RE: advice

[Sérgio Dias <stdiasp () uol com br>]

Sorry Jeff, But in my opnion CISSP is not a mid-level security
Certification. It's the best Certification in use actually. The Mid-level
can be GIAC, CSSP...But never CISSP.

I think like you. Know all about Routers and TCP/IP. Know all Concepts about
SO. Good Practices for sec, like Sec+. And finally take the CISSP exam.

If you want work with Forensics, then you need another certification focused
only in this Subject.

Sorry for my bad English. I'm talk from Brazil.

Tks,

Sérgio Dias
MCSE: Security

-----Original Message-----
From: Jeff McLaughlin [mailto:JMclaughlin () springsgov com] 
Sent: sexta-feira, 2 de janeiro de 2004 19:13
To: 'John Kampanellis'; security-basics () securityfocus com
Subject: RE: advice

IMHO,

Network Security will rely on your ability to be proficient in many
disciplines. To secure your network it is very helpful to understand what is
running on it and how it runs on it.  Network security crosses all
boundaries and being effective means you have a working knowledge of
networks and the apps/OS that run on them.  You need breadth as well as
depth.  

Understand that although helpful, it is not a good idea to learn the
material with the goal of just passing a test.  Your goal should be a
through knowledge of the subject which should allow you to then pass the
test.


A certification process you could follow could be.

To demonstrate you understand the network environment.
CCNA (Network), MCP-Windows 2000 Server & Networks (OS), Linux+ or other
linux cert(OS), Security+ (or other basic type security cert)

To demonstrate you have depth.
CCNP or CCSP, MCSE or MCSP, CISSP (or other mid-level security cert), 

To be an  "expert"

CCIE, RHSE, multiple certs in apps database, programming.

HTH,
Jeff McLaughlin
MCSE,MCNE,CCNP,CSS,MCDBA,MCSD,Linux+,Infosec

P.S.  I think I have a very good knowledge of networks because of my MCSE
certification.

-----Original Message-----
From: John Kampanellis [mailto:ikampa () enst fr] 
Sent: Friday, January 02, 2004 12:49 AM
To: security-basics () securityfocus com
Subject: advice

Hi!

I know my question has already been asked, but I think that answers do
not follow the rule one size fit all.
What I would like, is the chance to get as much as I can from the
maturity and experience of the people joinning this list.

I come from Greece. I a holder of a diploma in Electrical and Computer
Engineering and I am about to finish my MSc in System and Network
Security, pursued in France. Considering, that I am about to finish my
internship, I have to thing what to do next. I decided that a first step
before entering the market, could be to get a certificate. But which
one? 

I am pationned with security and and I am very intersted in networks. My
opinion is that  being successful in the security domain, requires from
someone to have a very good knowedge of networks and systems.So my
questions are  the following:

1)Should I get a certificate in networks , i.e. CCNA? 
Since I have an MSc in security may be being certified in networking is
better.
I believe that I know 70% of what CCNA covers. However, may a
certificate may help me at the beginning of my carreer.

2)Should I get a ceritificate in security and in that case which one?
I know some of you would recommend me certificates such as:GIAC, CISSP,
CSSP.
However, the problem is that I don't thing there are centers in Greece
where I can get the exams.
The only one for which I have found a exam center is "Security Certified
Program (SCP)".
What is your opinion about?

3)My third option (which I don't like so much) is a Microsoft
Certificate such as MSSE.
I am asking you, even though I don't like this option so much. I don't
thing that people in Microsoft have real good knowledge about networking
or security.

Thanks in advance,
John



---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------