Guys i'm interested in pursuing a career in Security in the not so distance future. But i'm having a problem getting an idea of how i break into the field...

Education and experience wise, i've been expose to almost everything IT, with a greater weight placed on Networking. So how do i get a tast of Security?

I have the Security + cert under my belt, but will CISSP land me a job. Or will i need the job to land CISSP

Can anyone shed some light...BCK...or anyone ?

i'm having a problem getting an idea of how i break into the field...

So how do i get a tast of Security?
I was gonna suggest starting out as a security guard, LOL, but forget that....

lol, Funny Virus...

Realistic replies please!!!

just a quick question. you planning on doing this freelance or for one specific company??

You looking at doing certifications only or a Master's because Carnegie Mellon has a degree in Information Security and Management (check it out at www.ini.cmu.edu

You looking at doing certifications only or a Master's because Carnegie Mellon has a degree in Information Security and Management (check it out at www.ini.cmu.edu



I want to do this in the quickest and most efficient way possible. I dont wanna spend four years and then not be able to market myself. And Certs seem to be the solution that follows from that criteria.

The only way i'll do a masters in it is if that school will provide me with an internship.

@ DC

I want to work with companies that specialise in providing such solutions...but its a possibilty (down the road) that i would freelance - when the demand for such services becomes 'high peak' in JA.

Any other ideas other than a masters???

I want to do this in the quickest and most efficient way possible. I dont wanna spend four years and then not be able to market myself. And Certs seem to be the solution that follows from that criteria.

The only way i'll do a masters in it is if that school will provide me with an internship.

@ DC

I want to work with companies that specialise in providing such solutions...but its a possibilty (down the road) that i would freelance - when the demand for such services becomes 'high peak' in JA.

Any other ideas other than a masters???

Sorry I'm seeing this a bit late...
I posted a link to a good e-book on the Information Security field. Search this Education forum for it (I forgot where it is). The e-book is on the website http://www.certcities.com. It gives you a good perspective on what is involved in getting the security certs and jobs out there.

Bad news is that there is no quick fix. You cannot become a security expert overnight. The field is too broad. Getting certs is a good move, but there's no substitute for experience. The good news is that you don't have to wait until you are in a "security job" to get experience with security issues. If you work in networking, you can apply security there. Same goes for systems administration, programming, etc. I'd advise you to start thinking security, then practice security. Eventually, you will build your experience and reputation as a "security person."

Also, certs like CISSP, CISA and CISM require years of experience working within the different areas of security.

The Masters option is also a good thing to investigate. Nova, and University of London have good programmes in Information Security. Check them out.

Here's the thread with the link to the e-book:
http://www.techjamaica.com/forums/showthread.php?t=2438&highlight=security+e-book

Thanks for the info BCK...i'll do my research now.

Can I ask u tho, is the Information Security course offered by Nova any good? Is it a first degree or second degree? And can it be done in JA (in the same way they have their MBA programmes)?

Nova's security degree is a Masters and its NSA certified.

Thanks for the info BCK...i'll do my research now.

Can I ask u tho, is the Information Security course offered by Nova any good? Is it a first degree or second degree? And can it be done in JA (in the same way they have their MBA programmes)?

I think the Nova degree can be done out here. Rodalembs is doing one. There should be a thread in the education forum relating to that specifically. Search for it.

Thanks BCK, i'll do my research

ok BCK, i read the thread Rodalembs posted in. My only concern is ROI.

Do you believe it a worthwhile investment ...in terms of actually attaining post graduation employment to repay the loan that i would need to sit the degree?

I am in Canada now, but will possibly return to JA within the year...and studying is an option. But I dont want to indebt myself to the point of no return. What would you suggest, from a cost/benefit poin tof view?

hey i also wanna go down the security route, currently i'm doing my a+ server+ and network+ certs, also i am ddoing a bsc. in computer science. is there anywhere in ja that has a course for security +? also i want to do my ccna next year, maybe feb. Jeez these certs aint cheap

I also wanna get certified as an ethical hacker

ok BCK, i read the thread Rodalembs posted in. My only concern is ROI.

Do you believe it a worthwhile investment ...in terms of actually attaining post graduation employment to repay the loan that i would need to sit the degree?

I am in Canada now, but will possibly return to JA within the year...and studying is an option. But I dont want to indebt myself to the point of no return. What would you suggest, from a cost/benefit poin tof view?

Will you be able to find a job using your security skills? Yes, I think so. Consider that security gradually getting more attention these days. The government is trying to push online transactions for govt. business, financial institutions are offering online banking facillities, and legislation is supposed to be coming into effect to address electronic transactions and cybercrime (when this will be is another story). With all of that, companies will need people to ensure that security is taken care of.

Audit firms are increasingly seeking persons with IT Security experience to service their clients for Security Audits/Control reviews and consulting. Just the other day, MCSystems advertised a job for an Information Security Officer. There is scope for employment within the field and it will expand with time. Getting those skills and qualifications will prepare you to take advantage of the opportunities that are approaching.

Even if you don't get a job as a "Security person" you can always do your own consulting.

A Masters is generally a good investment. Sure it's costly, but with it, you are more likely to get a managerial job which should provide sufficient salary to help you pay off your loan for the degree.

If cost is a concern for you, then I'd suggest doing certs for now since they are more affordable. The certs can help you get a decent job form which you can save up to do the Masters.

Whatever you decide, good luck.

Thanks BCK...I'll be doing some serious thinking!

Boom times ahead for IT security profession

By John Leyden, The Register Nov 9 2004 9:36AM

Boom times are ahead for security pros. The information security workforce will expand by an estimated 13.7 per cent annually to reach 2.1m workers by 2008. Approximately 680,000 of this expanded workforce will work in Europe.

The (ISC)2 2004 Global Information Security Workforce Study found the wider use of internet technologies, a dynamic threat environment and increasingly stringent government regulations are driving the growth of the profession. The 1.3m information security professionals currently employed will see their ranks swell by more than 60 per cent within five years, according to IDC, which conducted the study on behalf of security certification body (ISC)2.
Read full article (http://www.securityfocus.com/news/9887)

Well, maybe theres hope yet.

Hey.. I just got to see this also.!... Interesting Discussion.

For those interested in the Nova porgramme....I on my last 2 two courses for the Masters in Management information Systems and i have been accepted in the Phd. Security Programme. Nova is good for a couple of reasons:

Flexible
Good Tutors
Rigours Study
Cutting Edge Teaching
Reasonably Priced

Just to reitorate what BCK has said.....it is wide field....and more so emerging in Jamaica. Be prepared to do some grundge work along with the certs and education.

I also wanna get certified as an ethical hacker
funny enough I have the tuturials for this cource, Video, but iam just too lazy to watch them :eusa_wall

hey where can i get that info, the tutorials, and videos

kilja..why would you want to limit you self?

Hey.. I just got to see this also.!... Interesting Discussion.

For those interested in the Nova porgramme....I on my last 2 two courses for the Masters in Management information Systems and i have been accepted in the Phd. Security Programme. Nova is good for a couple of reasons:

Flexible
Good Tutors
Rigours Study
Cutting Edge Teaching
Reasonably Priced

Just to reitorate what BCK has said.....it is wide field....and more so emerging in Jamaica. Be prepared to do some grundge work along with the certs and education.
Congrats dude. Can you complete the PhD via distance?

Yeah....All by distance,,,,the only problem is the cost.....$4150 US per cluster.....

Real Expensive......

Yeah....All by distance,,,,the only problem is the cost.....$4150 US per cluster.....

Real Expensive......

When you say per cluster, what exactly do you mean? Is the US$4150 for the entire programme? Or per semester?

CEH - Certified Ethical Hacker is a good course to provide you with a solid background on security. Employment with the use of this certification may prove difficult in the Jamaica as the companies may think that your intentions may not be pure.

C.I.S.S.P - Great course to do and a excellent certification to have in your arsenal. If you do not have 3 -4 years professional experience in security (which is a requirement), you will be given the title of CISSP Associate until such time.

Security + - In my opinion.... this course it pretty basic and will give you a limited backgroud, in comparison to the others. Some companies will happily accept this.

There are other certifications, but most are vendor based. I think there is a free pdf somewhere that can better bring the industry to light. BCK??? post it please

@ Nastro

I have the Security +, but what i want is the CISSP, which like you highlighted, is not awarded without 3 - 4 yrs experience...hence my dilemna - How do i get such experience...luck?

@ Nastro

I have the Security +, but what i want is the CISSP, which like you highlighted, is not awarded without 3 - 4 yrs experience...hence my dilemna - How do i get such experience...luck?

Breddrin, do the exam anyway, get the Associate designation, then just gwaan work. The experience will come with time. Make the first step and take the exam!

When you say per cluster, what exactly do you mean? Is the US$4150 for the entire programme? Or per semester?

Doctoral Programs: Program Formats and Term Dates

Terms for the doctoral program are five months long (see Academic Calendar for specific dates). During the first two years of the program, most students complete two three-credit core or elective courses and one four-credit project course each term. After the completion of all courses and 40 credit hours with a GPA of at least 3.0, the student registers for the dissertation at 12 credits per term for two terms. Students who have not completed the dissertation after registrations for Dissertation I and Dissertation II must register for Continuing Dissertation until they have satisfied the dissertation requirement. Doctoral residence is defined as continuous enrollment for two consecutive terms at a minimum of 10 credit hours per term.

Depending on the program, students may select one of two formats: cluster or institute. Programs for computer information systems and computer science are offered in cluster format only. Programs for computing technology in education, information science, and information systems are offered in both cluster and institute formats. Cluster students, while taking courses, attend four cluster meetings per year, held quarterly over an extended weekend (Friday, Saturday, and half-day Sunday) at the university. Cluster terms start in March and September. Cluster weekends are held in March, June, September, and December. Institute students, while taking courses, attend a weeklong institute twice a year at the university. Institutes are held in January and July at the start of each five-month term. Clusters and institutes bring together students, faculty, and staff members for participation in courses, dissertation counseling (individual and group), special lectures, and ample opportunity for student-faculty and student-student interaction. Students are required to attend all of their scheduled cluster or institute class sessions.

Between on-campus meetings, students work on assignments and projects, and participate in online activities that facilitate frequent interaction with the faculty and with other students. The online component involves use of web pages to access course materials, announcements, the Electronic Library, and other information. Online activities may include forums using threaded discussion boards, chatrooms, email, and electronic classroom sessions. In addition, the school provides a system that enables the student to submit assignments online in multimedia formats and to receive his or her professor's online reviews of assignments in the same formats. Students are provided NSU computer accounts but must obtain their own Internet service providers and use their own computer systems.



Tuition for Course Work $475 per credit hour ($4750 for 10 Credit hours)
Tuition for Dissertation I or II $5,100 per term (12 Credit hours)
Tuition for Continuing Dissertation $2,550 per term (6 Credit hours)

Application Fee $50 nonrefundable
Registration Fee $30 nonrefundable
Materials Fee $20 per 700-level course
Readmission Fee $50 nonrefundable
Program Change Fee $50 nonrefundable
Graduation Fee $75
Deferment Fee for Installment Payment $50
Late Registration Fee $100 nonrefundable

The Curriculum for the Ph.D. in Information Systems

The program requires 64 credit hours, of which 40 are for courses and 24 are for the dissertation. Most students take two core courses and one project course per term during the first two years and register for the dissertation in the third year. Core courses, project courses, and dissertation registrations are listed below:
(Also see Course Descriptions for DISS).

Core Courses (three credits each) (Select eight of these.)
DISS 700 Research Methodology
DISS 710 Decision Support Systems
DISS 720 Human-Computer Interaction
DISS 725 The System Development Process
DISS 740 Telecommunications and Computer Networks
DISS 745 Electronic Commerce
DISS 750 Database Systems
DISS 755 Information Security
DISS 770 Information Policy
DISS 791 Client-Server Computing
DISS 792 Enterprise Architecture Infrastructures Planning and Management
DISS 799 Special Topics in Information Systems (offered on various subjects)

Project Courses (four credits each) (Select four of these. Must be taken concurrent with, or following completion of, the corresponding core course.)
DISS 800 Project in Research Methodology
DISS 810 Project in Decision Support Systems
DISS 820 Project in Human-Computer Interaction
DISS 825 Project in the System Development Process
DISS 840 Project in Telecommunications and Computer Networks
DISS 845 Project in Electronic Commerce
DISS 850 Project in Database Systems
DISS 855 Project in Information Security
DISS 870 Project in Information Policy
DISS 891 Project in Client-Server Computing
DISS 892 Project in Enterprise Architecture Infrastructures Planning and Management
DISS 899 Project in Special Topics in Information Systems

Dissertation Registrations
DISS 910 Dissertation I (12 credits)
DISS 915 Dissertation II (12 credits)
DISS 920 Continuing Dissertation (6 credits)

Thanks man.

thanks BCK....

For the person looking at tertiary education in the New Year....especially at the masters level.if you are strapped for time. and i your undergrad GPA is closer to a celeron processor speed than a P4 :o :) ...Seriously though....I have done some serious research on the distance learnnig field... Unlike us in JA..and unless yu want to work fi Donald Trump or one of dem ppl deh.....alot of compaines in the US are not as hung up on the big names universites (execpt for like MBA)...What i want to highlight is two good distance universtis that the US government use for its military ppl....

Capella University www.capella.edu
Kennedy-Western www.kw.edu

Check dem out...some good programs

The info in this thread and in the links reference were very useful. Thanks.

Cue, hows the pursuit of a security career going?

Securityfocus.com had some good articles on the kinds of skills that good security analysts and network security persons should seek to develop. They talk about the TCP/IP skills (http://www.securityfocus.com/infocus/1779) that are needed for a good foundation in network security analysis. They also talk about advanced skillsets (http://www.securityfocus.com/infocus/1861) that would be needed to achieve a higher level of expertise.

Suffice it to say that if you have good knowledge of protocols (starting with TCP/IP and including others) and programming (including scripting) then you have some important skills and tools to become an excellent security analyst.

<sigh>Time to dig up that old Kernigan and Ritchie C programming book.</sigh>

:eusa_thin