Navid Paya wrote: > Kudos everyone > I realize that this mailing list is dedicated to ossec and issues one may > come across concerning it but I have got such incredible results using the > mailing list that when this one hit me I just couldn't resist the temptation > to raise it here. I'm a sysadmin specialized in UNIX. I'm on the verge of > making a decision as to where to go with my career path and thinking of all > the stuff I've worked on I find security to be my true passion. Now I wonder > what are my possible choices as a guy who wants to go for security and where > shall I start? I'm looking for a path. Also I used to ignore certificates in > the past but now that I'm 30 I've started to realize it can have a huge > impact on your career, especially if you're seeking to make a difference > between yourself and the rest. What certificates do you think I should go > for? Any help is deeply appreciated. Thank you all in advance.
Hello Navid, As certifications go, by far the most valuable one in my opinion is the CISSP. If you search the job boards you'll find that most jobs say "CISSP preferred." You may not qualify since it sounds like you don't have direct information security experience right now, but you can become an Associate of (ISC)², which means you pass the exam and wait for the experience to become a full-fledged CISSP. CISA is also valuable, even if you plan on becoming a security geek. It helps you to understand how compliance is often the driver for security and can assist in justifying security projects (but of course compliance and security are not the same thing). Others that are valuable are the SANS GSEC (a good one to start with), and incident handler. Security can be a rewarding, well-paying career as long as you don't hold companies to a very high standard. That just causes stress. I have learned that you give the best advice you can, try to maintain your independence and integrity and leave the outcome to those who make the really big bucks. -- Michael Starks [I] Immutable Security http://www.immutablesecurity.com To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
