Hello to all, I could really use some help with figuring out a path to get a career in either digital forensics or computer/network security.
I do not have anything under my belt so to speak. I do not know if I should start off with certs then get a degree or if i should get the degree then certs.
I do know computers though but by no means near a degree. I have been messing with pc's since i was around 10 and I am now 32. I was a pc technician for 2 years in 1996-1998 until the place went under.
Since i do know a good deal of pc;'s I was thinking of getting my A+, Network+, Security+ first. I thought this would be a good foundation. Then i am not sure what to do or if i should do that.
I thought that route, would make it easier for me to get my bachelors degree, in digital forensic. Either from Champlain or a local college which i could go inperson but i like Chaplain due to being able to take online.
I thought once that is over with, i could go for a certification. Which one, i am not sure of. I have heard its good to go cisco certified with there security cert. Then i have read about another few out there like the isc2, i forgot the other ones right now but ib anyone could help me out that would be great …. Thank you
Having a degree will always help, especially with earning power.
I would first search for forensic/security job postings and see what requirements a majority have. All of them will say a degree or equivalent experience. I've also seen A+, Security+ and various forensic certifications such as the EnCE and CCE as requirements too.
There are many Security positions with forensics tacked in on the side. That might be a better route to go to get some exposure to forensics.
You'll see many different opinions about certifications, but I say they are useful in many ways and it can never hurt to have them. A+, Network+ and Security+ is a good base and they can be done rather quickly. Another thing to keep in mind is that those certs from CompTIA lose their lifetime length at the end of this year I believe, so it might be worthwhile to get them in before then and then update them if it is required by your employer. With that base and your experience I'm sure you might be able to find something security related and work on studying forensics on the side.
Not knowing how much time you have to dedicate to studies, I would say take some classes toward a degree from Champlain and do the base CompTIA certs on the side. Do you have a degree already? Some classes from Champlain might even work toward some of those certs, not sure. Might be something to check out.
I like Sybex study guides. There are many threads here about reading material for forensics. Might check those out too.
Hope that helps some. Just my opinion and by no means is the best approach. Do some more research and see what works best for you ).
chanko86, yes very helpful… thank you… I could put a good amount of time towards the certs for now. I could put my lunch hour and 2-3 hours a night after i put my kids to bed into study. Even more on the weekends maybe something like 5 hours sat and sund.
I am glad you mentioned the sybex title. I have the a+ sybex book and cd that i bought a while back. just started to read it.
One other thing when does the comptia certs change to there new standard or what not.?
When does the time expire for the comptia certs?
My understanding is that they never expire, nor do they need to be renewed.
I need to correct myself. Apparently CompTIA just announced they are placing a three year shelf life on their certs starting January 01, 2011. Details at the link below. Go get certified by December 31, 2010 to get the lifetime warranty.
http//w w w.comptia. org/ certifications/ listed/ renewal.aspx
I'll put my oar in on this one, but only from the security side - I work professionaly in InfoSec, and your minimum standard is a CISSP, CISA or CISM. I've yet to meet anyone working who has Security+ … As a US poster, you aren't likely to be interested in the University of London, MSc in Information Security available here ( although they do a distance learning form … ) which a number of my colleauges have. The ISO27001 Lead Auditor qualification opens quite a few doors, and the SANS courses are generally quite well regarded as specific, targeted training - and they cover off things like PenTesting etc.
I'm a self taught "hacker" - built up from a CompSci degree and a lot of years of UNIX sysadmin experience - this, in my opinion ( which it would be, because I'm biased ! ) is the best way to get into Network security - hands on experience of DNS, Mail, Web, FTP, file etc. servers, authentication mechanisms, routers & routing etc. gives you a great understanding of the way that things work in a TCP/IP world and where misconfigurations, vulnerabilites and issues exist.
I specialise in UNIX security ( Solaris, AIX, Linux etc. ) but because of the fundamental grounding I have also worked with Microsoft products with a great degree of sucess - not least because of late they have been ripping of UNIX left, right and centre … ( LDAP, Kerberos, NTP, DNS etc. are all "borrowed" [ and then not implemented well, but that's a different topic ] )
I know that this is a Forensics forum, so I'll shut up now, however if you want to chat more, drop me a PM.
I agree with what some of the other posters said. A+, Network+ are a good start because they are inexpensive tests and should be achievable if you have experience in computing and troubleshooting.
CISA may also be a good starting place, although I believe it requires some verified hands on experience in certain areas… I believe CISSP does also.
The certs vs. degree debate has been discussed ad nauseum (though rightfully so), so you can probably find more information through searching the forums a bit more. I will say that my advocacy for
1. The scope was broad (legal aspects, file systems, network forensics, expert witness, report writing, etc)
2. Networking with others - Many students were established members of law enforcement, IT security and upper management in IT.
3. I was able/required to do an internship. I became a civilian volunteer with a sheriff's office – an unwritten partnership the University had with the sheriff's office. I also took 2 semesters of internship with a forensics lab (at about 10-15 hours a week).
4. I was able to pursue certificates along the way.
You're not too old to apply for some of the entry level civilian federal law enforcement positions out there. Although, having a family can make it tough to make entry-level government work (salary/relocation).
Go check out your local
Lastly, there are many great podcasts out there that discuss this topic often. They will also keep you up-to-speed on current issues.