Lost in the sea of certs

sanctizzlesanctizzle Registered Users Posts: 2 ■□□□□□□□□□
Hey Everyone! Long time lurker on this site but first time posting.

I am posting this in hopes that I can get some guidance, basically I graduated with my MS in Info Assurance and got my Sec+ cert shortly after, however I was without a job and basically accepted the first thing I could after graduating which was a Net Admin position at a Law Firm here in Colorado.

Now the experience I am gaining and the responsibilities i have are great, I pretty much run the whole shop - Veeam Backups, VMware environment, SAN datastorage, NAS datastorage, all the networking and switching, heading up a Voip migration, DMS, Exchange, vMPLS between the site locations, its a wide range of a lot of stuff except one thing.... security.

We are a small shop with a lot of tech, so the vMPLS routers really do all the security and there isn't much emphasis on security from the top down throughout the company no matter how hard i push and pry to get my role more towards that goal. With that being said I think I really want to hunker down and start more self studying to get some more certs under my belt so I can find an actual security role, what I have wanted for years now but just cant seem to find.

I was thinking of going for a CASP but not sure if it is worth it. I know there are experience restrictions and such for a CISSP but apparently you can just take that whenever and if you don't meet the requirements you get a CISSP-Associate? There is also SCCP, CEH, eJPT.... I just don't know which direction to go, there are so many certs and organizations out there its like an ocean. Any insight or personal experience you can give me would be fantastic, thanks so much!


  • Options
    nebula105nebula105 Member Posts: 60 ■■■□□□□□□□
    Hey there!

    I feel the most important thing you should do, is to take one or two days off and just really reflect and get a feel of what you want to do.

    Do you want to move on to doing pentesting and breaking into devices/sites/networks? CEH, eJPT, OSCP, GPEN

    Do you want to move on to something managerial after your current job? SSCP, CISSP, CASP, CISM

    Do you want to perform project implementation of security solutions, perhaps project management? CAPM, Project+, PMP

    Do you want to move on to monitoring, implementation and administration of security devices? CCNA: Security, Cisco Certified Security Professional (CCSP), Checkpoint, CWSP, HP Arcsight, McAfee Nitro/IPS

    Do you want to move on to working in a Security Ops Centre (monitoring and incident handling)? HP Arcsight, Mcafee Nitro/IPS, Wireshark, GCIH, ECIH, CHFI

    Do you want to move on to Forensics? Join a forensics company before pursuing the EnCE and GCFE/GCFA

    Do you want to move on to Risk analysis and policy generation/implementation? CRISC, CISM, CISSP

    Do you want to move on to IT Audit? CISA

    Just to share a little; my current job title is "Systems Engineer", but I'm involved in consulting and managing projects, monitoring security devices and performing incident handling.

    However, limiting myself to that range of certs is impossible, as I need know more about networking terminology and technology, servers and even coding at times.

    In fact, I'm broadening my scope so that if for some reason, I lose my job in security and the market becomes over saturated with security personnel, I can move on to networking, infrastructure support, service delivery or even move on to lecturing.

    So ultimately, it depends on what you want, then eventually; what you need.
  • Options
    sanctizzlesanctizzle Registered Users Posts: 2 ■□□□□□□□□□
    Nebula, wow, what an awesome post.

    Thank you so much for your insight and laying out the direction these certs go and the career path they follow. I really appreciate it.

    I have been thinking about where I want to go with all this and your info has definitely given me more to think about.

    Again, thanks so much.
  • Options
    winona_ryderwinona_ryder Member Posts: 42 ■□□□□□□□□□
    I might add, it's also not a linear path mate.

    You might start down the incident handling road, and then find out that you want to get more into data analysis, then find that you get drawn toward proving vulnerabilities by testing and breaking things.

    Knowledge from other security streams will help to round out your knowledge. You may not always be at this employer, and a well rounded skillset can be very attractive to potential employers
Sign In or Register to comment.