[Advice] What Next?

JonnyahJonnyah Member Posts: 10 ■□□□□□□□□□
I've recently completed my CEH certification while working as a Network Intrusion Analyst within a SOC environment, and I'm due to change roles to a Vulnerability Management Engineer, working with a QualysGuard, nessus, burp, ikescan etc.
I'm looking for advice on what certification to do next. I believe my new employer will provide QualysGuard Certified Specialist training, but I'd also like to work on something else in my own time, possibly scripting related but I'm undecided.
I have the following certifications:
  • CCNA
  • CCNA: Security
  • eCPPT Gold
  • CEH
  • Security +
  • CCA
Any recommendations would be appreciated.


  • vasyvasyvasyvasy Member Posts: 68 ■■■□□□□□□□
    How about OSCP?
  • JonnyahJonnyah Member Posts: 10 ■□□□□□□□□□
    OSCP is a possibility. I've always been slightly worried by the time commitment required for the OSCP, but I'll keep it in mind for 2nd quarter of next year when I should have more spare time.
  • ZoovashZoovash Member Posts: 84 ■■□□□□□□□□
    Have you looked at PentesterAcademy ? Since you already have some pentesting oriented certifications, Vivek's courses could only enforce your knowledge and give you a step forward in your preparation to OSCP. He has an entire course on python scripting that should come in handy for any security professional. If you absolutely want a certification path, you could go for Linux+ / CCNP Security :)
    P.S. Qualys certification is pretty trivial.
  • JonnyahJonnyah Member Posts: 10 ■□□□□□□□□□
    Learn Pentesting Online looks good. I want to brush up on my Python for sure. I wasn't overly impressed with Violent Python when I went through it, the anecdotes where good, but I don't know how much I actually learned. So this is definitely an option.
  • broli720broli720 Member Posts: 394 ■■■■□□□□□□
    From a certification stand point I would say you're okay. Having too many just makes it seem like you're collecting them. Just sure up your scripting with some vb, python, or bash and you should be good to go.

    The only one I would recommend would be CISSP when you're ready to make the jump into management.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    FYI Qualys exam and training are both free. You could take this in a few hours and pass. Hope you weren't told something else by your employer.
  • JDMurrayJDMurray Admin Posts: 13,025 Admin
    Will your employer send you to Nessus training and certification? Sounds like it will come in handy for you.
  • JonnyahJonnyah Member Posts: 10 ■□□□□□□□□□
    Nope, no Nessus training and certification has been discussed, but that's not to say it won't happen.
    At the moment I'm inclined to get the Qualys training out the way with, I realise it's free, but it's a requirement for the role.

    Next I'll probably look to getting comfortable with scripting. I can just about get by at the moment, but feel inedaquate allot of the time.

    I can reasses the situation after that.

    Thanks for all the comments!
Sign In or Register to comment.