I’m currently a net admin at my company and part of my role is going to be more security driven. I want to get to speed on security and need to find the right class. I see so many of them like security+, cyber security hackers exposed (udemy) etc etc. Anyone taken any good classes online where you learn something and not just prepare for a cert? If so were did you take them. I also want to start writing security policies for my company because as of know we have none lol.
I currently manage
- Cisco Switches
- Cisco ASA 5505 and 5510 firewalls
- FortiNet 60g Firewalls
- Cisco 2811 Routers
- Ubiquity Wireless
- o365
- SharePoint Online
- vmware datacenters
- EMC and HP SAN’s
- among many other things
I just feel our security could be much better and I also want to get myself prepare for a job in IT security moving forward.
9 Spice ups
Cybrary is a great free resource for any and everything security related. Their live sessions do require a paid subscription though.
Pluralsight is another great tool I’ve found for transitioning over to a more security-oriented role in my organization. I believe they offer a 10 day free trial.
4 Spice ups
Please don’t take any of this the wrong way. It’s all speaking from experience. I’m not a security genius and I’ve been in the game for 20 years.
You won’t get nearly as much knowledge, if any at all, without hands on experience. Do any course you like and you will gain some insight, but work on test gear that simulates your production environment and you will learn infinitely more and far quicker.
Security is a mind f@#k. No matter how much you put up, someone with the skills needed will find a way around it. Don’t spend eternities trying to lock things down otherwise you’ll go insane trying… trust me on that (and I’m sure many experienced security techs will back me on that). What I mean is that focussing two weeks on something that is unlikely to get compromised soon while something else gets compromised that would have taken you 10 mins to fix. Save your big and less priority jobs till you’re happy with your situation at hand.
Learn by device. Just because a device you used (or someone else used) works one way, doesn’t mean they all do. Every device is vastly different. Learn the devices you have one by one. Ie: learning to be a Cisco cli jockey is extremely handy but knowing how a specific device works and all it’s nuances, well that’s another thing all together. Get right into every function and learn how it works well. Research it’s vulnerabilities and test whether yours is susceptible and what is required to secure it.
Google and spiceworks are better resources than manuals. Manuals are basic guide only. People’s experiences and answered questions online will teach far more than any course ever. And courses rarely change to adapt to new issues that have been explored and fixed online.
Security isn’t just security. It’s numerous things outside of the expectation. Updating firmware of devices regularly increases security. Revising configurations to ensure other people’s changes haven’t caused a potential compromise. Teaching your users about security and making sure they value why it’s Important. Sometimes even physical security gets overlooked until a contractor rips out an “unused cable” only to discover it’s integral. How easy is it to cut your power or internet cable externally, or even internally for that matter (disgruntled employee).
There are so many things I’ve missed as it’s a massive subject - security. Do courses if you think it will help… I did and learnt the hard way lol.
Oh and another trick… learn hacking which will force you to learn security backwards. Much deeper understanding of security.
4 Spice ups
Check here few more suggestion on Security+ certification: Recommendations for Security+ certification study guides
Your admin experience will serve you well as you pursue expertise in the security area. +1 for the Cybrary suggestion. Quality is a bit spotty, but good stuff can be found there. If you have the budge, one word - SANS
Hi there! Just as an additional suggestion, have you considered any ISC2 courses, such as CISSP?
A CISSP shows you have the knowledge and experience to design, develop, and manage the overall security posture of an organization. If that sounds like a good certification to add to the mix, here’s a link to some more info: CISSP - Certified Information Systems Security Professional | ISC2
Hope that helps! Let me know if you have any additional questions.
Good advice and I will not take it the wrong way at all :). I’m more or less trying to find a place to start and tighten up security at my company. Or just take an online class with IT security foundation or basics cause I know a good amount of it already from working in IT for 15 years.
Thanks again.
I took some CISSP courses in college and learned quite a bit about security.
Hey ipconfig28 , I totally get wanting to prepare yourself for a job in IT security and tightening up the security where you’re at now. Which is why I would look into Skillsoft for IT Skills and Certification training . It offers everything that you’re looking for. Skillsoft provides books, courses, and hands-on exercises that give you the skills you need to keep up to date with cyber threats and defense measures. Some of the most popular cyber security courses are; Certified Ethical Hackers (CEH), CompTIA cybersecurity certifications (Security+, CSA+, CASP), Cisco certifications in security, and ISC2 certifications (CISSP). As well as many other courses in IT Skills and Certifications. If you have any questions or would like to discuss the products further, please let me know and I’d be happy to help! Good luck going forward!
@richdalrymple
