Certification Magazine - October 2007 - (Page 12) DEAR TECHIE Starting a Security Journey I am a network administrator at a software company in Dallas. I would like to become a consultant for companies, helping them with vulnerable security issues. I was wondering what certification and experience route would be good for me to take. — August A. Wayne Anderson: Hey, August! Lucky for you, in the United States, the Department of Defense (DoD) has issued a guideline specifically for those working in information assurance for agencies and contractors of the defense department. This might provide some of the opportunity keys you need to build your own career. DoD directive 8570.01 sets up a compliance program so that anyone interested in working in the field for agencies and agency contractors has to comply with certain knowledge and reporting requirements. Specifically, they need to pursue certifications according to the type of work they do, and they need to have an on-the-job review on a regular basis, as well as some continuing education and training requirement. There are potentially 400,000 jobs affected by this requirement, many of which are contract positions. So start small. Directive 8570.01’s Information Assurance Technical table specifies a Level I (general computing environment) technician needs to have one of these certifications: A+, Network+, Systems Security Certified Practitioner (SSCP) or TruSecure ICSA Computer Security Associate (TICSA). As a practical matter, you probably have the knowledge of A+ or Network+. If you do not have either of those certifications, I would recommend the Network+, as it provides the basic networking knowledge that will be key to building your security skill set. At Level II (advanced computing or network environment) lies Security+, which I strongly recommend because the process of studying for the exam ensures an individual has a strong, broad basis in each of the content areas that make up physical and IT security. Once you have Security+, you need to build additional experience, as well as study some of the deeper certifications in the industry. In particular, Security Certified Network Professional (SCNP) and SSCP come to mind. 8 Ken Wagner: Wayne has brought up excellent points: Work on building on your current experience and certifications. CompTIA’s Security+ is a great place to start. So, let’s look at trying to get some experience to put the certification knowledge into practice. You mentioned that you’re already a network administrator. Depending on your current company, you might have a separate department dealing with network security, or perhaps security is one of your responsibilities. If you do have a separate IT security department, I would approach your line manager or supervisor to arrange some job shadowing or job placement. Not only will this ease you into the world of IT security, but this route also has the bonus of increasing your job satisfaction and giving your company the ability to use you when it is short on IT security staff. If it is the latter, and IT security does form part of your job role, I would recommend starting to implement some of your new knowledge gained from the certification program(s). Remember to never just implement a new setting into a live environment — try it out first on a test network. If you don’t have one, create one. This would not only let you test the security settings but also let you test other possibilities that aren’t related to security such as remote application deployment. If these two options are unavailable to you, and you find it hard to find alternative paid work, you still have the option of volunteering. Although this isn’t everyone’s cup of tea, you might find it useful in the future. 8 Wayne Anderson is a highly certified system engineer course developer for Avanade, a global Microsoft consultancy. Ken Wagner is an IT network manager and part-time IT lecturer in the United Kingdom. He has lived in the United States, Asia and Europe. To pose a question to Ken and Wayne, send an e-mail to DearTechie@certmag.com. 12 CERTIFICATION MAGAZINE October 2007
Table of Contents Feed for the Digital Edition of Certification Magazine - October 2007 Editor's Letter Contents Data Stream Tech Careers Dear Techie Academic Connection Virtual Village Rebooting Your Career Development Inside Certification Forensics Investigators: Cybercrime Fighters Interface Building Your Skills Through Security Tools Ad Index Endtag Certification Magazine - October 2007 Certification Magazine - October 2007 - (Page Cover1) Certification Magazine - October 2007 - (Page Cover2) Certification Magazine - October 2007 - Editor's Letter (Page 3) Certification Magazine - October 2007 - Editor's Letter (Page 4) Certification Magazine - October 2007 - Contents (Page 5) Certification Magazine - October 2007 - Contents (Page 6) Certification Magazine - October 2007 - Contents (Page 7) Certification Magazine - October 2007 - Data Stream (Page 8) Certification Magazine - October 2007 - Data Stream (Page 9) Certification Magazine - October 2007 - Tech Careers (Page 10) Certification Magazine - October 2007 - Tech Careers (Page 11) Certification Magazine - October 2007 - Dear Techie (Page 12) Certification Magazine - October 2007 - Dear Techie (Page 15) Certification Magazine - October 2007 - Academic Connection (Page 16) Certification Magazine - October 2007 - Academic Connection (Page 17) Certification Magazine - October 2007 - Virtual Village (Page 18) Certification Magazine - October 2007 - Virtual Village (Page 19) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 20) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 21) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 22) Certification Magazine - October 2007 - Rebooting Your Career Development (Page 23) Certification Magazine - October 2007 - Inside Certification (Page 24) Certification Magazine - October 2007 - Inside Certification (Page 25) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 26) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 27) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 28) Certification Magazine - October 2007 - Forensics Investigators: Cybercrime Fighters (Page 29) Certification Magazine - October 2007 - Interface (Page 30) Certification Magazine - October 2007 - Interface (Page 33) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 34) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 35) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 36) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 37) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 38) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 39) Certification Magazine - October 2007 - Building Your Skills Through Security Tools (Page 40) Certification Magazine - October 2007 - Ad Index (Page 41) Certification Magazine - October 2007 - Endtag (Page 42) Certification Magazine - October 2007 - Endtag (Page Cover3) Certification Magazine - October 2007 - Endtag (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.