Certification and highest paid salaries

ajmagicajmagic Registered Users Posts: 5 ■□□□□□□□□□
Hi there what field is more lucrative salary wise for an information security career. I am doing a master in Info sec and this is a question which will help me decide the modules I want to take. I do like the idea of pen testing and contract jobs seem to pay 500 upwards but what other fields in infosec pay more and what professional qualifications should I take after my Msc? I have 15 years in Desktop and network support experience but I am now taking a year out to move into Info Sec. Thanks




Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Money is always good but don't let that blind you. Besides, there's extremely well paid peeps in every single Infosec field including blue/red team, GRC, sales, consulting, exec, etc. Find your passion and follow it.
  • ajmagicajmagic Registered Users Posts: 5 ■□□□□□□□□□
    Thanks for the reply but what certifications do you suggest after my MSc apart from the CEH and CISSP. Thanks
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Certs that look good on the resume are CEH & CISSP. CISM looks good for management, CISA looks good if you want to be an auditor. those are the only certs that will help your resume.

    learning wise, EC-Council is rubbish. CISSP won't teach you much. ISACA is good for general bean-counters knowledge. SANS is good for technical real-world skillsets.
  • broli720broli720 Member Posts: 394 ■■■■□□□□□□
    And certifications won't net you the high salary. To be honest, only the value you add will. As @cyberguypr said, follow your passion and find where you can add the most value. The money will come soon after.
  • OctalDumpOctalDump Member Posts: 1,722
    Probably start with CISSP, you likely meet the experience requirements if you have 15 years in desktop and network. GIAC are good, although pricey, and are starting to get asked for more.

    OSCP is worthwhile, maybe starting with eLearnSecurity's Junior PenTester to ease into. But if Pen Testing is your thing, then Capture The Flag events are more likely to be worth putting on resumes, and have more potential for networking.

    If you want excellent money, then find a niche and get really good. The downside is that you might find that there are only a handful of places you can work.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    CISSP won't teach you much.
    Sigh...99.99% of people don't touch all 10 domains either in their current job or their career so I would argue that statement...and if you don't learn anything you either wrote the CBK or you did it wrong.

    Google best paying IT security certifications...basically CISSP / CISM / CISA are the top management certifications and have experience requirements, GIAC / CISCO / OSCP are the top practical certifications, and Security+ / CEH would be the beginner theoretical certifications.
  • ajmagicajmagic Registered Users Posts: 5 ■□□□□□□□□□
    Thanks mate what about ISO 27001?
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    TechGuru80 wrote: »
    Sigh...99.99% of people don't touch all 10 domains either in their current job or their career so I would argue that statement...and if you don't learn anything you either wrote the CBK or you did it wrong.

    Not to thread jack, but I don't know a single person who's taken the CISSP who said they learned valuable, real-life takeaways they could immediately integrate into their environment. The general consensus (in my experience) is that the CISSP is the mile-wide, inch deep check to see if you've got knowledge regarding the concepts surrounding infosec. General knowledge about how public keys work isn't the same as me sitting down at my desk and implementing or protecting PKI. I don't mean to say you don't learn much studying for the CISSP (it's a mile wide, after all), but it's all conceptual based.
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    Security salary for 2017 is not number 1. Its dropped to second place and likely to drop moreso.
    IT salaries increase across 12 tech job categories | Network World

    Classic red flags when it comes to salary and compensation:
    Cybersecurity salary inflation

    Folks if you've been in the field long enough you will see the pendulum swing both ways and when it swings back its never pleasant. This will be my third market correction in my career. Personally, I think John Oltsik is being a over confident in his assessment if not willing to make the same exact mistakes the IT industry made in the lead up to Y2K.

    Before that happens though, enjoy the ride.

    - b/eads
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    The general consensus (in my experience)

    Just curious what your experience is with infosec, or do you just make conclusions by general consensus? I ask politely as I only see you have an A+ certification.

    Thanks
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    Not to thread jack, but I don't know a single person who's taken the CISSP who said they learned valuable, real-life takeaways they could immediately integrate into their environment.

    Hi, I'm BlackBeret and I learned a TON of stuff from the CISSP. All of my experience has been in network security, physical security, and cryptography. This required me to touch a lot of the other domains at a minimal level and I had zero experience in software development life cycle and risk management. I didn't study just for the test though. I read a few books (including the Shon Harris one) cover to cover and made sure to understand what I was reading in depth. I don't know about the new test, but the old one was heavy on the development life cycle and risk management, so it was a good thing that I learned those topics in particular.

    Not to mention as a technical guy it was a great reminder and lesson that while I focus on security all the time, the business needs don't revolve around keeping everything locked down, it revolves around the companies bottom line. Sometimes the ROI isn't there for certain security practices and the budget needs to go elsewhere.

    As for immediate takeaways that can be brought back and implemented open up the risk management section and read everything in the disaster prevention and recovery section. I know of exactly 1 organization that I've worked for in the past that implements a full DRP. As for other takeaways there's something on almost every page of any CISSP book that's either being done or should be known by people in every organization. Additionally, SANS teach classes, you better have some takeaways, the CISSP is a test to determine your current level of knowledge on a range of given topics. CISSP isn't a class, the prep courses are designed to prepare you for the test, not teach you everything you should already know.
Sign In or Register to comment.