Which security cert to start with?

scertsscerts Registered Users Posts: 2 ■□□□□□□□□□
First a bit of background - I work as a s/w QA, so do have some knowledge.
I would like to switch my career to Cybersecurity.

Currently working on Security+ cert, as it is the most recognized, and also cheapest to pay out of my pocket :)

Am I doing it right guys? Please provide your valuable suggestions.

Thanks

Comments

  • scaredoftestsscaredoftests Mod Posts: 2,780 Mod
    What are you interested in, then go on from there. OR some people get certs because the job they applied for, requires one (like for my present job I had to get a MTA) I needed a Security + as well, but I already had that.
    Never let your fear decide your fate....
  • akanyakany Registered Users Posts: 1 ■□□□□□□□□□
    Hi Scaredoftests,
    Do you know if it's okay to take Comptia Security + anytime soon even though the released date was over two years ago? I'm interested in taking the exam, but I was wondering what will happen if it is retired in the coming year. Any thoughts will be helpful.

    Thanks!
  • mzx380mzx380 Member Posts: 453 ■■■■□□□□□□
    Don't mean to hijack but I would also like to know what is the best one to start with. I've been in IT for years and wanted more clarification if I should go for CISSP or CASP
    Certifications: ITIL, ACA, CCNA, Linux+, VCP-DCV, PMP, PMI-ACP, CSM
    Currently Working On: Microsoft 70-761 (SQL Server)
  • scaredoftestsscaredoftests Mod Posts: 2,780 Mod
    Go to their website (CompTia) and look around. I doubt it would be retired, but updated.
    Never let your fear decide your fate....
  • shochanshochan Member Posts: 1,014 ■■■■■■■■□□
    mzx380 wrote: »
    Don't mean to hijack but I would also like to know what is the best one to start with. I've been in IT for years and wanted more clarification if I should go for CISSP or CASP

    From what I read on here (TE), CISSP is for private sector jobs & CASP for gov't jobs...
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Where did you red such a thing? Both certs are on DoD 8570 and are also valid in the private sector.
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    First define what it is you want to do in "security". Its such a broad field that its hard to define without some reference as to what it is you are qualified to do with Q and A. Are your background skills in development, DBA or infrastructure? GRC? Forensics? We could go on for quite awhile but it quickly becomes a game of 20 questions, to be frank.

    CISSP or CASP? The former is widely known and accepted though proves little practical knowledge. Later being more of a market reaction to the CISSP's limitations of being an "inch deep and a mile wide". Widely respected within the field but doesn't have the recognition (yet) in the marketplace. CASP is getting there but hasn't caught fire, yet. I hope it does but for now its still up and coming.

    - b/eads
  • mzx380mzx380 Member Posts: 453 ■■■■□□□□□□
    My strategy has been to cover a wide breadth of technology so I'm looking for a certificate that will round out my resume as more of an IT generalist even though background to this point has been more with infrastructure. Since I've been in IT for a while, I figure I would go for the CISSP beginning Q4 next year but I wanted more info to clarify the application process.

    Hope that helps
    Thanks beads
    Certifications: ITIL, ACA, CCNA, Linux+, VCP-DCV, PMP, PMI-ACP, CSM
    Currently Working On: Microsoft 70-761 (SQL Server)
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    @mzx380;

    Eventually, everyone starts to specialize or cannibalize. What I mean is that people who try to stay JOAT too long either end up locked up in a loony bin or spread so thin that they become a millimeter deep and five miles wide - no depth whatsoever.

    My main skill set is DFIR (Digital Forensics Incident Response) and Infrastructure architecture. Covering both red and blue team sides of the security coin. My secondary skill set revolves around risk management in various different forms using modeling. The other 20 or so security skills I am fully aware of and try to keep somewhat on top of but hardly an expert. See above statement on cannibalizing, myself, my time or my sanity. Simply put I already work about 70 hours a week with much of my downtime learning a new tool or technique related above and can't get through it all.

    Last night I setup a new malware lab, my third separate lab so I could integrate some outputs into 'R' statistical analysis and modeling. Its rough but I am getting some interesting new insights into what I suspect are more than three different APTs attacking my VIPs/client. Cool as all get out but attribution is very, very tricky. Also very specialized and few people are willing to pay for the effort.

    I see people say they JOAT and I do to a certain amount but specialization is key to long term survivability in this field. That's what people like to skirt around on this board. Many don't know what they want to do when they grow up. icon_wink.gif

    Usually, takes some time before people figure the whole thing out. Others depend on whatever opportunities arise to determine their career paths.

    - b/eads
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    beads wrote: »
    I see people say they JOAT and I do to a certain amount but specialization is key to long term survivability in this field. That's what people like to skirt around on this board. Many don't know what they want to do when they grow up. icon_wink.gif

    Usually, takes some time before people figure the whole thing out. Others depend on whatever opportunities arise to determine their career paths.

    Ugh. This. I myself have been dealing with a combination of not knowing what I want to specialize in AND certain opportunities presenting themselves that have broadened my experience and knowledge. My problem has been that I've been good at GRC but like technical security and have done that too. Now I find myself doing security problem management which isn't in either domain, actually utilizes technical knowledge and GRC knowledge.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • OctalDumpOctalDump Member Posts: 1,722
    This is a no brainer. Get Security+ (don't worry about updates to the exam, it doesn't affect the certifications validity). It's broad and well recognised. It gives a good base of knowledge, even if you decide against an Info Sec career.

    It will give you exposure to the field and hopefully give an idea of possible paths.

    The other common "generalist" Info Sec certifications are GSEC, CASP and CISSP. The last two assume/require years of work experience.

    I find the CompTIA roadmap to be a useful guide. It's not scripture, and opinions vary a lot about it. But it works as a good overview.

    The GIAC roadmap is useful as a guide to possible specialities. It's GIAC specific, so it's more useful to think of it as "they offer certification in this field, therefor this field is a potential area of interest".
    2017 Goals - Something Cisco, Something Linux, Agile PM
Sign In or Register to comment.