New to TechExams / Certification Roadmap

Hello all,

I stumbled across this site when looking for information on GIAC's GPYC. After poking around for two days, I made an account. I have three years working experience in cybersecurity for the DoD and I am working towards my BS in CyberSecurity / Computer Networking with a minor in Info Sys Management (Only about a year and a half left if I continue part time). I have taken two SANS courses (508 and 573). I am generally curious if anyone can provide their certification experiences and which ones are the best to obtain in a tiered order.

Currently, my plan is to take GPYC, then look at getting A+, Net+, Sec+, CEH and CHFI. From there, I am unsure really where to go. Would these certifications prepare me properly for CISSP / CASP? Where do any of you suggest I look after that? I have unlimited access to test vouchers for varying test, and a hookup for free SANS courses so I am willing to take what is suggested! For the military/government folk here, I went through JCAC three years ago, to give you a baseline for my knowledge.

Thank you in advance for the help! I hope to be able to contribute to the community!

Find more posts tagged with

Comments

kurosaki00

Welcome to the forums.
With that college background I would strongly recommend to skip A+ and Net+ and go for CCNA, and maybe a MS cert if you want more credentials in the Desktop support side.
I dont think with that BS anyone will go, hmm but he has no A+.

o--Spooky--o

I had every intention to skip the A+ exam but it counts for three credits towards my major so I might as well just not have to pay for that class if I can avoid it. A+ and Sec+ look good for my paygrade and military evaluation wise so I am stuck taking those regardless. I am in the GPYC class as I type this, but I have a pretty heavy python background so this class is a little slow.

I did not take the 508 course. I seriously regret that now, looking back. I took that course just over a year ago and was under the impression it was a year long voucher; it was only four months. That however, was my first SANS course so I won't be making that mistake again.

OctalDump

Sec+ or GSEC. CEH is what it is, and its best value is the name, the GPEN and GCIH are better options for content. Honestly, if CISSP is your goal, then I'd be taking all the SANS you can get for free, probably their CyberDefense and the Management & Leadership tracks are best. The GISP (SANS MGT414) is ideal. 1 more year of experience, plus the 1 year waiver for holding GSEC/Sec+ etc, and you'll meet the experience requirements for CISSP.

CASP might be worthwhile if you are looking for Government/DoD work, but is trumped by the CISSP once you have that.

o--Spooky--o

OctalDump wrote: »

Sec+ or GSEC. CEH is what it is, and its best value is the name, the GPEN and GCIH are better options for content. Honestly, if CISSP is your goal, then I'd be taking all the SANS you can get for free, probably their CyberDefense and the Management & Leadership tracks are best. The GISP (SANS MGT414) is ideal. 1 more year of experience, plus the 1 year waiver for holding GSEC/Sec+ etc, and you'll meet the experience requirements for CISSP.

CASP might be worthwhile if you are looking for Government/DoD work, but is trumped by the CISSP once you have that.

My end goal is the GSE. Obviously, that is a long way off and requires many more years in studying and work experience. I have three years left in the military before I have to decide to reup or not. Short term goal is to make myself as marketable as possible within two years to see what kinds of jobs open up in that time window.

OctalDump

From what you say, I think that CISSP is definitely something to get. SANS/GIAC is good, too. Which ones is usually dependent on the role, but you also often just see "GIAC certification" rather than a specific one. The CEH is worthwhile for its marketability. It's entry level pen testing.

Other good options are CISM/CISA, and vendor specific things like CCNA Security or CCNA CyberOps, or any of the firewall vendor certifications, or SIEMs or things like Splunk. There's also the new Securing Windows Server 2016 exam. Which vendor certs depends on the kinds of roles you are interested in.

I think you could drop A+ and Net+, if you feel confident in the knowledge they cover, particularly if you get other OS/Networking certifications. If you have a degree and CISSP, not too many people are concerned about the A+/Net+/Sec+.

yoba222

Curious about being in a DoD cybersecurity role without at least a Sec+. Perhaps because you are active duty. The 8140 might take over by then but I'd be sure to light up as many boxes as possible on the DoD 8570 chart.

o--Spooky--o

yoba222 wrote: »

Curious about being in a DoD cybersecurity role without at least a Sec+. Perhaps because you are active duty. The 8140 might take over by then but I'd be sure to light up as many boxes as possible on the DoD 8570 chart.

I am active duty. They sent me to about nine months of school to cover broad aspects of each part of info sec. If I were not, SEC+ would be a requirement. I am in an network/security role right now so the strong networking background from highschool helps a lot.