After the blog I wrote, "A Career in IT Security for Public Safety," I have received many questions about what path to take for a career change into IT. It depends on if a person wants to get into IT or IT Security; there is a difference.
First, for total transparency, I retired from law enforcement after 25 years on the job. I worked in the security industry at a financial services company, health care, and a reservation before forming my company GingerSec, IT Solutions. During my career in law enforcement and the private sector, I have always been in teaching roles, law enforcement courses, and, more recently, college, university, and IT boot camps. My company GingerSec is a CompTIA training partner, meaning we teach CompTIA material during our boot camps. Over the last 20+ years of teaching people from different walks of life, I have learned people learn in vastly different ways. Individuals need to take classes to learn from and obtain their objectives.
There are two different sides of the houses in IT, Operations and Security. This is like Public Safety, you have police, and you have fire. Both know what the others do, but not enough to do the job. It is no different, IT Operations and IT Security. Operations I classify things like help desk, network engineer, web design network operations center, etc. Security you have things such as incident response, security operations center, access management, etc. What are the best paths?
CompTIA has put together a chart for what you should do to get into IT or IT Security. It is really good; not necessarily everyone needs to follow.
First, let's look at that operations side of the world.
· CompTIA IT Fundamental+ is a good course for a very broad and shallow overview of the IT world. None of the topics go deep because it is meant for someone just dipping their toe into the IT world.
· CompTIA A+ requires two tests to be certified. This course details how computers work, how things are processed, and many hardware topics. This is geared more for help desk folks.
· CompTIA Network+ is a vendor-agnostic course covering how data flows across the "wire" as we communicate with each other and the world. This is an excellent course for help desk folks and those interested in networking.
Looking at the Security side of the house, I would take the same courses as above except the CompTIA A+.
So IT Security would look like this:
· CompTIA IT Fundamental+ is a good course for a very broad and shallow overview of the IT world. None of the topics go deep because it is meant for someone just dipping their toe into the IT world. This will help security professionals understand the basics; we are at a point where many new security professionals will not do anything in IT except security.
· CompTIA Network+ is a vendor-agnostic course covering how data flows across the "wire" as we communicate with each other and the world. This will help security folks because the CompTIA Security+ exam talks about many attacks across the wire. You need to understand how data flows to help understand these attacks.
· CompTIA Security+ is an excellent entry-level course in the IT Security world. This course will cover some basic attacks that are still a problem today.
There are many other CompTIA certifications to choose from; I only mentioned three on each side to get going. These certifications would be suitable to get going.
There are many different ways you can learn this material. Professor Messer is an excellent source for self-study material. There are also a few books out there that will help you understand the material. You can also find a course on different platforms like Udemy. All of these are excellent sources to learn. I have taken them and have used them in some lessons I have taught.
Bootcamps are another source of learning. These are typically one-week (40 hours) instructor-led classes to prepare you for a certification. The good courses will be instructor-led, computer labs (practice environment), practice questions, and books. Some boot camps have test vouchers included in the price of the course. Attending the course does not get you certified; you need to test.
Stick with CompTIA, Microsoft, EC-Council, Cisco, ISC2, and Sans for the certification organizations. These are the ones that are most widely recognized.
GingeSec is a CompTIA training partner; let us help get you certified by attending one of our certification boot camps.