The next step?

Hello,

I have a couple of certifications under my belt but, I am not sure what to get now. My certs are: Comptia A+, Net+, & Sec+ Testout PC Pro(Preps for A+) & Network Pro(Preps for Net+). I guess another thing worth mentioning is that I have a year and half of computer repair experience with a small company. My goal is to become a Security Consultant(Risk management and assessment)(I am guessing this includes some pentesting, security posture assessment, etc) one of these days after college. The question I have is what certs should i be aiming for next? I know my end game certs include CISSP and OSCP(not sure about this one) but, I don't know what ones to get to fill the gap. Vendor neutral certs would be good for this situation.

Any insight or suggestions would greatly be appreciated.

Thanks,

Rob Tracy

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

NetworkNewb

Anyone of these sound like they could help as a next step: CASP, SSCP, eJPT, CEH, GSEC

636-555-3226

If your employer can afford GIAC then go for the GSEC. Otherwise CASP. Once you've got either of those hit us up again for the next step.

And start networking. If you have a local ISACA or ISC2 chapter, or other security-minded group that you find on LinkedIn, join their meet-ups and network with the people. It's a lot easier for someone to hire a friend than a stranger off the street. And it's good to have references lined up, too, in case needed.

RobTracy

I unfortunately with have to leave my employer to become a full time college student so, GSEC is not an option. CASP looks pretty good after going over the outline and comparing it to SSCP. SSCP seems like its sec+ but, with a little more depth. I am concerned that the outline for CASP was published in 2011 and was wondering when Comptia will update the cert?

RobTracy

RobTracy wrote: »

I unfortunately with have to leave my employer to become a full time college student so, GSEC is not an option. CASP looks pretty good after going over the outline and comparing it to SSCP. SSCP seems like its sec+ but, with a little more depth. I am concerned that the outline for CASP was published in 2011 and was wondering when Comptia will update the cert?

Ignore that last part it seems Comptia recently updated CASP last year

RobTracy

Another question. Comptia recommends that people looking into the CASP cert should have atleast 5 years of hands on security experience should I be worried about this requirement and come back to this cert after a couple of years? If so, I am thinking that SSCP is my other option.

beads

@RobTracy;

SSCP would be more marketable and realistic for the time being. Security is much more hands on than just a mid to senior level security certification though many if not too many try this approach and... well it doesn't end well. ISC(2) instituted the five years of experience requirement for a reason and again it shows when people try to jump into security without the background in IT first. Its not about passing the exam its knowing all the background of everything from real world business analysis to administration to systems design and a dozen or so other on the job training skills. Basically, knowledge that is hard won rather than regurgitated from a book.

Check out CRISC on the risk management side but the industry doesn't really have a good comprehensive course or exam specifically aimed at IT/Operational security. Most of what we have is frankly - junk. IT Risk is based on both financial engineering and risk as well as IACPA audit rules, hence the emphasis on financial controls versus human behavioral controls, which is most of what we are trying to accomplish.

Sounds like a good cross-over study.

- b/eads

NetworkNewb

If you got $50 to blow could try out this test: https://certification.comptia.org/certifications/cybersecurity-analyst

No info on the exam, so would be going in blind though

Slyth

If you can go through the OSCP syllabus and know a little about each section as well as decent networking and Linux knowledge + have time to put in i would go with OSCP next. OSWP if you want to get your feet wet from OffSec's type of training. CEH is a good HR filter and gives your a bit more on the ethical hacking side than Sec+. Depending on your networking experience you may want to take a look at CCNA. Personally my weakness is networking so CCNA/OSWP are next on my list. Id go with CISSP once you have the experience, as Beads said it tends to not end well without the experience.

RobTracy

@beads

I am not necessary trying to leap and bound through ranks in Security(My bad if I came off that way). Don't worry I have seen people score much better then me on IT & Security exams yet, they don't do very good when it comes to hands-on knowledge compared to me. My current job has taught me much more then, watching an teacher for half an hour and taking a test. The problem is that I want to hit the ground running but, my experience requirements are getting in my way. After college I don't want wait and try to catch up on certs someone my age already has. My goal is to walk into job interview slam my resume on the table and say "When do I start?"

.

Back on topic SSCP now does look more realistic and I will start studying for it soon. The CRISC cert looks interesting for management. I will have to do some more research about it.

@NetworkNewb

Will have to look into that Comptia cert also. The cert sounds like a less intense mini OSCP which, could end up being a fun test to take.