Next Certification Advice?

Justin-

Hi everyone,

So I have my degree in Computer Science and the certs listed under my user, but I am now wondering what I can do next. The end goal is to get into security but I hear cloud is very hot these days too. I don't have any security experience so I can't really take the CISSP (I don't want to be an associate yet, I'd rather wait till I can take the full exam after 5 years of experience). Is there any certification you can recommend I take? I will have quite a lot of free time in the summer and would like to knock out a cert or 2 if possible depending on the difficulty of the certification. I know this question is very broad but I am wondering what cert I can take next to help me get into the security field / be marketable with a useful IT skillset.

Cheers guys.

EANx

What part of security? Security project management is very different from penetration testing which is very different from compliance.

Justin-

Pentesting. Thanks for the reply.

DatabaseHead

Justin -

For the sake of being transparent I work in IT, not security or cloud. However, I did a study recently looking at a whole host of security jobs and if they required or preferred a degree and what certifications did they either prefer or require.

As you could imagine CISSP came out number 1, @ ~45% of all security jobs (~6000 jobs I believe) either requiring or preferring the CISSP. Number 2 of most of the jobs was the C|EH @ ~15% (significantly lower) but still the number 2 certification requested in the job boards.

Based off of these numbers I would consider getting the C|EH if you wanted to land a security job (assuming the CISSP wasn't an option).

One last piece of information that you may find interesting. Pen testing was different. While the CISSP was the most sought after certification for Pen testing positions, neck and neck with it was the OSCP. I am not sure of the requirements to sit this exam, but for pen testing it was either required or preferred for ~45% of the pen testing position.

JasminLandry

To add on what DatabaseHead mentioned, you also need 2 years of experience to get the CEH. As for the OSCP, there aren't any requirements but Offensive-Security do suggests that you have up to 3 years of experience in security. I don't know what your knowledge and experience looks like but if you're just starting off I'd suggest you look at the eLearnSecurity courses, more specifically this one https://www.elearnsecurity.com/course/penetration_testing_student/.

TechGuru80

Justin- wrote: »

I am wondering what cert I can take next to help me get into the security field / be marketable with a useful IT skillset.

These can be different objectives. In a company of normal size, generally the two functions are separate...this is best practice because they have different objectives. Since they are two different areas...the certifications vary some as well. You are unlikely to have enough knowledge to go after any of the big hitters (OSCP, C|EH, CISSP, CCNA, etc.).

Are you working currently? If you want to get some tangible IT skills...MCSA, Linux+, or CCNA are what I would work towards. If you want to curly focus on Security, although by the sound of it you don't actually know between that and Cloud, SSCP / eJPT are probably the best options for InfoSec.

You could also focus on secure coding if you have interest in development because that is always going to be in need.

Final note...if you don't have a job, get a job first so you can pivot based on your experiences.