When I started out in IT in June 2000, the traditional route was to build a strong base of routing and switching knowledge and then become an expert in it or specialize in the field of voice or security. My advice was to do this very thing for several years in fact.
I still insist that getting to CCNP RS level before specializing is very important, but now we are living in a quickly changing IT world. As an IT person, you can no longer afford to ignore the fact that organized gangs of criminals, hackers, and terrorists are working 24/7 to attack your personal computer, your phone, and your business systems.
Some do it for revenge, some for mischief, and others for financial gain. Only last week, Chicago Police paid $600 to a hacker to unlock all their files that had been locked by ransomware. No doubt this was an embarrassment to them, and the IT team was the subject of some pointed questions as to how this happened to a law enforcement agency.
Maybe you know what ransomware is and what you can do to counter it, and maybe you don’t. In the above case, a user clicked on a phishing e-mail, which led to all the files on their computer becoming locked. By the time it was discovered, all the backup files had also been locked. And because ransomware can also affect mobile devices, you can see how an entire organization can quickly become crippled.
Here is my new position. You don’t need to know much about voice networking if you don’t have an interest in it. You do need to understand routing and switching well, and you need to understand virtualization, project management, and cloud computing reasonably well if only so you understand how networks work and can have a meaningful conversation with fellow IT engineers and the management team.
But when it comes to security, you need to have more than a basic understanding. This is for your own personal protection (think data, social media, and bank accounts) and for the protection of your corporate network.
You need to understand the difference between a firewall and intrusion prevention system. You need to understand how a virus works, as well as how a Watering Hole Attack leverages cloud services to help gain access to even the most secure and sophisticated enterprises and government agencies. You need to understand authentication methods, as well as Penetration testing vs. Vulnerability scanning.
As mentioned above, you need to understand not only for your personal protection but also so you don’t unknowingly expose your corporate network to a threat AND so you can contribute in a meaningful way to discussions and issues on your network. I can pretty much guarantee that security policies and training will be a core part of staff training and interviews in the coming years.
For this reason, while subjects such as voice networking are nice to have, security is now a must have. If you want to gain a really good understanding of modern threats and countermeasures, then check out the brand new Security+ syllabus from CompTIA. I’ve had the entire course updated by a CCIE Security professional, who for a living helps major companies harden their networks. Who better to learn from? Here is the course: