University or certifications
I live in Canada and I'm 24. I don't know how you call this in the U.S., but I have a DEC in computer science (which is the school level just before University). It's basically three years of studies in computer science after high school. I'm being administering a small network for three years and I just finish taking my Cisco Academy classes (I'll take the CCNA exam in 2 weeks.)
I'm really interested into networks and security (firewall and stuff.) Because there are no schools like here that offer security at the university level classes, I have to look at certifications. What would you do in my place? Go to a university and get a general IT Engineer Bachelor or get experience and security certification? I see myself working in a bank in the computer security department or something like for the police "computer security task force" or for a big company like IBM and configuring ACL on routers.
Given the kinds of positions that interest you, either a diploma or a collection of at least two security certs will probably help you get where you want to go. I assume you understand the academic side of things, so I'll concentrate on security certs in my reply, along with some other observations and advice. You'll want to start with the CompTIA Security+ certification to get yourself familiar with this field, and to establish a foundation with basic concepts, terminology, tools and technology. Next, I recommend pursuing the ISC-squared's CISSP--but because it includes 4 years of work experience as one of its requirements (in addition to a reasonably tough, 6-hour, 250-question exam) you'll also want to find work that gets you real-world security experience while you're working your way toward the
CISSP. As you make your way toward that 2nd credential, you might also want to investigate training and offerings from companies like the SANS Institute (www.giac.org) or Security University (www.securityuniversity.com) to get some nuts-and-bolts coverage of more advanced topics, and gain additional impetus to gather hands-on experience and real-world information security skills.
Good luck with your career planning and studies.
This was first published in May 2003