Certification and highest paid salaries
ajmagic
Registered Users Posts: 5 ■□□□□□□□□□
Hi there what field is more lucrative salary wise for an information security career. I am doing a master in Info sec and this is a question which will help me decide the modules I want to take. I do like the idea of pen testing and contract jobs seem to pay 500 upwards but what other fields in infosec pay more and what professional qualifications should I take after my Msc? I have 15 years in Desktop and network support experience but I am now taking a year out to move into Info Sec. Thanks
Comments
learning wise, EC-Council is rubbish. CISSP won't teach you much. ISACA is good for general bean-counters knowledge. SANS is good for technical real-world skillsets.
OSCP is worthwhile, maybe starting with eLearnSecurity's Junior PenTester to ease into. But if Pen Testing is your thing, then Capture The Flag events are more likely to be worth putting on resumes, and have more potential for networking.
If you want excellent money, then find a niche and get really good. The downside is that you might find that there are only a handful of places you can work.
Google best paying IT security certifications...basically CISSP / CISM / CISA are the top management certifications and have experience requirements, GIAC / CISCO / OSCP are the top practical certifications, and Security+ / CEH would be the beginner theoretical certifications.
Not to thread jack, but I don't know a single person who's taken the CISSP who said they learned valuable, real-life takeaways they could immediately integrate into their environment. The general consensus (in my experience) is that the CISSP is the mile-wide, inch deep check to see if you've got knowledge regarding the concepts surrounding infosec. General knowledge about how public keys work isn't the same as me sitting down at my desk and implementing or protecting PKI. I don't mean to say you don't learn much studying for the CISSP (it's a mile wide, after all), but it's all conceptual based.
IT salaries increase across 12 tech job categories | Network World
Classic red flags when it comes to salary and compensation:
Cybersecurity salary inflation
Folks if you've been in the field long enough you will see the pendulum swing both ways and when it swings back its never pleasant. This will be my third market correction in my career. Personally, I think John Oltsik is being a over confident in his assessment if not willing to make the same exact mistakes the IT industry made in the lead up to Y2K.
Before that happens though, enjoy the ride.
- b/eads
Just curious what your experience is with infosec, or do you just make conclusions by general consensus? I ask politely as I only see you have an A+ certification.
Thanks
2023 Cert Goals: SC-100, eCPTX
Hi, I'm BlackBeret and I learned a TON of stuff from the CISSP. All of my experience has been in network security, physical security, and cryptography. This required me to touch a lot of the other domains at a minimal level and I had zero experience in software development life cycle and risk management. I didn't study just for the test though. I read a few books (including the Shon Harris one) cover to cover and made sure to understand what I was reading in depth. I don't know about the new test, but the old one was heavy on the development life cycle and risk management, so it was a good thing that I learned those topics in particular.
Not to mention as a technical guy it was a great reminder and lesson that while I focus on security all the time, the business needs don't revolve around keeping everything locked down, it revolves around the companies bottom line. Sometimes the ROI isn't there for certain security practices and the budget needs to go elsewhere.
As for immediate takeaways that can be brought back and implemented open up the risk management section and read everything in the disaster prevention and recovery section. I know of exactly 1 organization that I've worked for in the past that implements a full DRP. As for other takeaways there's something on almost every page of any CISSP book that's either being done or should be known by people in every organization. Additionally, SANS teach classes, you better have some takeaways, the CISSP is a test to determine your current level of knowledge on a range of given topics. CISSP isn't a class, the prep courses are designed to prepare you for the test, not teach you everything you should already know.