Options
Advice needed to chose career wisely
avidgolfer
Registered Users Posts: 4 ■□□□□□□□□□
in SSCP
Hi Expects,
I'm a Software Developer and a CS graduate with good understanding of security principles.
Currently, I'm developing Identity and Access Management (IAM) applications and have been working 8 years in the same space.
Being a Software Developer in security domain (IdM/ IAM domain) for 8 years, I am looking for a lead position in my next company, where I would like to architect the security software designs with less involvement in coding and manage the projects. Eventually, looking for a InfoSec Manager roles in future.
To simply put, I am a Software Developer (current) -> want to become a Lead Developer (short-term goal) -> want to become a InfoSec Manager (long-term goal)
I'm thinking of by taking the SSCP, CSSLP and CISSP exams gives some edge along with the existing experiences to achieve my short and term goals.
Do you think that by taking these certifications helps me to actualize my goals?
Thanks
I'm a Software Developer and a CS graduate with good understanding of security principles.
Currently, I'm developing Identity and Access Management (IAM) applications and have been working 8 years in the same space.
Being a Software Developer in security domain (IdM/ IAM domain) for 8 years, I am looking for a lead position in my next company, where I would like to architect the security software designs with less involvement in coding and manage the projects. Eventually, looking for a InfoSec Manager roles in future.
To simply put, I am a Software Developer (current) -> want to become a Lead Developer (short-term goal) -> want to become a InfoSec Manager (long-term goal)
I'm thinking of by taking the SSCP, CSSLP and CISSP exams gives some edge along with the existing experiences to achieve my short and term goals.
Do you think that by taking these certifications helps me to actualize my goals?
Thanks
Comments
-
Optionscbkihong
Member Posts: 52 ■□□□□□□□□□
I guess we are the kind of minority here. I earned my CISSP last August, and have always considered myself primarily a software/web developer with an emphasis on SDLC security, with some kind of sysadmin background. Glad you raised this - it's what I am interested in knowing too. I hope there may be some other useful pointers from others.
For now I'll tell you what I think though.
When I started I didn't quite care about whether CISSP might actually help with my career path. Having some hands-on knowledge in some of the security-related domains, I have come to know of other domains for which I have zero knowledge, such as asset security and GRC. I see the value of the CISSP curriculum being one is taught to look at security from a higher-level, architectural approach, rather than focus on implementing individual controls. This comprehensive view allows one to better evaluate the security posture and hence design or maintain systems with better security. In other words, it is this knowledge that ties all the nuts and bolts together.
That's how I started my journey as CISSP. Considered CSSLP, but it is not popular here and did not offer as comprehensive a view compared with CISSP, though I think it covers some useful details that are somehow missing from CISSP. So while as CISSP I would like to spend some time to peruse the materials for SSCP/CSSLP, but not pursuing them (since I can't really cope with more CPEs).
Whether getting certified will directly lead you to your goals is hard to say, especially I think for our kind of background (software dev-oriented), these certs may not be considered the most relevant unless you get to connect with a company which truly understands its value. But definitely the knowledge is important. Had all IT workers have these knowledge, the Internet would have been MUCH more safer today.
So if you ask me, I will say go for it. -
OptionsTechGuru80
Member Posts: 1,539 ■■■■■■□□□□
Those certifications seem like a good choice. Maybe a networking certification like Network+ to get some of that basic knowledge.