What is the next step after the Security+ certification?

Hey everyone,

I am looking to grow in InfoSec, just earned my Security+ this past Saturday. Now my challenge is the same as others, where to next? I saw some older posts on here, but they referred to the next step being a couple of Microsoft exams that have already been retired. Honestly, I'm still not sure of exactly where I want to go in InfoSec. I do know that I do not want to do forensics. I also am not looking to do anything that has to do with coding, at least not anytime soon. I'm starting to think that my next step will be GIAC Essentials, or CEH. I am just not sure. Also, I work on a help desk (over 2 years) and we all know that most certifications require experience. I am also currently in school to get my AA and BS in I.S. Any suggestions? The CompTIA Certification roadmap has a bunch of other certs next to Security+ that are considered intermediate, I'm wondering if I should get another 'intermiediate' or or get an 'advanced' one next.

Thanks.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

colemic

Based on what you said, I would look at going down a GRC-type path. It isn't nearly as technical in nature (but having a technical background is critical to understanding what is going on in our environment!).

It's really up to you as far as certs - keep in mind that most advanced security certs have experience requirements. And stay in school, and get your degree.

bigdogz

Although CEH is more of a tools based exam. If you are looking to get into InfoSec you need to learn how to code. It may not be huge but coding helps a great deal especially if you are a white hat and hack the web and database servers. After all, you do want to break it. At the very least, you will have to know the basics to read or sniff data that goes into various devices as well. Pen testing will involve more coding because that is just the nature of the beast. Some scripts will be easy but there are times when you have to come up with a script.

Good Luck!!!

chickenlicken09

is coding needed for the grc path?

zxshockaxz

bigdogz wrote: »

Although CEH is more of a tools based exam. If you are looking to get into InfoSec you need to learn how to code. It may not be huge but coding helps a great deal especially if you are a white hat and hack the web and database servers. After all, you do want to break it. At the very least, you will have to know the basics to read or sniff data that goes into various devices as well. Pen testing will involve more coding because that is just the nature of the beast. Some scripts will be easy but there are times when you have to come up with a script.

Good Luck!!!

This is very accurate. CEH is very tool based, and being able to know what tool to use when is a very important part of pentesting, but being able to create your own tools when needed is critical. If you have no interest in learning to progeam, I would recommend more of a management track.
As for certs, the comptia certs are a great starting place for anyone in IT.
When people tell me they are unsure of what they want to do or what they are interested in, I send them to dice.com or indeed.com and tell them to just look around until they start finding something that sounds interesting or exciting.