As promised this is my plan thread. I am putting this out here so I can have something concrete to look at. This started off as a response on one of the forums that I am a member of: http://www.techexams.net/forums/security-certifications/58374-q4-2010-2011-security-cert-objectives.html
I have been tormented for a few months about what I want to do next. My heart was telling me one thing and my head was telling me another. Well I told them both to shut it and I am now going with my gut. My gut is telling me that I want to be different from Joe IT out there and I need to think differently and study differently. As many of you know, I want to be a security engineer and although I currently hold the title Network Security Admin I feel like I am not as l33t as I want to be. So I am thought long and hard about what I want to do to get myskills up and this is what I have come up with. I will start off with my cert goals and then work to my non cert goals:
Security+ - October 9th 2010
- I want to complete this test so that I can round out my basic security knowledge and work towards building a firm foundation in security.
LPIC-1 (November/December) 2010
- Sharpen my *nix ninja skills
- The reason why I want to do this test is two fold. The first is to further strengthen my core security knowledge. The second is that this will help reduced the amount of time required for the CISSP. I also think it will be good review for the GSEC
- This one is for HR people and because I need to understand more of the service and business side of IT.
- I may drop this test if I need to save the money. I want this test to validate my basic pen testing knowledge. The elearnsecurity looks pretty good so I am thinking about dropping this and going for that instead. It would have to be after the SSCP (passing and endorsement) since I can get 40 cpe credits for doing it (which that along almost makes it worth it).
- This test represents a mini goal of mine. First I want it simply because of the weight that SANS certs carry in the IT community. Second I feel that this will be the basic knowledge I must obtain in order to feel a little more comfortable with my OS security knowledge. I want to know more but this test is sort of a baseline for how much I want to grow at least in that area. If I don't obtain this level of knowledge I will be pretty pissed off.
- This is the exam I really want. This test represents what I'd really like to do (network analysis and so on). I want to have this level of TCP/IP knowledge and so on before the end of next year. I am willing to cut down a few other test in order to be able to afford the GSEC and GCIA because both of them are $900 to challenge. Studying is a must for both. I plan at least 2-3 months of dedicated study for the GSEC and 3-4 for the GCIA.
Start the new CCNP Security track
- This is also an option I may do as it will be much more affordable to do than the SANS certs. If I do, I'd really like to do the new SNRS (which will now be called SECURE)
There is a bunch of non cert goals I have but I will try to keep my scope to an IT nature:
Learn perl, python
Learn Windows/Linux security
- I have much more interest in Linux so I just want to learn about the essentials of Windows related administration and security
Get to LPIC-2 level of linux knowledge
Learn IPv6 (and IPv6 security) well enough for enterprise deployment
Read 25000 pages
Graduate A.A.S in Network Engineering and Software development w/ Honors
Enroll in an BS program
Join 2-4 professional groups
I have a feeling that the cert goals are going to be difficult to keep especially the SANS certs due to $$$ and all but we will see. My first objective is to keep my family feed and our budget in order. Courtney in a ninja when it comes to the number so I know that if I give her my plan she will make it happen. I just need to stick to my goal and try not to change it so much. If it comes down to it, the ones I really want are GCIA and GSEC. I am on the fence about C|EH. I want SSCP but not as much as GSEC. If I drop SSCP I might drop C|EH as well and fill my time with GSEC, GCIA, ITIL and maybe LPIC-2 or something else. I just need to look at the dollars and cents.
These list will grow and shrink as I add things and check things off. Stay tuned!