environment as well as websites is actually something that makes me considering that direction
Hope I am clear enough 
Hey OP - Just wanted to pop on in case you’d like more info on (ISC)2 related certifications: Cybersecurity Certifications | Information Security Certifications | ISC2
One route that may be beneficial for you is our Associate of (ISC)² program, which is an alternative to normal certification processes that we offer. Essentially, you can validate your knowledge without having to wait years to validate your work experience.
Here’s a quick video that explains the program:
Here’s a link if you’d like to investigate more! Become an Associate of ISC2
Hope that helps!
Hey OP! If you haven’t already, I highly recommend checking out the Security Forum on the community! Tons of information/discussions/how-to’s available to peruse if you’re just needing some general inspiration or more information on a specific aspect of cyber-security. If you’re still trying to decide whether or not it’s a good move for you, looking around the forum at popular topics/discussions might give you more of an idea about the industry/challenges etc! Link for convenience if you’re interested!: https://community.spiceworks.com/security
Good luck!
Frankly with your existing certifications and experience, it seems a security certification is more complementary to your skill set than determinative. A good admin should have a good grasp of security concepts which you could get with a Security+ and maybe an additional certification. On the flip side, if security really floats your boat, then by all means full speed ahead!
Do what you love and the money will follow.
I suggest setting up a lab and start practicing the skills needed for the positions that you want. Lookup the most common skills and tools on job descriptions on indeed.com and lab around them. You might also want to watch this: https://youtu.be/VoEFwADBH2Y
youngitpro
(Bluedevil58)
11
I would get up with someone from BAE or Alert Logic. They are all about cyber security. Would be good to get advice from someone in one of those outfits. Especially if you want to focus on edge protection. Have you ever worked on a Firewall before? Right now the cream of the crop seems to be Fortinet with Palo Altos close behind. The age of the ASA is pretty much over with or should be.
