Vendor neutral or Vendor specfic for IT Security

[Deleted User][Deleted User] Posts: 0 ■■□□□□□□□□
So this is probably a common question but let me elaborate more. I'm currently starting my career and have 1 year of full time work experience and I work in an SOC. I like security a lot but I'm not really getting into "security" based tasks @ my job so it's kinda a struggle to use some of my knowledge with my current position as it is more operations based. With that said, I know I want to continue a career path in IT Security and I have a list of certifications I plan on pursuing but my main question is for IT Security, is it better to be vendor neutral or vendor specific when it comes to certifications? From what I am seeing, being vendor neutral is more important as security covers not just a specific vendor in general and I feel that limiting my knowledge to 1 vendor will limit my career growth and opportunities. Being out of school for 1 year, I've been able to learn a lot more about IT then just a school understanding. Any suggestions?


  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    For IT security step 1. remove the CEH avatar. icon_lol.gif

    In all seriousness, vendor neutral is better for security, and the majority of security certifications I see are vendor neutral. The only vendor specific one I can think of is CCNA Security. The catch is that in order to properly secure something you need to understand how it's supposed to work. This ends up with employers requiring lower level certs in a LOT of technologies (Linux+, MCSA, CCENT, etc.) and many certs in security (Sec+, CEH, GPEN, CISSP). Think of anything in IT like a T shape. You want a basic understanding of a lot, and a deep understanding of one area.
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    BlackBeret wrote: »
    For IT security step 1. remove the CEH avatar. icon_lol.gif

    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • chrisonechrisone Senior Member Member Posts: 2,232 ■■■■■■■■■□
    BlackBeret wrote: »
    For IT security step 1. remove the CEH avatar. icon_lol.gif

    Remind me not to invite this guy to any parties lol jk

    As for certifications BlackBeret did recommend some high profiled ones. At the end of the day you will need both neutral and brand specific. That is the fate of all IT genres.

    Oh and to the OP. I noticed you had the following in your signature:
    2016: Linux+
    2017: CCNA Security
    2018: CISSP

    Unless you live a very hectic/chaotic/busy life then i agree. No way you should wait that long to complete these certs. You should have all this done by Mid 2017. You start Linux+ NOW July and be done by Nov-December (4-5 months). Start CCNA Security Dec-Jan finish by march-april (4-5months). Start CISSP by March-April finish by August-Sep (6-7months)

    All done before 2017 using a conservative timeline. Some people here will look at what I laid out and say this can be done in a shorter amount of time using 3 months per exam. They are correct and it is all up to you how hard and dicipline you will work on each cert.

    No disrespect it just looks like maybe you can do these exams if you dedicate more time. Like I said I don't know you or your schedule but its just friendly motivational advice.
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2022 Goals: Taking most of the year off.
    Certs: EnCE, eCPTXv2
    Course: BC Security - Empire Operations 1, Zero Point Security - CRTO, Zero Point Security - C2 Development in C#
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    BlackBeret wrote: »
    For IT security step 1. remove the CEH avatar. icon_lol.gif


    To answer the TS question, both. Vendor-neutral are often too broad and cover open technology, such as how TLS or PKI work. But this tech is usually implemented by specific vendors and you'd better be capable of operating vendor's solution as well.
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    I believe the true heart of an IT Security professional and many other professions is be good at a few things but master a path and walk it. IT Security is becoming a more defined career right as we speak so it is a good time to be a master of something. Some people are Linux masters, others packet analysis, some prefer network security, Pentesting... get my drift? There are a lot of options but if you stick to generalities you will get that. Become marketable in one area that really helps.

    Also if you want new opportunities get the certs that get people calling you. I know that may cause an uproar but its true. I got my CISSP and that gets me calls but what I know is what keeps me growing.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • [Deleted User][Deleted User] Posts: 0 ■■□□□□□□□□
    Thank you everyone for your feekback! :) BlackBeret, I will remove the C|EH avatar once I get my CCNA Security I think that will look better icon_wink.gif

    @chrisone the reason why I have these certs split up like this is not because of the timeframe, it is because of finances. I just got out of college 1 year ago and have some "things" to pay back! Plus with life expenses, it's not easy to afford these exams! I also have prep material for the Server+ and CWNA certifications including vouchers I have yet to put on my TE goals so I am plenty motivated! :) Just had to prepay all of these vouchers and prep materials for the exam before my rent and other life expenses increase and when I have to same money by not going anywhere, that is when I will get my studying done for these certs! :) Thanks for the advice! Enjoy the 4th!
Sign In or Register to comment.