Next Certification Crossroads

TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
Hello all...

Basically I am in a somewhat weird spot where the decision isn't extremely clearcut like it was for previous certifications. So far I have Associate of (ISC)2, C|EH, CCNA:R&S, CCNA:Security, CCENT, Security+, and Network+...but now I am trying to think about what direction I want to go and would appreciate some opinions (especially from those who were in similar situations). Also, I already have a Masters.

Long term I am looking at Management but I am still relatively early in my career (~3 years). I have put some thoughts below on various certifications.

CISM -- obviously is management geared, but you have to acquire the 3 years of management experience within a 5 year window...seems risky to invest the time and then potentially not get there and have to retest.

CISA -- geared more towards my current job but I would either have to test in December or spend money on travel to test in September. The period if I wait seems like a waste to be waiting that long. Also the material is quite dry.

MCSA -- A possibility and since I already have a lab setup wouldn't be that bad. I am not sure if it really holds much value, which would force me to continue to the MCSE. The process I estimate taking near or over a year for all 5 exams.

CCNP or CCNP:Security -- Similar to Microsoft, I already have a pretty built up lab and could fill in the gaps or get online training from Cisco. Time wise these would be similar to the MCSE for each one.

OSCP -- I have already went through the course previously but got sidetracked with stuff towards the middle/ I am not really sure that I want to be a pentester, although cool, my end goal is management.

GSEC -- obviously GIAC certifications are good and the SANS training courses are good. I presume that technically I am on the higher end of this certification but ultimately I would want to try and get to the GSE so GSEC is required. The problem is I would be paying out of pocket.

GCCC -- like the CISA this goes with my current job but I am not sure of the value.

Definitely curious what thoughts are. Preferably I would like my choice to be something I can take with me (videos, or simulator) in case I have to travel for work.


  • ChinookChinook Member Posts: 206
    -Scripting skills: Do you have any? You can never go wrong learning PowerShell, Python, C++, Javascript.........

    Otherwise, I would focus on management based certifications if that's your end goal. You might want to look at Incident Response based certification & maybe even some Project orientated certifications. As for management certifications being dry, well welcome to your future career icon_wink.gif. On the bright side you'll be paid well & likely never unemployed. You also appear to like CISCO so the CCNP Security makes sense. And I'd add the CCNP Wireless makes sense too. Wireless is an attack vector & it's absolutely amazing what you can do with large wireless systems. Airports, theme parks, etc use their wireless system to monitor where people are as a form of big data. I've even heard of stories where criminals have been caught because their smart phones expose where they are & where they've been.

    Otherwise certifications/learning in any product are going to be beneficial. My mentor taught me that a security manager is really just a generalist with security skills. The more you know, the better you understand how things work. If you're looking to work in management I'm guessing you'll work for a larger corporation. Educate yourself on the "standards" for a large corporate network (CISCO, MS, VMware).
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    I know the last couple IT managers I've had came from a Networking background, which makes me think CCNP. But you could also throw in ITIL for management.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Out of that list you provided if you're looking to focus on management I'd suggest OSCP > CISA > CISM.

    OSCP to really drive home the security need and knowledge when your future network/server team challenges you on "that isn't possible" or "that's too much work for little benefit"

    CISA to give you the broad knowledge of digging into systems as well as introducing the CISM topics

    CISM follows.

    After CISM I'd suggest CRISC since at the end of the day everything we do in infosec is managing risk.
Sign In or Register to comment.