- Posts: 745
- Thank you received: 10
Natural career progression
14 years 5 days ago #34236
by Arani
Picking pebbles on the shore of the networking ocean
Natural career progression was created by Arani
Hi guys,
Had a quick career based question. Just about the finish my CCNA. What path should I take if I wanted to be in the Internet security field. i.e. should I go for CCNP and then CCSP or ....well that's is the question?
Had a quick career based question. Just about the finish my CCNA. What path should I take if I wanted to be in the Internet security field. i.e. should I go for CCNP and then CCSP or ....well that's is the question?
Picking pebbles on the shore of the networking ocean
14 years 5 days ago #34237
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: Natural career progression
Here on firewall.cx we get lots of never ending questions on choosing IT career path from A+ to CCIE. therefore, I spent some sleepless night putting this write up together. Have a superb read !!!
CHOOSING YOUR IT CAREER PATH
Newton's First Law of Motion states that an object at rest tends to stay at rest, and an object at motion tends to stay in motion until acted upon by an external force. This is true of careers as well, including yours. Where do you want your IT career to be in one year? Do you want to have earned several IT certifications in that time, therefore advancing your IT career? Or do you want to be in the exact same place you are today? The only person who can make this decision is you. Moreover, I can speak from experience that when you begin putting your career into motion - the possibilities are unlimited. However, you have to get started – today.
Before going around asking experts on what IT career path to take or what IT certification to pursue, first the only person you should ask that question is yourself. Whether you want to start an IT career or jumpstart your current one, make the decision to move forward in your career - and then follow through on that decision. Because the goal of getting a job is less important than the goal of getting a job that you like. You have to have passion for whatever you are doing. If not, you will not do it very well. So try to get a job that you like, pay the whole of your attention on it and then allow nature to take its course.
Other than the obvious passion for computers and technology, salary and job growth potential are excellent reasons to consider computer careers. Diversity of computer skills adds to marketability in the workforce. A lawyer that is a Microsoft Certified Professional will benefit internationally than a lawyer without an MCP. Many employers do not have time to train workers on basic skills and expect employees to be more than familiar with computers. If you have an aptitude or interest in math, science or art, and have strong problem solving and analytical skills, you are a perfect candidate for a computer related career. Computer careers can be a solitary work, but often require good communication skills. Systems administrators must know how to relay information to clients and co-workers in order to maintain order and efficiency in the system.
Computer education is available in many varieties; from certifications, certificate programs, associate's degree programs, bachelor’s and even master's degree programs. Many professionals in Nigeria receive degrees in computer science and related fields, but still cannot produce in the local and international IT markets. Therefore, they are required to have specific certifications (for example MCSE-Microsoft Certified Systems Engineer, CCNA or MCSA-Microsoft Certified Systems Administrator) and some hands on experience to fit in. In fact, it is better to have a good hands on experience without having the certifications than having the certifications without knowing the equipments. Companies are more likely to employ candidates with years of experience on Cisco equipments without a certification than candidates with CCNA but lack hands- on experience.
The acceptance of computers in business has created a great demand for IT professionals. Almost every industry has a need for IT professional for marketing, client retention and daily operations. Industries such as banking, insurance, hospitals and utilities absolutely rely on them. The information age has created a wealth of career opportunities for computer specialists, elevating their status as knowledgeable professionals and compensating them well financially. If you are a computer specialist, or would like to become one, a career in the IT profession can be obtained in less than a year of study with the current spring of various IT certifications.
A lot of people these days are crazy about getting IT certifications attached to their foundation degrees or other basic knowledge because certification credentials will definitely enhance their knowledge. More so, the IT industry now require those certifications as a proof of sound understanding of IT principles . There are over 400 certifications out there for you, among which are:
A+ 2003, CCDA, CCNA voice, CCNA security, CCNP voice, CCNP security, CCIE, CEH, CSSP, CISSP Linux+, LPIC2 Linux Junior Level, LCPI2 Linux Intermediate Level, Master CIW Administrator, Master CIW i-Accelerate. Some others are, MCNE, MCSA 2000, MCSA 2003, MCSE 2000,MCSE 2003, NetWare 5 CNE, NetWare 6 CNE, Network+, RHCE, RHCT,SCE, SCM,SCP, Security+, Server+, Solaris 8 SCNA, Solaris 9 SCNA, Solaris 9 Security TICSA and a host of others.
The issue is what certification do you start with? Moreover, after then what do you do next? Do you want to be a programmer, a network engineer, a security advisor, an animator, a graphic artist, system engineer, a hardware engineer, a database administrator, a movie / picture editor or a statistical analyst?
Firstly, I would recommend that you first consider your foundation degree or any basic expertise you have acquired and see what IT skill can enhance it. Then, you certify on that IT course. If you are a structural engineer, an architect, a builder, surveyor or a planner, before thinking of any IT certification you have to think of obtaining a certification on AutoCAD, 3D Studio Max or some sort of animation certifications. This will definitely add speed, color and effects to your designs because the era of paper and pencil design has been long forgotten. Unfortunate, even the educators teaching these courses in Nigerian Universities do not have adequate knowledge on these packages. Lest I forget, an architect who is good in animation in 3D Studio Max or similar packages can fit into the advertisement industry or the fast growing Nollywood. These sectors rely a lot on animations and pay good money.
Also, if you are an economist, or in the administrative discipline or any related discipline, obtaining a certification in the statistical packages or Econometric View will do you a lot of good as your will be involved in a lot of projections and predictions using past or real-time data, and running data a lot.
Further more, people now venture more into how the computer functions, like networking and system support as computers have now flooded every nook and cranny of the world and they need support. Popular certifications in this section include MCSE, CCNA CCIE and a host of others. The idea is, because people make projections as regards to the sectors where investment are moving to, they prepare themselves through certifications to exploit those sectors in future, and IT is the place to go. In addition, if you are trained in other fields and you are unemployed, you can retrain in less than a year in IT certifications to transform into a hot cake. For instance, I am a trained economist but I work as a network support engineer. Yeah! Am always carrying cables, crimpers and laptops to test routers and switches but I feel happy even though it makes me the dirtiest personnel among my colleagues. Therefore, majoring in IT requires starting with A+ and N+ then any other thing can follow.
Now to the certification. Let us start from networking because I am a Cisco trained network engineer. The CCNA is a very good entry-level certification and if you study for it properly, you will have a very solid understanding of lower level networking which is essential to do any admin job. The nice part about doing the Cisco Certification is that the information from there can be applied to so many other certifications. Even though it is a vendor specific cert, the skills you have gained will serve you well in most situations.
CCNA training allows you the ability for installations and operation of LAN, WAN, and dialup access services for small networks with 100 nodes or less. The CCNA course includes, but not limited to using the different networking protocols such as Ethernet, Access Lists, Serial, IP, IGRP, Frame Relay, IP RIP, and VLANs. Cisco's CCNA Prep Center Pilot offers simulations and sample questions, beside the e-learning modules and laboratories. Computer training includes also valuable tips from CCNA professionals, in addition to expert advice, and encouragement through CCNA certification success stories. CCNA training does not require any prerequisite and makes available many other resources to help students with the preparation of their CCNA certification exams.
CCNA course, exams and recommended training include the Introduction to Cisco Networking Technologies (INTRO), the Interconnecting Cisco Networking Devices (ICND) or both. CCNA training and additional training, probably cover most of your career path expectations. However, Cisco's CCNA certifications are valid for 3 years, so it is necessary for additional computer training to re-certify. This is achieved by either passing the current CCNA exam at the point of the original certification's expiration, passing the ICND exam, passing the 642 professional levels. Presently, Cisco has introduced CCENT, CCNA SECURITY, CCNA wireless, CCNA voice, CCVP, and CCIE voice with the security and wireless elements to the certification to encourage specialization.
After CCNA training your can also re-certify by passing the Cisco Qualified Specialist exam, excluding the Sales Specialist exams, or passing a CCIE written exam, which is a re-certify form valid for individuals who had a CCNA certification starting from October 1, 2004. Cisco CCNA online training certification program, offers the same value, knowledge and skill earned on a traditional CCNA course, and it is a nationally recognized certification. With computer training online, you will gain knowledge of switched LAN Emulation networks, which is made up of Cisco original equipment. CCNA training online focuses on the coverage of Cisco router configuration procedures, mapped to exam objectives in order to prepare you for Cisco Exam 640-801, in partnership with major Universities and Colleges offering CCNA certification as well. I was privileged to under study in a Cisco Academy in Zaria (Nigeria) with some medical doctors. These days as the voice technology is gaining ground, you can now obtain CCNA voice, CCVP or CCIE voice specializing in call centre set or IP telephony.
The Computer training program online consists of 2 sections; "Introduction to Network Engineering", which allow the students to understand the world of network engineering, learning fundamental facts of data network theory and current technologies that makes the Internet tick. The second section of the online CCNA course is "Practical Network Engineering.” This is an approach to some of the most powerful networking technologies. It involves extensive work on switches, Cisco routers, and firewalls in a simulated network environment, preparing students to earn the CCNA certification.
The CCNA is a starting point to do the more advanced Cisco courses such as CCNP (more advanced networking), CCSP (security, i.e. firewalls, VPNs, IDS, etc.), and then you get things like VoIP. The CCNP examination is highly regarded and consists of exams, covering switching, routing, support and remote access, plus a few more topics. After getting your CCNA, you have to then decide whether to major in design, implementation routing and switching which is the CCNP or major in security, which is heavily theoretical and analytical like CCSP, which I will discuss later, or CCVP (voice).
CCNP new modules will comprise of:
642-901 BSCI
Building Scalable Cisco Inter-networks, ISR routers, updates to Cisco IOS
Software 12.4 routing protocol, routing authentication security, multicast routing, IPv6
642-812 BCMSN
Building Cisco Multilayer Switched Networks, High availability, new wireless LAN fundamentals for Airspace thin-client, voice, and Cisco IOS switch security
642-825 ISCW
Implementing Secure Converged Wide-Area Networks, Cable and DSL broadband access, Multi-Protocol Label Switching (MPLS)/MPLS VPN fundamentals Cisco IOS Security featuring S2S VPN (IPsec and generic routing encapsulation/IPsec [GRE/IPSEC]), Cisco Easy VPN, Cisco IOS Firewall, Cisco IOS Intrusion Prevention System (IPS), Cisco AutoSecure, Role-Based CLI Access, and Cisco Security Device Manager (SDM)
642-845 ONT
Optimizing Converged Cisco Networks Voice over IP (VoIP) fundamentals, techniques to address VoIP challenges, concepts and implementation methods for quality of service (QoS), wireless security standards, and Cisco wireless LAN (WLAN) networks
Note combining a CCNP and an MSCE will make you a hot cake in the field of IT. Start your CCNA then follow it up with the MCSE tracks one after the other and then round up with a CCNP.
At the risk of sounding arrogant, I believe CCIE (Cisco Certified Network Executive) is the mother of all certifications (You know you cannot go wrong with Cisco in networking). In addition, currently there are just barely over 13000 CCIE holders in the world. CCIE is very expensive and it is only given in selected locations. You pay $300 for the test and $1250 per lab for the lab test, which is an 8 hours test .You, also needs a certain amount of experience to take the test and the test is multiple choice and hands on. What they do with the hands on, apparently, is to put you in a room with a bunch of devices and give you a scenario. You are then supposed to create the network based on this scenario. When you are about half way through, they send you out of the room and then mess up what you have done and you are now supposed to troubleshoot the problem and fix it. In addition, the certification is only valid for two years. When you are preparing for your CCIE, your neighbors will think you have gone crazy, just do not let that bother you, as you will be talking to yourself a lot. Even your wife may start suspecting something; just hold on- until you get there. Once again, before taking any certification adventures make sure, you are equipped with your COMPTIA A+ and N+. They are very easy to pass from there, anything can happen. The CCNA tracks are very demanding and practical oriented. When the Cisco academy took off in Ahmadu Bello University Zaria, many people fought for the form. They were under the mistaken impression that since Cisco is a hot cake IT certification, Cisco certified professionals will be working in well ironed presidential suites wearing garish looking neck ties. However, to their surprise we were always carrying cables, pliers, LAN tester and dusty patch panels around, and after our first module most of them ran away. When you are working in an open standing switch like 4500 series switch or an open Linux box you use for routing, your necktie could be trapped in a rolling fan. When I started working with my organization, I had the opportunity of designing and implementing a multi-floor LAN. At the site, my crew and I were working simultaneously with welders, tilers and some carpenters; you could hardly differentiate us, except if you look closely to figure out my original made washout Armani jeans or my Bruno Mali made shoes or probably if I am answering my black berry from time to time.
An Information Security Specialist, also known as an information security engineer, or security administrator, is an IT professional who designs and manages an organization’s security infrastructure. This includes choosing the network hardware and network operating systems, locking down those systems, and staying focused on possible weaknesses in those systems and hardening them as appropriate.
Duties of an information security specialist include the analysis of an organization’s security risks and requirements, rating the importance of a company’s products and services, and the related design, implementation and maintenance of the security infrastructure to protect the business from security breaches. This role has overlap with that of a network engineer but is higher, in that it is a more specialized role. A very good understanding of networking, both hardware and operating systems, and the web is critical. As the old saying goes, bank tellers do not spend as much time learning about counterfeits as they do with knowing the real thing. The same applies to security specialists: they must have an intimate knowledge of their systems in order to know their weaknesses and how to overcome them. A strong interpersonal skill is also important, as a security specialist must be able to convey to management the security risks, as well as be able to keep close tabs of newly discovered holes in their systems. They are likely to work in a team with more and less qualified security staffs and so must be able to communicate both up and down the chain of command.
A person may consider entering this field after attaining a Computer Science or Computer Engineering University degree or a one or two years computer diploma from a local technical institute or a CCNA certification. However, some information security specialists may also have a technically related MBA degree. Either way, a lot of dedicated training and related certification in one or more leading network operating systems is highly recommended as is training and certification on network equipment and protocols. Optimally, security specific certification should be pursued. In addition, this person should be proactive when it comes to applying security patches and the like but should also be prudent by being in the habit of ensuring that patches are first tried out in a test environment and by ensuring that data backup and disaster recovery plans are in place and followed as required. Candidates for this job should also be exceptional troubleshooters in order to help them discern between security breaches and innocent technical bugs.
An information security specialist often starts out as a network engineer and may move on to more specialized roles within the security or educational realm, such as information security architect, or else move towards IT management. Whichever path they take, these professionals tend to be at the high end of the IT pay scale. Salary information is so dependent on an IT professional’s particular skill set, experience and geographic location. However, experienced information security specialists can attain salaries of $70,000 or $80,000 USD or higher in the international market. Below is a salary survey in thousands of dollars per annum by techrepublic in 2009.
Table 1
Source: Global Knowledge/Techrepublic 2009
Computer security is a growing field. Many businesses have created networks, websites and become reliant on computer technology, without employing safeguards to protect their data. Many malevolent computer geeks out there attack systems, or software for fun, curiosity or profit. Data extortion is now a common organized crime. Security violations have created new careers in network security and software development. Courses of study are mainly in Microsoft products and software development languages like Visual Basic, C++, .net, compiler and assembly languages. Career positions in this category include network security, software programming, web design, web development and website administration (server side).
A certification in security starts with compTIA’s Security +. This is meant more for administrators who want to show they have some security knowledge. Sec+ seems to cover a lot of disaster recovery, such as hot\warm\cold sites, and remembering the different backup types. While it is security, and definitely good to know, it is not the type of security exams most people think of. It does cover some of what most people think of when they think of security, like covering the differences between AH and ESP when using IPSec. Another thing that sets it apart, like most compTIA exams, its wording seems a lot simpler than Cisco\Microsoft exams. Generally, no need to scroll the page like you do those two exams. In addition, Sec+ counts as a certification for MCSE + Security, at least on 2000 spec. Like many compTIA exams, it seems like the starting exam for that branch like Net+ is the starting exam many people take for MCSE or CCNA, and A+ is a starting for people who also take MCSE. After that, you move to CCNA, then Cisco Certified Security Professional CCSP. You can also couple that with your CISSP (certified information security system professional) which is vendor independent and all the GIAC individual certifications.
www.giac.org/
GIAC Certified Firewall Analyst (GCFW)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
A recent aspect of security consultation that is making headlines is penetration testing (pen test) and cyber forensic. Basically, a security consultant is someone who specializes in securing computer systems -- that’s a very basic description. Since more and more critical information is stored on computers, you need people who specialize in information security. The reason it is a specialization is because security is constantly evolving and the approach you take to systems is different from that of a programmer, or a network designer.
Penetration testing is an activity where you pay security specialists to attempt to break into your systems so that you can discover what vulnerabilities exist, and fix them. It should not be confused with vulnerability test, which is finding loopholes in a system (OS) using specialized tools. Pen–test is sometimes called 'ethical-hacking'. Penetration testing is great fun. It involves a lot of creative thinking and can be very challenging. . Some of the industry leading certifications in pentesting include:
Pentesting with BackTrack: PWB
"Pentesting with BackTrack" (previously known as Offensive Security 101) is a flagship course designed to take you from basic information gathering to writing your own buffer overflows. This course will introduce you to real-life hands-on penetration testing techniques using the award winning pentesting distribution - BackTrack. This course leads to the Offensive Security Certified Professional.
OSCP
The OSCP, or Offensive Security Certified Professional, is one of the world's first completely hands on information security certifications. The OSCP challenges the students to prove they have a clear understanding the concepts of the Pentesting With BackTrack material, as well as a depth of knowledge in penetration testing. A lab that the student never has seen before is set up with only a limited amount of machines. Each machine is awarded points if a successful hack is performed. The student must demonstrate their depth of understanding by submitting both the steps they took to penetrate the box as well as the proof.txt file. If both of these are submitted the students receives points for that particular box. If they achieve the points they need they can stop and pass or continue on to try and penetrate the whole network. The OSCP is a twenty four hour exam, where a straight 24-hour period is given to that student to attempt this certification. It is a very difficult and challenging exam that will truly test the limits of the student. If a passing score is achieved the student is awarded a coveted OSCP certification.
OSCE
The OSCE, or Offensive Security Certified Expert, takes security certification to a level never even considered today's market. After the student completes the very challenging Cracking the Perimeter class the core of their understanding and knowledge is challenged to the limits in the special OSCE certification labs. The OSCE labs are set up with a limited amount of machines and very specific "hacks" must be performed in order to pass this amazingly challenging 48-hour exam. The student must submit their completed exploits and the steps they took to obtain the proof.txt files on the servers they are challenged with.
OSWP
The OSWP, or Offensive Security Wireless Professional, is one of the world's leading wireless attack certifications. After the student studies the internal workings of wireless signals and how to successfully crack the most popular and common encryption protocols in the market they are challenged with the OSWP certification. A specially designed lab has been built to give each student access to a BackTrack machine that is with in range of our challenging access points. The student is given only 4 hours to crack a limited number of WEP and WPA networks. The Student must submit the correct encryption codes as well as the attack vectors they used to obtain them in order to be awarded the OSWP certification.
Advanced Windows Exploitation: AWE
Advanced Windows Exploitation Techniques (AWE) is an in depth, hardcore drilldown into advanced Vulnerability Exploitation Techniques on the Windows platform - from Offensive Security. The course covers topics such as Egghunters, NX Bypassing Techniques, Function Pointer Overwrites, Heap Spraying, Venetian Shellcode, writing Immunity plugins, WinDgb, Encoding and custom shellcode creation.
Intrusion analysis involves figuring out how an attack was orchestrated. Say for example, your website was hacked. An intrusion analyst will try to recreate what happened from the available logs. Incident handling is slightly similar to intrusion analysis. An incident handler is a person who is trained to respond correctly to that incident, keeping the integrity of the evidence, and restoring the systems to a normal state as soon as possible.
Cyber-forensics is like normal police forensics, but on computers. It is a highly specialized field. You work with law enforcement, courts etc. and have to be able to find things in computer systems where there is seemingly nothing to find. Some leading certifications in forensic include:
Certified Computer Forensics Examiner (CCFE) Certification
Certified Hacking Forensics Investigator (CHFI) Certification
Certified Computer Examiner (CCE) Certification
Being a security consultant is fun if you are passionate about technology and security. It can also be quite painful as people view you as someone who restricts access and just causes inconvenience. It is a field that is really coming up these days. Remember, if you want to get into security, you should first make sure your networking skills are in order. Then you need to learn a programming language, something that lets you talk right to the operating system like C. After that you have to learn all the different aspects of security, types of attacks, common vulnerabilities etc. Practical experience is the best teacher. Most people learn on other people’s networks (if you know what I mean). However, it is far better if you setup your own lab, since you do not want to end up going to jail while trying to make a career.
Another important certification today is the MCSE (Microsoft Certified System Engineer). Microsoft certification is increasing day by day. It is the most widely recognized technical certification in the industry, which is on high demand. The MCSE boot camp institutes make them earn their Microsoft certification and make them lead the organization in successful manner. The MCP personnel administer the most advanced Microsoft windows platform and Microsoft server products. The survey of MCP magazine states that the average base salary of MCP ranges from $60,000 to $70,000. The MCSA (Microsoft certified system administrator) is more for Administration. This would be if you were managing a Windows environment that had already been setup. It will give the skills on that aspect. (This also can count towards the MCSE so if you do this, you would be on your way to completing the MCSE). The MCSE consist of seven tracks including two electives. These days, Microsoft is now emphasizing on MCITP- Microsoft Certified Information Technology Professional. Microsoft has thrown away the ‘engineer’ thing in MCSE and now decided we should be called IT professionals instead of system engineers (though MCSE is still supported). Therefore, with an MCSE we can upgrade to MCITP or start MCITP tracks afresh, writing five exams. The codes for MCITP are stated below.
MCITP
070-620 windows vista
070-640 Fundamental of Window Server 2008 Active Directory
070-642 configuring and troubleshooting window 2008 network infrastructure
070-643 fundamentals of windows 2008 network infrastructure
070-647 Designing windows 2008 network infrastructure
From MCSE one can upgrade MCITP as server administrator or enterprise administrator, most people in my region opt for enterprise administrator, and the
Tracks are stated below:
MCITP Enterprise upgrade
070-647 Windows 2008 Network Infrastructure design
070-649 Updating network infrastructure and Active Directory
070-620 Mobile computing Application Windows vista
MCITP server administrator upgrade
070-646 Planning and Administering Windows 2008
070-649 Updating network infrastructure and Active Directory
Here are other programming tracks using Microsoft platforms
WEB developer
070 536 + 070 528 + 070 547 = Microsoft Certified Professional Developer
Windows Developer
070 532 + 070 526 + 070 548 = Microsoft Certified Professional Developer (Win Apps)
Enterprise Application Developer
070 529 + 070 536 + 070 526 + 070 528 + 070 549 = MCPD
MCM (Microsoft Certified Master)
The Master series certification enables senior-level IT professionals to demonstrate and validate their technical expertise on Microsoft server products and is a prerequisite for the Architect Series
MCM: Microsoft Exchange Server 2007
MCM: Microsoft SQL Server 2008
MCM: Windows Server 2008: Directory
MCM: Microsoft Office SharePoint Server 2007
MCM: Microsoft Office Communications Server 2007
Note, you can easily Google the MCP codes.
Now, to the ultimate IT skill, programming. It is a very old IT skill. In fact, it makes everything happen. Everything you see is some sort of codes, I mean programs, and I mean software. If the internet is a car, then software is its engine. The business world has plenty to lose if software fails. When software fails, millions of dollars are lost and sometimes people are killed. It is like this; functions makes up commands, and commands makes up programs and programs finally makes up software. Therefore, if you have a degree in software engineering, you should be conversant with some programming skills like java, c/c++, html, Perl etc. as it is all part of the curriculum.
Programming can be very difficult, but also very rewarding. It is the highest paying and time consuming IT skill. I will never forget how happy I was when I compiled and ran my first COBOL program in Zaria in 1996. I started programming in Dbase and now I am into C/C++ to enhance my security skills. Now, how you go about your programming career is the big issue you will have to deal with.
It is important to note that you can program in high level, middle level or lower level language. The high-level language can accommodate different functions embedded in a bracket, but the lower level language is flat, while the middle level language can only call functions and it shares both attributes of the higher and the lower level language. In Nigerian institutes of higher learning, students of computer science begin with BASIC and FORTRAN. In the UK, students are introduced to Pascal in their first year. All these languages teach you the basics of programming that helps you understand how to think while programming in any language. However, with line numbers, GOTO commands, etc, in these languages, it does not encourage structured, modular programming like Perl, Python, and C. Nowadays there are so many different choices in programming and some are more suited to certain applications than others are. If you are doing mainly web stuff, PHP, Perl, ASP, are some good tools for you.
When venturing into programming, I always recommend C. It is about the best language to learn how to program. In addition, it is incredibly powerful (the fact that almost all exploits and low-level handling is written in C is a proof). Besides, you need to learn the issues that come along with writing in a language like C. Perl and Python are great, but I think they are too high level. They take away many of the important decisions. You do not need to think about data-types too much. Therefore, Python will provide a quick learning curve with real results for less time invested.
Python also has an ordered way of doing things, so it will teach discipline.
Python can be scaled for larger projects and has good community support. This means, it will be a language that is versatile. Despite that, C is the choice because it appears fundamental to many other languages and it is a lot more "pure" i.e. handling memory etc better. However, this is at the cost of the speed of development. Start with C and every other thing is easy.
The argument of which programming language to start with or stick to is a never-ending one; be it C, C++, java or Python. Python seems easy, powerful and well documented. Python, PERL and PHP as I said earlier are the kind of languages that you can stick with and play forever, making all kinds of useful apps and interfaces. The great thing is you see fast results. Just as soon as you read a couple of pages describing the basic syntax, rules and constructs, you are ready to go (by referring to the function list for whatever you need of course). Mistakes often do not bring punishment and you need not to be concerned with some of the behind-the-scenes stuffs, like the memory, allocations etc. Of course, let us not forget that some real developers bother with these to allow us to work without them. That is the difference between C and scripting languages. With C, you get to see things the way they actually work on your computer -better even, make them work yourself, while in (example) Python you only mess with things that appear more directly functional and practical. Depending on one's interests and needs, he might find the extra control of C exciting.
If someone gets seriously involved with a powerful high-level language that provides the wanted results with small effort, it is easy to get used to it. However, I still stick to my recommendation - start directly with C, because other languages may spoil you enough to stay away from C later on. Moreover, if you are a very ambitious person, then start with C/C++. However, if you are the mere play code type, start with Perl. Perl is fun, and for someone just starting to get their feet in programming, you are less likely to get discouraged when some odd error keeps your first few programs from working. In addition, it is hard not to stay interested when you go on CPAN and see a module that is easy and fun and allows you to connect and use IRC. Even a beginner can boast of some skill, and then you start learning because it is fun. Then, later you can move to C/C++.
Programming is like a chameleon that changes color in different environments. Structured programming like C does not allow any bad habits and you have to learn how to structure your programming properly. When you use a language that forces you to structure your programs properly, once you have mastered it, it really does not matter what language you wish to use after that, your programs will always be structured correctly and thus much easier to write and design even large complex applications. You also have to bear in mind what you are going to be creating applications for we are in the .net arena and Object Oriented so take your c# (C sharp), C++, j# etc very serious. I like the flexibility of VB and C sharp as they all run on .net platform. Java was introduced in 1995, and .NET is Microsoft's response to the Java phenomenon. Microsoft has jumped headlong into the mobile code fray with their .NET framework, as .NET architecture has much in common with Java. One major difference is a smaller emphasis on multiplatform support. . However, Java introduced the world to mobile code and modern network-centric software design. EJB (Java) is also one good object oriented programming that is platform independent. Also, Java language is written tightly to avoid malicious intent, because when you have a java applet executed in an environment there is going to be what we call a sandbox environment created, that is that applet is going to be restricted to the resources within a certain limitation of that environment, unlike some other programming languages that will allow control over a whole device once it is being executed in a particular environment. C and C++ have out-of-date memory management capability and technically speaking, C and C++ are "unsafe" languages because the seething sea of bits can be referenced, manipulated, cast, and moved around by the programmer with impunity. More advanced languages, including Java and C#, are "type safe" and are for this reason much preferred from a security perspective.
We cannot just pick which is good or best programming language. Every programming language got its own importance and benefits, so it depends upon the requirement and its usability, functionality and robustness. You can stick to one or two for dynamism and you are in business. These days, you can make as high as $500,000 for a custom built software for a financial institution excluding training and cost of maintenance which is usually charged per person-hour.
Administering database is another cash line these days. Almost every industry has a need for databases and, developing countries are now fast collecting database to centralize data in the country for important decision-making. Creation of these databases relies on software, mainly developed by Oracle for large-scale databases, Microsoft SQL for web based applications and Microsoft Access for smaller scale and custom applications. Jobs in the database category include data architects, database administrators and information systems managers. Certifications in this category include
Oracle Certified Associate (OCA), advancing to Oracle Certified Professional (OCP) to the ultimate Oracle Certified Master (OCM)
It is one thing getting the certifications and another thing getting the experience. There is no substitute for experience, the idea here is that we don t want people to be too crazy about getting certifications at the expense of getting experience. Experience is something you cannot buy you can study brain dumps to get some certifications in a couple of weeks but the same is not applicable to experience. Usually, Knowledge + know how = skill, and skill repeated repeatedly will result to expertise and now we are talking of experience. Give yourself ample practical experience where possible. Volunteer for an organization that needs someone with computer skills but cannot afford to pay them like some NGOs. I am sure there will be many small organizations that need some kind of IT person to help in some capacity or volunteer as an IT student in a cyber café where you will help them with a lot of cleaning and running some errands just to get the experience. You are going to find that experience and college education will get you the furthest in your career, generally. The certifications displays you have a base knowledge, with say CCNA, they will expect you to know how to configure and administer some basic Cisco networks. Certifications can get your foot in the door these days, a friend of mine got his A+, then was hired in a helpdesk type of position, promoted into network admin, got a few more certifications and a university degree, and now has the experience and paper that can get him a network admin job anywhere. In addition, I am afraid to say this fact that it is not everyone that is compatible IT skills; some people can only operate at the periphery while others can graduate to being IT gurus. That feeling your conscience will tell you. As an IT trainer, within the first few days of handling a batch, I could actually identify the IT guys.
Conclusively, I will advise IT students to take it easy because the IT jobs will still be there by the time they are through with their studies. Do not rush to be certified and then start tampering with some company’s equipments like routers and switches, under-study someone first, so that you do not get into trouble with expensive IT equipments. . Therefore, get some experience, certify, and some degree may be, and then the world before you.
Also, be careful when selecting IT training institute, some do not give you value for your money. As with any field, there are good technical training schools, and bad ones. When you sign up with one of these schools, you have made a significant investment in time and money. Before you put down your hard-earned money, you deserve to know everything about the school and your job prospects after leaving school. The problem is, sometimes it is hard to know the right questions to ask, like:
How up-to-date are the courses they are offering?
Make sure the school you are going to attend has made efforts to keep their courses relevant. Ask what changes have been made to their curriculum in the last three years. No field changes faster than IT does. If the answer to that question is "none", look somewhere else.
What are your job prospects and legitimate salary levels after you graduate from their school?
What textbooks does the school use?
Some technical school chains use only books that someone in their organization wrote. If you are looking into entering the IT field, you probably know someone who is already in it. Use that resource for everything its worth. Ask that person what they think about the books, or for that matter, what the local reputation of the school is. IT is a small world, if the school has a good or bad reputation, most of the IT personnel in your city or town probably know about it.
What is the state of their labs?
Most often when I travel for conferences, before lodging in a hotel I usually request to see the rooms before paying. Therefore before enrolling with any IT institute make sure you take a facility tour of their labs.
One of the most beneficial things for me has been talking with friends and co-workers about the things you are learning. If you can find these two types of people, it will help you; first, a friend who has the same interests as you that you can study with and bounce ideas off, and second, a mentor who can validate your thoughts and teach you things you cannot get from a textbook.
CHOOSING YOUR IT CAREER PATH
Newton's First Law of Motion states that an object at rest tends to stay at rest, and an object at motion tends to stay in motion until acted upon by an external force. This is true of careers as well, including yours. Where do you want your IT career to be in one year? Do you want to have earned several IT certifications in that time, therefore advancing your IT career? Or do you want to be in the exact same place you are today? The only person who can make this decision is you. Moreover, I can speak from experience that when you begin putting your career into motion - the possibilities are unlimited. However, you have to get started – today.
Before going around asking experts on what IT career path to take or what IT certification to pursue, first the only person you should ask that question is yourself. Whether you want to start an IT career or jumpstart your current one, make the decision to move forward in your career - and then follow through on that decision. Because the goal of getting a job is less important than the goal of getting a job that you like. You have to have passion for whatever you are doing. If not, you will not do it very well. So try to get a job that you like, pay the whole of your attention on it and then allow nature to take its course.
Other than the obvious passion for computers and technology, salary and job growth potential are excellent reasons to consider computer careers. Diversity of computer skills adds to marketability in the workforce. A lawyer that is a Microsoft Certified Professional will benefit internationally than a lawyer without an MCP. Many employers do not have time to train workers on basic skills and expect employees to be more than familiar with computers. If you have an aptitude or interest in math, science or art, and have strong problem solving and analytical skills, you are a perfect candidate for a computer related career. Computer careers can be a solitary work, but often require good communication skills. Systems administrators must know how to relay information to clients and co-workers in order to maintain order and efficiency in the system.
Computer education is available in many varieties; from certifications, certificate programs, associate's degree programs, bachelor’s and even master's degree programs. Many professionals in Nigeria receive degrees in computer science and related fields, but still cannot produce in the local and international IT markets. Therefore, they are required to have specific certifications (for example MCSE-Microsoft Certified Systems Engineer, CCNA or MCSA-Microsoft Certified Systems Administrator) and some hands on experience to fit in. In fact, it is better to have a good hands on experience without having the certifications than having the certifications without knowing the equipments. Companies are more likely to employ candidates with years of experience on Cisco equipments without a certification than candidates with CCNA but lack hands- on experience.
The acceptance of computers in business has created a great demand for IT professionals. Almost every industry has a need for IT professional for marketing, client retention and daily operations. Industries such as banking, insurance, hospitals and utilities absolutely rely on them. The information age has created a wealth of career opportunities for computer specialists, elevating their status as knowledgeable professionals and compensating them well financially. If you are a computer specialist, or would like to become one, a career in the IT profession can be obtained in less than a year of study with the current spring of various IT certifications.
A lot of people these days are crazy about getting IT certifications attached to their foundation degrees or other basic knowledge because certification credentials will definitely enhance their knowledge. More so, the IT industry now require those certifications as a proof of sound understanding of IT principles . There are over 400 certifications out there for you, among which are:
A+ 2003, CCDA, CCNA voice, CCNA security, CCNP voice, CCNP security, CCIE, CEH, CSSP, CISSP Linux+, LPIC2 Linux Junior Level, LCPI2 Linux Intermediate Level, Master CIW Administrator, Master CIW i-Accelerate. Some others are, MCNE, MCSA 2000, MCSA 2003, MCSE 2000,MCSE 2003, NetWare 5 CNE, NetWare 6 CNE, Network+, RHCE, RHCT,SCE, SCM,SCP, Security+, Server+, Solaris 8 SCNA, Solaris 9 SCNA, Solaris 9 Security TICSA and a host of others.
The issue is what certification do you start with? Moreover, after then what do you do next? Do you want to be a programmer, a network engineer, a security advisor, an animator, a graphic artist, system engineer, a hardware engineer, a database administrator, a movie / picture editor or a statistical analyst?
Firstly, I would recommend that you first consider your foundation degree or any basic expertise you have acquired and see what IT skill can enhance it. Then, you certify on that IT course. If you are a structural engineer, an architect, a builder, surveyor or a planner, before thinking of any IT certification you have to think of obtaining a certification on AutoCAD, 3D Studio Max or some sort of animation certifications. This will definitely add speed, color and effects to your designs because the era of paper and pencil design has been long forgotten. Unfortunate, even the educators teaching these courses in Nigerian Universities do not have adequate knowledge on these packages. Lest I forget, an architect who is good in animation in 3D Studio Max or similar packages can fit into the advertisement industry or the fast growing Nollywood. These sectors rely a lot on animations and pay good money.
Also, if you are an economist, or in the administrative discipline or any related discipline, obtaining a certification in the statistical packages or Econometric View will do you a lot of good as your will be involved in a lot of projections and predictions using past or real-time data, and running data a lot.
Further more, people now venture more into how the computer functions, like networking and system support as computers have now flooded every nook and cranny of the world and they need support. Popular certifications in this section include MCSE, CCNA CCIE and a host of others. The idea is, because people make projections as regards to the sectors where investment are moving to, they prepare themselves through certifications to exploit those sectors in future, and IT is the place to go. In addition, if you are trained in other fields and you are unemployed, you can retrain in less than a year in IT certifications to transform into a hot cake. For instance, I am a trained economist but I work as a network support engineer. Yeah! Am always carrying cables, crimpers and laptops to test routers and switches but I feel happy even though it makes me the dirtiest personnel among my colleagues. Therefore, majoring in IT requires starting with A+ and N+ then any other thing can follow.
Now to the certification. Let us start from networking because I am a Cisco trained network engineer. The CCNA is a very good entry-level certification and if you study for it properly, you will have a very solid understanding of lower level networking which is essential to do any admin job. The nice part about doing the Cisco Certification is that the information from there can be applied to so many other certifications. Even though it is a vendor specific cert, the skills you have gained will serve you well in most situations.
CCNA training allows you the ability for installations and operation of LAN, WAN, and dialup access services for small networks with 100 nodes or less. The CCNA course includes, but not limited to using the different networking protocols such as Ethernet, Access Lists, Serial, IP, IGRP, Frame Relay, IP RIP, and VLANs. Cisco's CCNA Prep Center Pilot offers simulations and sample questions, beside the e-learning modules and laboratories. Computer training includes also valuable tips from CCNA professionals, in addition to expert advice, and encouragement through CCNA certification success stories. CCNA training does not require any prerequisite and makes available many other resources to help students with the preparation of their CCNA certification exams.
CCNA course, exams and recommended training include the Introduction to Cisco Networking Technologies (INTRO), the Interconnecting Cisco Networking Devices (ICND) or both. CCNA training and additional training, probably cover most of your career path expectations. However, Cisco's CCNA certifications are valid for 3 years, so it is necessary for additional computer training to re-certify. This is achieved by either passing the current CCNA exam at the point of the original certification's expiration, passing the ICND exam, passing the 642 professional levels. Presently, Cisco has introduced CCENT, CCNA SECURITY, CCNA wireless, CCNA voice, CCVP, and CCIE voice with the security and wireless elements to the certification to encourage specialization.
After CCNA training your can also re-certify by passing the Cisco Qualified Specialist exam, excluding the Sales Specialist exams, or passing a CCIE written exam, which is a re-certify form valid for individuals who had a CCNA certification starting from October 1, 2004. Cisco CCNA online training certification program, offers the same value, knowledge and skill earned on a traditional CCNA course, and it is a nationally recognized certification. With computer training online, you will gain knowledge of switched LAN Emulation networks, which is made up of Cisco original equipment. CCNA training online focuses on the coverage of Cisco router configuration procedures, mapped to exam objectives in order to prepare you for Cisco Exam 640-801, in partnership with major Universities and Colleges offering CCNA certification as well. I was privileged to under study in a Cisco Academy in Zaria (Nigeria) with some medical doctors. These days as the voice technology is gaining ground, you can now obtain CCNA voice, CCVP or CCIE voice specializing in call centre set or IP telephony.
The Computer training program online consists of 2 sections; "Introduction to Network Engineering", which allow the students to understand the world of network engineering, learning fundamental facts of data network theory and current technologies that makes the Internet tick. The second section of the online CCNA course is "Practical Network Engineering.” This is an approach to some of the most powerful networking technologies. It involves extensive work on switches, Cisco routers, and firewalls in a simulated network environment, preparing students to earn the CCNA certification.
The CCNA is a starting point to do the more advanced Cisco courses such as CCNP (more advanced networking), CCSP (security, i.e. firewalls, VPNs, IDS, etc.), and then you get things like VoIP. The CCNP examination is highly regarded and consists of exams, covering switching, routing, support and remote access, plus a few more topics. After getting your CCNA, you have to then decide whether to major in design, implementation routing and switching which is the CCNP or major in security, which is heavily theoretical and analytical like CCSP, which I will discuss later, or CCVP (voice).
CCNP new modules will comprise of:
642-901 BSCI
Building Scalable Cisco Inter-networks, ISR routers, updates to Cisco IOS
Software 12.4 routing protocol, routing authentication security, multicast routing, IPv6
642-812 BCMSN
Building Cisco Multilayer Switched Networks, High availability, new wireless LAN fundamentals for Airspace thin-client, voice, and Cisco IOS switch security
642-825 ISCW
Implementing Secure Converged Wide-Area Networks, Cable and DSL broadband access, Multi-Protocol Label Switching (MPLS)/MPLS VPN fundamentals Cisco IOS Security featuring S2S VPN (IPsec and generic routing encapsulation/IPsec [GRE/IPSEC]), Cisco Easy VPN, Cisco IOS Firewall, Cisco IOS Intrusion Prevention System (IPS), Cisco AutoSecure, Role-Based CLI Access, and Cisco Security Device Manager (SDM)
642-845 ONT
Optimizing Converged Cisco Networks Voice over IP (VoIP) fundamentals, techniques to address VoIP challenges, concepts and implementation methods for quality of service (QoS), wireless security standards, and Cisco wireless LAN (WLAN) networks
Note combining a CCNP and an MSCE will make you a hot cake in the field of IT. Start your CCNA then follow it up with the MCSE tracks one after the other and then round up with a CCNP.
At the risk of sounding arrogant, I believe CCIE (Cisco Certified Network Executive) is the mother of all certifications (You know you cannot go wrong with Cisco in networking). In addition, currently there are just barely over 13000 CCIE holders in the world. CCIE is very expensive and it is only given in selected locations. You pay $300 for the test and $1250 per lab for the lab test, which is an 8 hours test .You, also needs a certain amount of experience to take the test and the test is multiple choice and hands on. What they do with the hands on, apparently, is to put you in a room with a bunch of devices and give you a scenario. You are then supposed to create the network based on this scenario. When you are about half way through, they send you out of the room and then mess up what you have done and you are now supposed to troubleshoot the problem and fix it. In addition, the certification is only valid for two years. When you are preparing for your CCIE, your neighbors will think you have gone crazy, just do not let that bother you, as you will be talking to yourself a lot. Even your wife may start suspecting something; just hold on- until you get there. Once again, before taking any certification adventures make sure, you are equipped with your COMPTIA A+ and N+. They are very easy to pass from there, anything can happen. The CCNA tracks are very demanding and practical oriented. When the Cisco academy took off in Ahmadu Bello University Zaria, many people fought for the form. They were under the mistaken impression that since Cisco is a hot cake IT certification, Cisco certified professionals will be working in well ironed presidential suites wearing garish looking neck ties. However, to their surprise we were always carrying cables, pliers, LAN tester and dusty patch panels around, and after our first module most of them ran away. When you are working in an open standing switch like 4500 series switch or an open Linux box you use for routing, your necktie could be trapped in a rolling fan. When I started working with my organization, I had the opportunity of designing and implementing a multi-floor LAN. At the site, my crew and I were working simultaneously with welders, tilers and some carpenters; you could hardly differentiate us, except if you look closely to figure out my original made washout Armani jeans or my Bruno Mali made shoes or probably if I am answering my black berry from time to time.
An Information Security Specialist, also known as an information security engineer, or security administrator, is an IT professional who designs and manages an organization’s security infrastructure. This includes choosing the network hardware and network operating systems, locking down those systems, and staying focused on possible weaknesses in those systems and hardening them as appropriate.
Duties of an information security specialist include the analysis of an organization’s security risks and requirements, rating the importance of a company’s products and services, and the related design, implementation and maintenance of the security infrastructure to protect the business from security breaches. This role has overlap with that of a network engineer but is higher, in that it is a more specialized role. A very good understanding of networking, both hardware and operating systems, and the web is critical. As the old saying goes, bank tellers do not spend as much time learning about counterfeits as they do with knowing the real thing. The same applies to security specialists: they must have an intimate knowledge of their systems in order to know their weaknesses and how to overcome them. A strong interpersonal skill is also important, as a security specialist must be able to convey to management the security risks, as well as be able to keep close tabs of newly discovered holes in their systems. They are likely to work in a team with more and less qualified security staffs and so must be able to communicate both up and down the chain of command.
A person may consider entering this field after attaining a Computer Science or Computer Engineering University degree or a one or two years computer diploma from a local technical institute or a CCNA certification. However, some information security specialists may also have a technically related MBA degree. Either way, a lot of dedicated training and related certification in one or more leading network operating systems is highly recommended as is training and certification on network equipment and protocols. Optimally, security specific certification should be pursued. In addition, this person should be proactive when it comes to applying security patches and the like but should also be prudent by being in the habit of ensuring that patches are first tried out in a test environment and by ensuring that data backup and disaster recovery plans are in place and followed as required. Candidates for this job should also be exceptional troubleshooters in order to help them discern between security breaches and innocent technical bugs.
An information security specialist often starts out as a network engineer and may move on to more specialized roles within the security or educational realm, such as information security architect, or else move towards IT management. Whichever path they take, these professionals tend to be at the high end of the IT pay scale. Salary information is so dependent on an IT professional’s particular skill set, experience and geographic location. However, experienced information security specialists can attain salaries of $70,000 or $80,000 USD or higher in the international market. Below is a salary survey in thousands of dollars per annum by techrepublic in 2009.
Table 1
Source: Global Knowledge/Techrepublic 2009
Computer security is a growing field. Many businesses have created networks, websites and become reliant on computer technology, without employing safeguards to protect their data. Many malevolent computer geeks out there attack systems, or software for fun, curiosity or profit. Data extortion is now a common organized crime. Security violations have created new careers in network security and software development. Courses of study are mainly in Microsoft products and software development languages like Visual Basic, C++, .net, compiler and assembly languages. Career positions in this category include network security, software programming, web design, web development and website administration (server side).
A certification in security starts with compTIA’s Security +. This is meant more for administrators who want to show they have some security knowledge. Sec+ seems to cover a lot of disaster recovery, such as hot\warm\cold sites, and remembering the different backup types. While it is security, and definitely good to know, it is not the type of security exams most people think of. It does cover some of what most people think of when they think of security, like covering the differences between AH and ESP when using IPSec. Another thing that sets it apart, like most compTIA exams, its wording seems a lot simpler than Cisco\Microsoft exams. Generally, no need to scroll the page like you do those two exams. In addition, Sec+ counts as a certification for MCSE + Security, at least on 2000 spec. Like many compTIA exams, it seems like the starting exam for that branch like Net+ is the starting exam many people take for MCSE or CCNA, and A+ is a starting for people who also take MCSE. After that, you move to CCNA, then Cisco Certified Security Professional CCSP. You can also couple that with your CISSP (certified information security system professional) which is vendor independent and all the GIAC individual certifications.
www.giac.org/
GIAC Certified Firewall Analyst (GCFW)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
A recent aspect of security consultation that is making headlines is penetration testing (pen test) and cyber forensic. Basically, a security consultant is someone who specializes in securing computer systems -- that’s a very basic description. Since more and more critical information is stored on computers, you need people who specialize in information security. The reason it is a specialization is because security is constantly evolving and the approach you take to systems is different from that of a programmer, or a network designer.
Penetration testing is an activity where you pay security specialists to attempt to break into your systems so that you can discover what vulnerabilities exist, and fix them. It should not be confused with vulnerability test, which is finding loopholes in a system (OS) using specialized tools. Pen–test is sometimes called 'ethical-hacking'. Penetration testing is great fun. It involves a lot of creative thinking and can be very challenging. . Some of the industry leading certifications in pentesting include:
Pentesting with BackTrack: PWB
"Pentesting with BackTrack" (previously known as Offensive Security 101) is a flagship course designed to take you from basic information gathering to writing your own buffer overflows. This course will introduce you to real-life hands-on penetration testing techniques using the award winning pentesting distribution - BackTrack. This course leads to the Offensive Security Certified Professional.
OSCP
The OSCP, or Offensive Security Certified Professional, is one of the world's first completely hands on information security certifications. The OSCP challenges the students to prove they have a clear understanding the concepts of the Pentesting With BackTrack material, as well as a depth of knowledge in penetration testing. A lab that the student never has seen before is set up with only a limited amount of machines. Each machine is awarded points if a successful hack is performed. The student must demonstrate their depth of understanding by submitting both the steps they took to penetrate the box as well as the proof.txt file. If both of these are submitted the students receives points for that particular box. If they achieve the points they need they can stop and pass or continue on to try and penetrate the whole network. The OSCP is a twenty four hour exam, where a straight 24-hour period is given to that student to attempt this certification. It is a very difficult and challenging exam that will truly test the limits of the student. If a passing score is achieved the student is awarded a coveted OSCP certification.
OSCE
The OSCE, or Offensive Security Certified Expert, takes security certification to a level never even considered today's market. After the student completes the very challenging Cracking the Perimeter class the core of their understanding and knowledge is challenged to the limits in the special OSCE certification labs. The OSCE labs are set up with a limited amount of machines and very specific "hacks" must be performed in order to pass this amazingly challenging 48-hour exam. The student must submit their completed exploits and the steps they took to obtain the proof.txt files on the servers they are challenged with.
OSWP
The OSWP, or Offensive Security Wireless Professional, is one of the world's leading wireless attack certifications. After the student studies the internal workings of wireless signals and how to successfully crack the most popular and common encryption protocols in the market they are challenged with the OSWP certification. A specially designed lab has been built to give each student access to a BackTrack machine that is with in range of our challenging access points. The student is given only 4 hours to crack a limited number of WEP and WPA networks. The Student must submit the correct encryption codes as well as the attack vectors they used to obtain them in order to be awarded the OSWP certification.
Advanced Windows Exploitation: AWE
Advanced Windows Exploitation Techniques (AWE) is an in depth, hardcore drilldown into advanced Vulnerability Exploitation Techniques on the Windows platform - from Offensive Security. The course covers topics such as Egghunters, NX Bypassing Techniques, Function Pointer Overwrites, Heap Spraying, Venetian Shellcode, writing Immunity plugins, WinDgb, Encoding and custom shellcode creation.
Intrusion analysis involves figuring out how an attack was orchestrated. Say for example, your website was hacked. An intrusion analyst will try to recreate what happened from the available logs. Incident handling is slightly similar to intrusion analysis. An incident handler is a person who is trained to respond correctly to that incident, keeping the integrity of the evidence, and restoring the systems to a normal state as soon as possible.
Cyber-forensics is like normal police forensics, but on computers. It is a highly specialized field. You work with law enforcement, courts etc. and have to be able to find things in computer systems where there is seemingly nothing to find. Some leading certifications in forensic include:
Certified Computer Forensics Examiner (CCFE) Certification
Certified Hacking Forensics Investigator (CHFI) Certification
Certified Computer Examiner (CCE) Certification
Being a security consultant is fun if you are passionate about technology and security. It can also be quite painful as people view you as someone who restricts access and just causes inconvenience. It is a field that is really coming up these days. Remember, if you want to get into security, you should first make sure your networking skills are in order. Then you need to learn a programming language, something that lets you talk right to the operating system like C. After that you have to learn all the different aspects of security, types of attacks, common vulnerabilities etc. Practical experience is the best teacher. Most people learn on other people’s networks (if you know what I mean). However, it is far better if you setup your own lab, since you do not want to end up going to jail while trying to make a career.
Another important certification today is the MCSE (Microsoft Certified System Engineer). Microsoft certification is increasing day by day. It is the most widely recognized technical certification in the industry, which is on high demand. The MCSE boot camp institutes make them earn their Microsoft certification and make them lead the organization in successful manner. The MCP personnel administer the most advanced Microsoft windows platform and Microsoft server products. The survey of MCP magazine states that the average base salary of MCP ranges from $60,000 to $70,000. The MCSA (Microsoft certified system administrator) is more for Administration. This would be if you were managing a Windows environment that had already been setup. It will give the skills on that aspect. (This also can count towards the MCSE so if you do this, you would be on your way to completing the MCSE). The MCSE consist of seven tracks including two electives. These days, Microsoft is now emphasizing on MCITP- Microsoft Certified Information Technology Professional. Microsoft has thrown away the ‘engineer’ thing in MCSE and now decided we should be called IT professionals instead of system engineers (though MCSE is still supported). Therefore, with an MCSE we can upgrade to MCITP or start MCITP tracks afresh, writing five exams. The codes for MCITP are stated below.
MCITP
070-620 windows vista
070-640 Fundamental of Window Server 2008 Active Directory
070-642 configuring and troubleshooting window 2008 network infrastructure
070-643 fundamentals of windows 2008 network infrastructure
070-647 Designing windows 2008 network infrastructure
From MCSE one can upgrade MCITP as server administrator or enterprise administrator, most people in my region opt for enterprise administrator, and the
Tracks are stated below:
MCITP Enterprise upgrade
070-647 Windows 2008 Network Infrastructure design
070-649 Updating network infrastructure and Active Directory
070-620 Mobile computing Application Windows vista
MCITP server administrator upgrade
070-646 Planning and Administering Windows 2008
070-649 Updating network infrastructure and Active Directory
Here are other programming tracks using Microsoft platforms
WEB developer
070 536 + 070 528 + 070 547 = Microsoft Certified Professional Developer
Windows Developer
070 532 + 070 526 + 070 548 = Microsoft Certified Professional Developer (Win Apps)
Enterprise Application Developer
070 529 + 070 536 + 070 526 + 070 528 + 070 549 = MCPD
MCM (Microsoft Certified Master)
The Master series certification enables senior-level IT professionals to demonstrate and validate their technical expertise on Microsoft server products and is a prerequisite for the Architect Series
MCM: Microsoft Exchange Server 2007
MCM: Microsoft SQL Server 2008
MCM: Windows Server 2008: Directory
MCM: Microsoft Office SharePoint Server 2007
MCM: Microsoft Office Communications Server 2007
Note, you can easily Google the MCP codes.
Now, to the ultimate IT skill, programming. It is a very old IT skill. In fact, it makes everything happen. Everything you see is some sort of codes, I mean programs, and I mean software. If the internet is a car, then software is its engine. The business world has plenty to lose if software fails. When software fails, millions of dollars are lost and sometimes people are killed. It is like this; functions makes up commands, and commands makes up programs and programs finally makes up software. Therefore, if you have a degree in software engineering, you should be conversant with some programming skills like java, c/c++, html, Perl etc. as it is all part of the curriculum.
Programming can be very difficult, but also very rewarding. It is the highest paying and time consuming IT skill. I will never forget how happy I was when I compiled and ran my first COBOL program in Zaria in 1996. I started programming in Dbase and now I am into C/C++ to enhance my security skills. Now, how you go about your programming career is the big issue you will have to deal with.
It is important to note that you can program in high level, middle level or lower level language. The high-level language can accommodate different functions embedded in a bracket, but the lower level language is flat, while the middle level language can only call functions and it shares both attributes of the higher and the lower level language. In Nigerian institutes of higher learning, students of computer science begin with BASIC and FORTRAN. In the UK, students are introduced to Pascal in their first year. All these languages teach you the basics of programming that helps you understand how to think while programming in any language. However, with line numbers, GOTO commands, etc, in these languages, it does not encourage structured, modular programming like Perl, Python, and C. Nowadays there are so many different choices in programming and some are more suited to certain applications than others are. If you are doing mainly web stuff, PHP, Perl, ASP, are some good tools for you.
When venturing into programming, I always recommend C. It is about the best language to learn how to program. In addition, it is incredibly powerful (the fact that almost all exploits and low-level handling is written in C is a proof). Besides, you need to learn the issues that come along with writing in a language like C. Perl and Python are great, but I think they are too high level. They take away many of the important decisions. You do not need to think about data-types too much. Therefore, Python will provide a quick learning curve with real results for less time invested.
Python also has an ordered way of doing things, so it will teach discipline.
Python can be scaled for larger projects and has good community support. This means, it will be a language that is versatile. Despite that, C is the choice because it appears fundamental to many other languages and it is a lot more "pure" i.e. handling memory etc better. However, this is at the cost of the speed of development. Start with C and every other thing is easy.
The argument of which programming language to start with or stick to is a never-ending one; be it C, C++, java or Python. Python seems easy, powerful and well documented. Python, PERL and PHP as I said earlier are the kind of languages that you can stick with and play forever, making all kinds of useful apps and interfaces. The great thing is you see fast results. Just as soon as you read a couple of pages describing the basic syntax, rules and constructs, you are ready to go (by referring to the function list for whatever you need of course). Mistakes often do not bring punishment and you need not to be concerned with some of the behind-the-scenes stuffs, like the memory, allocations etc. Of course, let us not forget that some real developers bother with these to allow us to work without them. That is the difference between C and scripting languages. With C, you get to see things the way they actually work on your computer -better even, make them work yourself, while in (example) Python you only mess with things that appear more directly functional and practical. Depending on one's interests and needs, he might find the extra control of C exciting.
If someone gets seriously involved with a powerful high-level language that provides the wanted results with small effort, it is easy to get used to it. However, I still stick to my recommendation - start directly with C, because other languages may spoil you enough to stay away from C later on. Moreover, if you are a very ambitious person, then start with C/C++. However, if you are the mere play code type, start with Perl. Perl is fun, and for someone just starting to get their feet in programming, you are less likely to get discouraged when some odd error keeps your first few programs from working. In addition, it is hard not to stay interested when you go on CPAN and see a module that is easy and fun and allows you to connect and use IRC. Even a beginner can boast of some skill, and then you start learning because it is fun. Then, later you can move to C/C++.
Programming is like a chameleon that changes color in different environments. Structured programming like C does not allow any bad habits and you have to learn how to structure your programming properly. When you use a language that forces you to structure your programs properly, once you have mastered it, it really does not matter what language you wish to use after that, your programs will always be structured correctly and thus much easier to write and design even large complex applications. You also have to bear in mind what you are going to be creating applications for we are in the .net arena and Object Oriented so take your c# (C sharp), C++, j# etc very serious. I like the flexibility of VB and C sharp as they all run on .net platform. Java was introduced in 1995, and .NET is Microsoft's response to the Java phenomenon. Microsoft has jumped headlong into the mobile code fray with their .NET framework, as .NET architecture has much in common with Java. One major difference is a smaller emphasis on multiplatform support. . However, Java introduced the world to mobile code and modern network-centric software design. EJB (Java) is also one good object oriented programming that is platform independent. Also, Java language is written tightly to avoid malicious intent, because when you have a java applet executed in an environment there is going to be what we call a sandbox environment created, that is that applet is going to be restricted to the resources within a certain limitation of that environment, unlike some other programming languages that will allow control over a whole device once it is being executed in a particular environment. C and C++ have out-of-date memory management capability and technically speaking, C and C++ are "unsafe" languages because the seething sea of bits can be referenced, manipulated, cast, and moved around by the programmer with impunity. More advanced languages, including Java and C#, are "type safe" and are for this reason much preferred from a security perspective.
We cannot just pick which is good or best programming language. Every programming language got its own importance and benefits, so it depends upon the requirement and its usability, functionality and robustness. You can stick to one or two for dynamism and you are in business. These days, you can make as high as $500,000 for a custom built software for a financial institution excluding training and cost of maintenance which is usually charged per person-hour.
Administering database is another cash line these days. Almost every industry has a need for databases and, developing countries are now fast collecting database to centralize data in the country for important decision-making. Creation of these databases relies on software, mainly developed by Oracle for large-scale databases, Microsoft SQL for web based applications and Microsoft Access for smaller scale and custom applications. Jobs in the database category include data architects, database administrators and information systems managers. Certifications in this category include
Oracle Certified Associate (OCA), advancing to Oracle Certified Professional (OCP) to the ultimate Oracle Certified Master (OCM)
It is one thing getting the certifications and another thing getting the experience. There is no substitute for experience, the idea here is that we don t want people to be too crazy about getting certifications at the expense of getting experience. Experience is something you cannot buy you can study brain dumps to get some certifications in a couple of weeks but the same is not applicable to experience. Usually, Knowledge + know how = skill, and skill repeated repeatedly will result to expertise and now we are talking of experience. Give yourself ample practical experience where possible. Volunteer for an organization that needs someone with computer skills but cannot afford to pay them like some NGOs. I am sure there will be many small organizations that need some kind of IT person to help in some capacity or volunteer as an IT student in a cyber café where you will help them with a lot of cleaning and running some errands just to get the experience. You are going to find that experience and college education will get you the furthest in your career, generally. The certifications displays you have a base knowledge, with say CCNA, they will expect you to know how to configure and administer some basic Cisco networks. Certifications can get your foot in the door these days, a friend of mine got his A+, then was hired in a helpdesk type of position, promoted into network admin, got a few more certifications and a university degree, and now has the experience and paper that can get him a network admin job anywhere. In addition, I am afraid to say this fact that it is not everyone that is compatible IT skills; some people can only operate at the periphery while others can graduate to being IT gurus. That feeling your conscience will tell you. As an IT trainer, within the first few days of handling a batch, I could actually identify the IT guys.
Conclusively, I will advise IT students to take it easy because the IT jobs will still be there by the time they are through with their studies. Do not rush to be certified and then start tampering with some company’s equipments like routers and switches, under-study someone first, so that you do not get into trouble with expensive IT equipments. . Therefore, get some experience, certify, and some degree may be, and then the world before you.
Also, be careful when selecting IT training institute, some do not give you value for your money. As with any field, there are good technical training schools, and bad ones. When you sign up with one of these schools, you have made a significant investment in time and money. Before you put down your hard-earned money, you deserve to know everything about the school and your job prospects after leaving school. The problem is, sometimes it is hard to know the right questions to ask, like:
How up-to-date are the courses they are offering?
Make sure the school you are going to attend has made efforts to keep their courses relevant. Ask what changes have been made to their curriculum in the last three years. No field changes faster than IT does. If the answer to that question is "none", look somewhere else.
What are your job prospects and legitimate salary levels after you graduate from their school?
What textbooks does the school use?
Some technical school chains use only books that someone in their organization wrote. If you are looking into entering the IT field, you probably know someone who is already in it. Use that resource for everything its worth. Ask that person what they think about the books, or for that matter, what the local reputation of the school is. IT is a small world, if the school has a good or bad reputation, most of the IT personnel in your city or town probably know about it.
What is the state of their labs?
Most often when I travel for conferences, before lodging in a hotel I usually request to see the rooms before paying. Therefore before enrolling with any IT institute make sure you take a facility tour of their labs.
One of the most beneficial things for me has been talking with friends and co-workers about the things you are learning. If you can find these two types of people, it will help you; first, a friend who has the same interests as you that you can study with and bounce ideas off, and second, a mentor who can validate your thoughts and teach you things you cannot get from a textbook.
sose
Network Engineer
analysethis.co/index.php/forum/index
The following user(s) said Thank You: next_virus
14 years 5 days ago #34239
by Alans
always Face your Fears...
Replied by Alans on topic Re: Natural career progression
i'd like to know, but just can't read all of them sose.
anyone can brief what sose wrote?
anyone can brief what sose wrote?
always Face your Fears...
14 years 5 days ago #34240
by Nevins
Useful Threads
================================
www.firewall.cx/forum/2-basic-concepts/3...e-resource-page.html
Replied by Nevins on topic Re: Natural career progression
My advice if your in the united states is to get the Network+ cert from CompTIA. It's significantly easier than the CCNA you already have from what I understand and then you can get the Security+ cert. The reason I suggest these is the DoD has a directive to hire people with these sets of cert skills:
www.techexams.net/blogs/jdmurray/it-cert...directive-8570-01-m/
Otherwise get your CCNP Then CCSP you could do it in the reverse order but I think you'll have a better understanding of CCSP topics if you already know CCNP material.
www.techexams.net/blogs/jdmurray/it-cert...directive-8570-01-m/
Otherwise get your CCNP Then CCSP you could do it in the reverse order but I think you'll have a better understanding of CCSP topics if you already know CCNP material.
Useful Threads
================================
www.firewall.cx/forum/2-basic-concepts/3...e-resource-page.html
14 years 5 days ago #34245
by Arani
Picking pebbles on the shore of the networking ocean
Hi Sose,
Thank you a million times!!! I can't imagine you came up with that. Bearing in mind the last part where it says 'a friend who has the same interests as you' and about the mentor, I reckon as long as I keep in touch with friends like you and firewall.cx as a mentor, I can't go wrong.
Thanks again
Thank you a million times!!! I can't imagine you came up with that. Bearing in mind the last part where it says 'a friend who has the same interests as you' and about the mentor, I reckon as long as I keep in touch with friends like you and firewall.cx as a mentor, I can't go wrong.
Thanks again
Picking pebbles on the shore of the networking ocean
14 years 4 days ago #34248
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: Natural career progression
Hi Arani, may I add to folks above
Since you've mentioned that your onto security, as per Cisco's requirements in the following page:
www.cisco.com/web/learning/le3/le2/le37/...ation_type_home.html
You don't need CCNP to pass for CCSP. So if your career depends on it and your short in time, you could just go for CCSP and then tackle CCNP by your comfort. Note that NONE of the required exams of CCNP are required or elective in CCSP. So certs wise, CCNP will not speed up things. But surely CCNP will give you a broader understanding.
Since you've mentioned that your onto security, as per Cisco's requirements in the following page:
www.cisco.com/web/learning/le3/le2/le37/...ation_type_home.html
You don't need CCNP to pass for CCSP. So if your career depends on it and your short in time, you could just go for CCSP and then tackle CCNP by your comfort. Note that NONE of the required exams of CCNP are required or elective in CCSP. So certs wise, CCNP will not speed up things. But surely CCNP will give you a broader understanding.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Time to create page: 0.155 seconds