Cloud Infrastructure/Security career roapmap

MitMMitM Member Posts: 622 ■■■■□□□□□□
I recently had a post about whether to learn AWS or Azure first on my cloud journey. I received some great feedback from TE members (thanks again). As I look at the cloud market, I see there is a lot of focus on Devops, understandable, but not sure that is the path I want to go down. I'd like to see myself more on the infrastructure and security side of things

Just to give some background, I've been in IT over 15 years, spent 4-5 years as a Sr Virtualization/Server/Exchange Admin, and now work as a Network Engineer.

My experience with cloud only currently includes a migration from On-Prem exchange to Office 365 and managing advanced email threats using Microsoft's Advanced Threat Protection. I also deployed a backup product on-prem which archives old snapshots to AWS.

Prior to thinking on cloud, I was began studying for CISSP. The purpose of this thread is to see the best way to merge the two and come up with a good study plan.

I know I can't go wrong with AWS Certified Solution Architect and/or MCSA Cloud, but my question is, should I also consider ISC's CCSP certification, or go back to studying for CISSP? If so, should I be looking at those before the AWS/MCSA certs?

Comments

  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    CISSP will get a 'security' job pretty quickly, and your cloud experience will be very valuable. Depends on what you want to do with Security really. Even if you end up doing audit type work, knowing how the 'cloud' work is important.

    I say do CISSP --> get a security job AND work on AWS cert
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • Mike7Mike7 Member Posts: 1,114 ■■■■■□□□□□
    Continue with your CISSP as it gives you a board overview of security and gives you that "visibility" to recruiters. Your years of experience should help in the CISSP endorsement process. You can do CCSP later using CISSP to waive off experience requirements.

    And do that AWS or Azure cert at the same time. AWS is still the market leader with Azure gaining ground especially in pure Microsoft shops. Cloud is more than just PaaS using Office 365 and Threat Protection. You can sign up for free AWS tier.
  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    Thanks for the replies. I don't think audit type work is in my future, way too much travel, but I get your point. I'd really be looking for something that has either local travel or no travel for any future opportunity. This is the actually the reason I'm looking to move away from networking
    Mike7 wrote: »
    Continue with your CISSP as it gives you a board overview of security and gives you that "visibility" to recruiters. Your years of experience should help in the CISSP endorsement process. You can do CCSP later using CISSP to waive off experience requirements.

    And do that AWS or Azure cert at the same time. AWS is still the market leader with Azure gaining ground especially in pure Microsoft shops. Cloud is more than just PaaS using Office 365 and Threat Protection. You can sign up for free AWS tier.

    Absolutely, cloud is more than that. I had purchased ACloud Guru's AWS course, so I did sign up for the free tier

    The only reason why I thought to maybe do CCSP before CISSP is as a way to ease into ISC's exams. I'm not trying to imply that CCSP is easier than CISSP, but it is a smaller exam, question wise.
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    MitM wrote: »
    Thanks for the replies. I don't think audit type work is in my future, way too much travel, but I get your point. I'd really be looking for something that has either local travel or no travel for any future opportunity. This is the actually the reason I'm looking to move away from networking

    Much of the basics of security really revolves around basic audit principles whether people understand or acknowledge the idea or not so travel is only relevant if talking about a pure external audit position. Security is the business of preventing, detecting and eliminating faults in our organizations controls. Pretty much the start of any audit. Don't let the term throw you. If your looking logs all day its a form of audit - see above.



    Absolutely, cloud is more than that. I had purchased ACloud Guru's AWS course, so I did sign up for the free tier

    The only reason why I thought to maybe do CCSP before CISSP is as a way to ease into ISC's exams. I'm not trying to imply that CCSP is easier than CISSP, but it is a smaller exam, question wise.

    The CCSP feels like a typical concentration when I took it a year ago. No big deal there. I have many under the belt and though I wasn't sleepy by the end of the exam like say the HCISPP. Meh.

    Outside of that. Get comfortable applying as much of your day to day work as far as the CISSP goes and the exam will go easily. People get into trouble with this exam when they attempt to just cram everything, pass the exam and show up looking for work with nothing to back it up. Really, its been seen, tried and noted at the failure rate.

    At this point I wouldn't fret too much over specialization to any extreme. Security is a huge field thats difficult to pigeon hole one way or another - just is. If your interest lay heavily in the use of cloud because you feel good about it, do it. Just don't try to specialize in any one "up and coming" field as its likely to change within two years and move on to the next "must have". Its what makes the field interesting in the first place.

    - b/eads
  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    appreciate the feedback.
Sign In or Register to comment.