Security Engineer as career
Author: Stefan Waldvogel
Path to a Junior Security Engineer
For this question, I asked a Senior Security Engineer and his feedback was:
One thing in advance:
It is hard to get such a role. If you want this career, build a network, go to conferences, make friends.
Many Security Engineers start their Cybersecurity career with a Systems administrator role or a Network administrator role because it is nearly impossible to jump into an Engineer role without a solid background.
The network path:
Starting with CompTIA Network+ is a good idea because you get the knowledge for free (https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/) and you learn how to take exams. The exam (~$360) is one of the most challenging CompTIA exams, do not underestimate it.
The next step is CCNA. This learning path gives in-depth knowledge about the technical side of networking. CCNA holds a lot of value and opens you a lot of doors. We have right now (April 2021) nearly 100K open jobs with this requirement in the US.
Create a lab at home or use Cisco's packet tracer tool (https://www.netacad.com/courses/packet-tracer) to practice your skills. Cisco's tool is very convenient because you get a free course (~10 hours) via Cisco's Network Academy, and you learn the basics without setting up a big home lab.
The following picture shows the tool and an example.
- Networking
- Linux
One thing in advance:
It is hard to get such a role. If you want this career, build a network, go to conferences, make friends.
Many Security Engineers start their Cybersecurity career with a Systems administrator role or a Network administrator role because it is nearly impossible to jump into an Engineer role without a solid background.
The network path:
Starting with CompTIA Network+ is a good idea because you get the knowledge for free (https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/) and you learn how to take exams. The exam (~$360) is one of the most challenging CompTIA exams, do not underestimate it.
The next step is CCNA. This learning path gives in-depth knowledge about the technical side of networking. CCNA holds a lot of value and opens you a lot of doors. We have right now (April 2021) nearly 100K open jobs with this requirement in the US.
Create a lab at home or use Cisco's packet tracer tool (https://www.netacad.com/courses/packet-tracer) to practice your skills. Cisco's tool is very convenient because you get a free course (~10 hours) via Cisco's Network Academy, and you learn the basics without setting up a big home lab.
The following picture shows the tool and an example.
Cisco Packet Tracer
|
|
If you have a network job add valuable certs like:
The Linux path
If you never used Linux, install it on your machine as dual boot and use it as your primary system every day. What distribution should you pick? I suggest two options:
If you want or need a certification, LPIC 1-3 are some options to start, and if you have the basics, you can go for RHCSA. RHCSA certification is hands-on -> possible salary range in Austin, TX => $75K - $120K. I am adding RHCSA right now, and it is not that hard as expected. In the US, we have about 8,000 RHCSA cert holders (LinkedIn) and therefore it is a good way to stand out.
Another option is RHCE (more difficult, higher salary).
You did (all) the stuff and worked some years in IT? Congratulations, now you have a solid background to start a Security Engineer career.
The Security path
A Security Engineer is a defender role, but you need blue and red knowledge to secure your company.
Get the basics with RangeForce free Community Edition and INE's free Starter Pass to get a feeling about both companies.
Employers want hands-on, but you cannot work 8 hours in a lab. If you need a break, go for John Strand's pay as you can courses. He is a former SANS instructor, and his courses are amazing... really! (https://wildwesthackinfest.com/training/)
At this point, you have a solid knowledge of security. You are not a pro, but you can use it as the foundation for your next steps. You need probably one or two certifications to get a matching job. This path does not have many HR relevant certs, and your background is ultra-strong. Often you see certs like CSSLP, CISSP, OSCP, GWAPT, GPEN, CISA, CISM, etc.,
Most of these certs are not relevant for your job; it is an HR list.
- CCNA Security
- CCNA Cyberops
The Linux path
If you never used Linux, install it on your machine as dual boot and use it as your primary system every day. What distribution should you pick? I suggest two options:
- Easy option: Ubuntu is an excellent option because later (for the security part), you will use Kali Linux, and both are very similar.
- Pro option: Get Red Hat via Red Hat's developer program. Red Hat is used in many data centers and servers around the world. Free training is here:https://www.redhat.com/en/services/training/rh024-red-hat-linux-technical-overview In the past, CentOS was a good option, but the support ends 31 December 2021.
If you want or need a certification, LPIC 1-3 are some options to start, and if you have the basics, you can go for RHCSA. RHCSA certification is hands-on -> possible salary range in Austin, TX => $75K - $120K. I am adding RHCSA right now, and it is not that hard as expected. In the US, we have about 8,000 RHCSA cert holders (LinkedIn) and therefore it is a good way to stand out.
Another option is RHCE (more difficult, higher salary).
You did (all) the stuff and worked some years in IT? Congratulations, now you have a solid background to start a Security Engineer career.
The Security path
A Security Engineer is a defender role, but you need blue and red knowledge to secure your company.
Get the basics with RangeForce free Community Edition and INE's free Starter Pass to get a feeling about both companies.
- Pro tip: If you work for a good company and can access SANS courses, do not miss them. SANS training is outstanding but usually not affordable (~$7K). Take some related courses like SEC504/GCIH and SEC503/GCIA.
- TryHackMe (do the free stuff first)
- HTB Academy (do the free stuff first)
- BTLO (do the free stuff first)
- RangeForce: If you are a student somehow, they have an affordable student pass (~$250) to get access to all 500 modules
- INE: Premium pass ($750) -> you get access to labs, countless courses (red, blue), ten thousand's slides, and videos.
- TryHackme: ($10 a month) guided path mostly red but more and more blue modules
- HackTheBox: ($10 am month) most red side, no help
- BTLO: ($30 a month) blue side
- BHIS Cyber Range: ($30 a month) blue side
Employers want hands-on, but you cannot work 8 hours in a lab. If you need a break, go for John Strand's pay as you can courses. He is a former SANS instructor, and his courses are amazing... really! (https://wildwesthackinfest.com/training/)
At this point, you have a solid knowledge of security. You are not a pro, but you can use it as the foundation for your next steps. You need probably one or two certifications to get a matching job. This path does not have many HR relevant certs, and your background is ultra-strong. Often you see certs like CSSLP, CISSP, OSCP, GWAPT, GPEN, CISA, CISM, etc.,
Most of these certs are not relevant for your job; it is an HR list.
© 2021. This work is licensed under a CC BY-SA 4.0 license