[Advice] What Next?

I've recently completed my CEH certification while working as a Network Intrusion Analyst within a SOC environment, and I'm due to change roles to a Vulnerability Management Engineer, working with a QualysGuard, nessus, burp, ikescan etc.
I'm looking for advice on what certification to do next. I believe my new employer will provide QualysGuard Certified Specialist training, but I'd also like to work on something else in my own time, possibly scripting related but I'm undecided.
I have the following certifications:

CCENT
CCNA
CCNA: Security
eCPPT Gold
CEH
Security +
CCA

Any recommendations would be appreciated.

Find more posts tagged with

Comments

vasyvasy

How about OSCP?

Jonnyah

OSCP is a possibility. I've always been slightly worried by the time commitment required for the OSCP, but I'll keep it in mind for 2nd quarter of next year when I should have more spare time.

Zoovash

Have you looked at PentesterAcademy ? Since you already have some pentesting oriented certifications, Vivek's courses could only enforce your knowledge and give you a step forward in your preparation to OSCP. He has an entire course on python scripting that should come in handy for any security professional. If you absolutely want a certification path, you could go for Linux+ / CCNP Security

P.S. Qualys certification is pretty trivial.

Jonnyah

Learn Pentesting Online looks good. I want to brush up on my Python for sure. I wasn't overly impressed with Violent Python when I went through it, the anecdotes where good, but I don't know how much I actually learned. So this is definitely an option.

broli720

From a certification stand point I would say you're okay. Having too many just makes it seem like you're collecting them. Just sure up your scripting with some vb, python, or bash and you should be good to go.

The only one I would recommend would be CISSP when you're ready to make the jump into management.

cyberguypr

FYI Qualys exam and training are both free. You could take this in a few hours and pass. Hope you weren't told something else by your employer.

JDMurray

Will your employer send you to Nessus training and certification? Sounds like it will come in handy for you.

Jonnyah

Nope, no Nessus training and certification has been discussed, but that's not to say it won't happen.
At the moment I'm inclined to get the Qualys training out the way with, I realise it's free, but it's a requirement for the role.

Next I'll probably look to getting comfortable with scripting. I can just about get by at the moment, but feel inedaquate allot of the time.

I can reasses the situation after that.

Thanks for all the comments!