CISSP complete, now what?

Hello all. Longtime lurker but infrequent poster. I've recently been looking for the next step in my certification track/career. Quick summary of where I sit below for context.

My Experience:

3 years Domain/Network Admin in the Navy
1 year Network Support at a public university
2 years Info Sys Admin at defense contractor (Network, Information Assurance duties)
2 years Security Analyst at public SaaS provider

My Education:

Bachelor in Math

My Certs:

CompTIA Network+
CompTIA Security+
CCNA
CISSP
GBA1, GBA2, GBA3, RPA1 (non-IT related, industry specific for current role for pay bump)

My Cert Path:

RPA2, RPA4, CMS1, CMS2 (non-IT related, industry specific for current role for pay bump)
... I have no idea. Halp!

.
I enjoy my current position, I just have no idea how to progress from here other than jumping on projects and completing them. One of the tenants that I've based my professional advancement on was having the initiative to go out and do career related things that would make me comparably more qualified than my current position. I feel like CISSP was a good step in that direction because it is both a management cert and considered to be at least an intermediate professional cert in the field.

Based on what I've seen in this and other companies, there are basically two tracks at this point.

Manager -> Director -> CIO/CISO/CTO etc.
Senior Analyst -> Technical role (Security Architect?) -> TBD?

With that in mind I was looking for certificates or possibly education that would help me in (hopefully) both tracks and/or which next steps would provide me with the best advancement opportunity for one track.

General ideas:

Management Track
- CISSP (already achieved)
- MBA
- Masters in InfoSec, IT, CS, etc.
Technical Track
- CCNA:Security
- I have no idea.

Any inputs are, of course, desired and appreciated.

Find more posts tagged with

Comments

f0rgiv3n

What do you enjoy? What do you want to be doing every day that makes your life feel fulfilled?

If you like the network security technical side then adding that CCNA: Security would definitely help add a little more "oomph" to your technical knowledge.

The other technical side would be pentesting, application security, etc... Any of those sound like what you want? OCSP(offensive certified security professional) would be something to look at.

Does your employer pay for continuing ed/training? If so, SANS does lots of training courses and they have certs as well that are industry respected. I ask if they pay because they are NOT cheap

The MBA might help get yourself towards the management side for sure. Do you want to be the one knowing the ins and outs of the technology or do you want to manage the individuals that do?

successrealm

Exactly, what do you enjoy? Tech or Mgmt. Whatever you choose, it will take you down a path.

If it was me, I would pursue MGMT. I say that because *I* am not a nerdy kind of guy, and I believe in not spending the rest of my life being a "doer". I took the tech path for awhile, and eventually got tired of Directors and Mgmt being the one's who weren't in the network closet, et cetera.
I was...

Just my opinion, but I don't want to be the guy who is DOING the work, DOING the programming, DOING the packet analysis, et cetera. YMMV.
Some enjoy that, and feel they want to know the nuts and bolts of why this or that happens. I know a few guys who are hell bent on knowing all there is to know about sub-netting, and networking, and can spit out random facts about the IT world. Hey, have fun with that.

The people I see RUNNING the show....know what they "need" to know, and leave that kind of "thinking" to the DOER'S.

So ask yourself now, what path is comfortable for YOU.

*As a side note, I see you were a Domain/Network Admin in the US Navy? I was an IT2(AW) -Information Systems (Formerly Radioman/RM2).

break

f0rgiv3n wrote: »

What do you enjoy? What do you want to be doing every day that makes your life feel fulfilled?

If you like the network security technical side then adding that CCNA: Security would definitely help add a little more "oomph" to your technical knowledge.

The other technical side would be pentesting, application security, etc... Any of those sound like what you want? OCSP(offensive certified security professional) would be something to look at.

Does your employer pay for continuing ed/training? If so, SANS does lots of training courses and they have certs as well that are industry respected. I ask if they pay because they are NOT cheap

The MBA might help get yourself towards the management side for sure. Do you want to be the one knowing the ins and outs of the technology or do you want to manage the individuals that do?

I assume you mean OSCP?

I have Kali installed and have signed up for the CBK for pen testing so that may be a reasonable short term goal.

Exactly, what do you enjoy? Tech or Mgmt. Whatever you choose, it will take you down a path.

If it was me, I would pursue MGMT. I say that because *I* am not a nerdy kind of guy, and I believe in not spending the rest of my life being a "doer". I took the tech path for awhile, and eventually got tired of Directors and Mgmt being the one's who weren't in the network closet, et cetera.
I was...

Just my opinion, but I don't want to be the guy who is DOING the work, DOING the programming, DOING the packet analysis, et cetera. YMMV.
Some enjoy that, and feel they want to know the nuts and bolts of why this or that happens. I know a few guys who are hell bent on knowing all there is to know about sub-netting, and networking, and can spit out random facts about the IT world. Hey, have fun with that.
The people I see RUNNING the show....know what they "need" to know, and leave that kind of "thinking" to the DOER'S.

So ask yourself now, what path is comfortable for YOU.

*As a side note, I see you were a Domain/Network Admin in the US Navy? I was an IT2(AW) -Information Systems (Formerly Radioman/RM2).

IT2(SW)

aftereffector

If you enjoy the technical side of security, I would definitely recommend picking up some additional certifications in whatever technical specialty most interests you - for instance, you already have the CCNA R/S, so you could follow that up with CCNA Security and perhaps CCNP if you want to get very good at securing networks. Alternatively, check out Microsoft's MCSA if you want to secure Windows domains, RHCSA for Red Hat, VMware for virtual environments, et cetera - or all of the above! I am more on the management track, but it has already really helped me to have CCNA and CCNA:Security, as well as a basic Microsoft Server 2008 R2 cert (the 70-642). It's hard to write security policy and audit settings without knowing how to implement the policies and settings. That's why, even though I am planning on going for another management cert such as ISACA's CISM or CISA or a CISSP specialization next year, I am focusing on Linux, Windows, and VoIP for now.

There is a third option, though: offensive security (pen testing). If that interests you, the much-maligned CEH is at least a good introduction to the concept, and I have heard nothing but good things about OSCP. f0rgiv3n already covered that side

NetworkNewb

There is also the GIAC certifications you could look at if you have the money or if you employer would pay for it (not cheap)

Here is the list of their certifications: The GIAC Security Certification Roadmap