Career Advancement with CompTia Certifications? Time is a factor

Would like some input on job changes or career advancement with acquiring CompTia certs. Do any of you feel since these are vendor neutral and generic in nature will help someone looking to make a job role or career change in particular if you already work in IT. Have some experience but wanting to advance to an area related to but several steps "knowledge" wise over what I currently do.
Current Job: Client Access Mgmnt(Security related job title) for a IT company that is transitioning to new ownership and possible new areas will be opening up due to the scope of rebuilding the business.

Future Job Interest: Threat Analysis, Systems Security Analyst etc etc type titles

Appreciate any input as i am currently studying for CompTia Sec+ but don't want to waste valuable time if this may not serve me well in where i want to go???

~Ken

Find more posts tagged with

Comments

N2IT

Ken - Not a security guy but I would consider the CISSP.

Just curious do you have 5 years of access control? Is that enough to sit and obtain the CISSP?

SephStorm

Despite what people say, not having the CISSP will not cripple your career, and IMM could limit it.

Your interest is defensive, you need defensive security certs paired with offensive security certs. CEH, OSCP, paired with GCIA would be a good combination.

happyend98

Thanks N2IT...my job role falls under Security Administration. Actually was with the help desk for there for just over a year and have been with the access control team just over 3 years now. I guess I would qualify for the SSCP but not the CISSP at this time. I keep getting told CISSP is overrated for what type of advancement I want due to it being more administrative security from management side etc? Not sure though.
Appreciate your time and reply!

N2IT

I'd listen to Seph, they are in security lol. I'm a data monkey, I work with databases, reports, automation, programming etc.

BUT....... I have several friends in security, as analyst etc and they have the CISSP usually, except for one guy I know. He has nothing but he's just like that, he doesn't care enough.

One thing I wouldn't do is go cert crazy you don't need a ton of certs to move up and be successful in any position. Usually one well placed one is better than a conglomerate of nonsense.

happyend98

Hello SephStorm...yea I was kind of under the impression the CISSP looks good on a resume' if you have it along with others. The whole inch deep mile wide analogy. I know it wouldn't hurt to have it obviously but for time and financial reasons I need to be a little more focused and narrow my tunnel or path to what I wanna do. Then there is the argument CEH or OSCP? Not sure if those come down to preference. I know OSCP. The GCIA makes alot of sense for what I am trying to achieve but gosh those are expensive certs. And ultimate is not sure I am confident and at that level of knowledge. Can't afford to fail any of these and re-try re-try. Thank you for the input, I am still just so uncertain if I need to just bite the bullet and start with Sec+???

happyend98

LOL N2IT....I have a coworker who is very data oriented. Neat how everyone can have such varied interests and work in the same basic field of work. Yea CISSP is the big "do you or don't you" cert i think. Appreciate ya

beads

@happyend98;

The career demand has been for senior level techs with the CISSP. Just ask the 4 recent security degree'd grads from a predominate big name school my team just hired. All four will tell you they are delighted to have found jobs at all - most of their classmates, have not. That's with those cute little security degrees on their walls. The rest are looking for retail opportunities from what I gather.

So, no it isn't that you have to have the mid career cert thing with less than optimal experience and suddenly walk in the door with a six figure paycheck waiting for you after two weeks. Its the years of training and experience to back it up. The market is reaching saturation and tolerance is going down from what I am hearing from recruiters who do contact me these days. When I get questions like how long have you REALLY been doing security I can tell the waters are cooling bit.

Get the SSCP and wade into the security waters and decide if its really what you want to do. Security is a fascinating but extremely demanding field requiring much more studying and training to keep up than anything else in IT or business or even medicine for that matter. Where you really make your reputation and thus your money is in currency of your knowledge. That is how up to date and how quickly can you adapt on a daily if not hourly basis.

Sorry to disappoint so many but the above is the reality of the market.

Good luck!

- b/eads

happyend98

Beads...very informative and brutally honest assessment. I hear that echoed from our VP of Information Technology on his weekly calls. That's the indecisiveness I have from over-reading articles and books and sites and letting that get inside my head. I guess the reality is I am under-qualified knowledge/experience wise with a great desire to learn this field but again in my late 40's and time is generally not your friend in the world of IT. Only possible advantage I have is having a foot in the door with a relevant IT company that theoretically could provide opportunities!
So SSCP over Sec+???

Appreciate you much
~Ken

SephStorm

I will be completely honest, I have gotten numerous offers without the CISSP, but I have also posted online and the only reply was someone asking me if i had the CISSP. Literally, no experience questions, no knowledge questions, "Do you have your CISSP?"

It will likely benefit you, long term, and likely short term. I just don't see myself getting it unless 100k depended on it. And honestly, if I get the GSE and people still don't want to go that range, I don't know what i'll do.

eSenpai

happyend98 wrote: »

Future Job Interest: Threat Analysis, Systems Security Analyst etc etc type titles

~Ken

*incoming wall of text*

For some reason, I am feeling more negative vibes than positive vibes in this thread and that is a shame. As an industry, security remains short on experienced people AND knowledgeable people despite what some here have said. Does that mean the job market will remain white hot?? Or course not but no job market does. One day we will even have too many "programmers" or at least people who attended programming boot camp and now call themselves programmers.

My two cents based on very little information about what you do now:
Your current title is: "Client Access Mgmnt". Based on your own words, this is a, "Security related job title". You did not say security. You said security related. This to me means that you still need the fundamental knowledge that the Security+ can bring so if you are currently studying for it then I encourage you to finish it out as it is an excellent foundational program. I personally have no idea how the SSCP compares to the Security+ so I can't comment on which of those two programs is better. I simply know that Security+ is mandatory, and will be, mandatory for any future Network, Security, Sys admin teams I personally happen to be privileged enough to run. For best in class: If you have the money or your company is funding it then you simply can't go wrong with the SANS material as it is considered by almost everyone to be best in breed of security training and you will indeed pay for that reputation.

Based on what you want as a future in security, then I agree that the CISSP is not necessary to those job duties and what you want is the SANS line from a technical perspective: as it relates to threat analysis knowledge. You can't assess something which you know little about technically.(My monthly shot at the CEH: I just don't think the CEH gets you remotely close to being able to assess this either). For my money, people who enter security without a technical background in networking, operating systems, and hardware are at a fundamental disadvantage in trying to do the job of cyber security. If I had to champion a proper path to security then it would be: well rounded network or systems administrator FIRST before ever moving into security. Neither the degree nor most certs gets you the actual fundamental hands-on understanding necessary to properly evaluate what your attacker is doing or attempting to do. Caveats of course being the OSCP and SANS progression.

HOWEVER....the CISSP, like many certifications, is germane to opening doors for you and that is the point. You have to get to the interview in order to be able to prove you can do the job. Some here have an extraordinary depth and breadth to their careers such that they don't need that particular type of door opener but you, like many others, will need them until you also get to the experience level where certifications are meaningless. I struggle when very experienced people discount the effect of certifications on opening doors & keeping people abreast of the field; sometimes I wonder if that is not simply a knee jerk reaction to the flood of people invading their territory. These very experienced people can't do all the work that is available in security so we need fresh faces with their shiny new security degrees and security certs to mentor. My advice is to almost always get the certification you qualify for because that gets you in front of the interviewer(or at the very least shows that you are actively attempting to manage your career future). This won't change until the silliness in corporate hiring changes. When HR people are fighting about certifications in their own fields then you know things have gotten completely out of hand.

happyend98

@SephStorm....Thanks for taking the time to follow up with more input. I can't disagree at all with what you said in that post. I will file that away as an avenue to think about.

~Ken

happyend98

eSenpai very interesting "wall of text" LOL. Appreciate the time and thoughts. I guess there has to be some sense of reality and encouragement as well in relation to peoples hopes in getting knowledge and experience and so on in the world of IT.
I think the most profound words that I keyed in on that you said were that you believed I still need the fundamental knowledge the Security+ can bring. There actually is alot of truth in that. And in a perfect world for me at least had I started earlier in this field being a "well rounded" network or systems admin would have probably been something I would have done career path wise. I however am limited with good quality years in this kind of work and need to throw all my coins in the fountain and shoot for the stars by attempting the particulars of area of choice. I have already given strong effort to learning and doing all i can to gain knowledge in the fringe areas that surround IT Security jobs. I am brushing up on as much as i can network, OS and software/hardware.
I would love to go the SANS route and if I can convince my company to assist in paying I most definitely will. I guess I mainly am just posting here to get the best and worst advice I can and trying to evaluate it in where it relates to me and where I am at. Let's face it I am a beginner getting a late start. But there have been far more career obstacle hurdles for people who have succeeded in things much more difficult than what I am trying to attain and that keeps the hope alive it's worth a shot???? So maybe maybe not.
Some very interesting paragraphs you laid down and I thank you for the time you gave to offer your thoughts to me.

~Ken

eSenpai

I sincerely hope that I did not discourage you in any way as that was not my intent. Security is a worthwhile field and we need more people moving into it. I think what you here from a lot of old timers is that if we had a preference then we would prefer X over Y but don't let that be an impedance. Rather take it as something to be cognizant of in an interview. Knowing your own shortcomings and being willing to work on them is extremely valuable in an employee or mentee. I also don't think you will lose any time by going with either the SSCP or Security+ since they will expose you to a lot of things that will stick with you the rest of your career.

Best of luck!