IT Certification for non-IT background: Advice Needed

kadekade Registered Users Posts: 1 ■□□□□□□□□□
Hi guys,

I have been following this site for quite some time now. Thanks for all the useful advice. By way of background, I am a technology lawyer (based outside the US) and want to get my IT skills certified. I'm quite comfortable with technology and - having done some coding before college - I want a certification that will make me stand out in the legal community and show that I have an above average appreciation for tech. I am looking to certify not to just for the tag but also pick up/enhance my knowledge in the area by taking a course. I know there are some more legal-centric courses in the area (like by the IAPP) but I want to pick-up IT cert which will partly be out of interest (and passion for the area) and showcasing IT appreciation to potential and current clients.

Some of the skills I particularly want to pick up / get certified in:
- Cyber Security - Types of attacks, incident response, incident response planning and mitigation.
- General Information Security principles/fundamentals - theory + enough practical insights.
(I do have existing knowledge in the area so it wouldn't be too hard to study for an exam)

In light, I've specifically looked at CompTIA+, CEH and some of the ISACA courses (cybersecurity nexus). Any advice on what would be the right balance for me? Looking for something which isn't too expensive or time-consuming but, at the same time, can help me stand out. As I am not looking to move into IT as a career, I wouldn't mind certs which focus on theory / policy with some scope for practice-based learning as well. As important as the cert would be the learning potential of the course itself.



  • TheFORCETheFORCE Senior Member Member Posts: 2,298 ■■■■■■■■□□
    Look for ITIL, CMMI or Lean Six Sigma. Most of the certifications require at least 2 years to qualify. You would be better off taking some that do not expire or do not require actual work experience. You can always study for them though, thats a different story, if the knowledge itself interested you then you can look the materials for Security+, CISA, CISM CISSP etc. Also many of the certificates require maintenance fees and Continuing Professional Education (CPE) credits otherwise your certifications expire. I'm not saying it's not possible, but it is hard to maintain them if you don't change careers.
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    If you can afford it, I'd go for SANS. Security+ is a good entry-level cert but I wouldn't use it as a standard for other lawyers to show you're well versed in technology. CISA, CISM are both oriented to a different target audience and have experience requirements that you may not meet. CISSP is a good choice, but it also has experience requirements you may not meet. If it's in the budget, SANS has the recognition and no "hard" requirements that might be a step up from CompTIA. I'd avoid EC-Council since as an attorney you basically have a doctorate degree in reading and writing and EC-Council's materials will drive you crazy with their improper grammar.
  • powerfoolpowerfool Senior Member Member Posts: 1,649 ■■■■■■■■□□
    I would second the CISSP, but I am more positive that you can meet the experience requirements if you have been practice technology law for at least 5 years. If not, you can always pass the exam and you become an "Associate of (ISC)2" until you get your experience requirements. Keep in mind that their experience requirements are within the domains of knowledge that they test, and of lot of that can certainly be covered in "soft" experience (think policy).
    AZ-204 [ ] AZ-400 [X] AZ-500
    2020 Goals: Azure Developer Associate, Azure DevOps Expert, Azure Security Associate
  • OctalDumpOctalDump Member Posts: 1,722
    Are you interested in technical nitty gritty, or softer policy/procedure type stuff?

    Security+ is a good broad Info Sec overview. Depending on how fast you read and understand, you could prepare for it in a couple of weekends. It's entry level, so wouldn't

    CEH could be worthwhile in getting a basic understanding of attack types, vulnerabilities etc. It's not particularly prestigious within its field, though, but is does have some prestige outside its field. Without background experience (which you might or might not have), you'd need to do their course which isn't too bad as far as courses go and generally runs over 5 days full time, or an equivalent part time.

    CASP has a broad practical overview, but is aimed a bit more at those making the transition from technical hands on to middle management. It assumes some background knowledge. It doesn't have a lot of visibility outside of US government and DOD.

    SSCP is similar to the CASP, but offered by ISC2. It has a more practical bent, and an experience requirement. It's commonly used as a stepping stone to the CISSP

    CISSP is higher level approach again, best practices, frameworks, policy, procedural things and much less technical nitty gritty. It's the default Info Sec qualification for mid career types, based on its 5 year experience requirement and more abstract bent.

    CISSP Concentrations are sort of add ons to CISSP, where you go in depth in a particular area. They are mostly aimed at strategic level things like solutions engineering, management, architecture.

    There's also all the ISACA courses, looking at management, audit, risk management. Their CSX (nexus) range parallels roughly the offerings of others.

    GIAC offers the GSEC as an entry level qualification. The downside of GIAC is that it generally expensive. GIAC probably offers the most comprehensive range of Info Sec qualifications, particularly in the hands on area. I often recommend their menu of certifications as a way of getting a feel for the various specialities available now in Info Sec.

    Outside of these broader, generalist, certifications you have the specialisms offered by GIAC, EC-Council and vendors. Possibly certifications in Forensics, Incident Handling and Penetration Testing are areas you might be interested in.
    2017 Goals - Something Cisco, Something Linux, Agile PM
Sign In or Register to comment.