"New" To IT InfoSec Certification

I am looking for some advice

I have been working in the telecom industry for the past 8 years with extensive background in 4G LTE Radio Access and User Equipment Testing. In this field of work certifications were not a major player in my overall job progression. I have significant experience in windows, Linux, and networking, and obviously, Radio Access Protocol and Testing from this past life but no certs to "prove" it.

Recently my company has moved into the IT Security Realm and my job has migrated with it and I am now responsible for managing and supporting the network and infrastructure of our product which includes a SaaS solution in the AWS Cloud. In order to both prove and gain qualifications in this new realm to myself and our customers, I have quickly jumped into the IT certification world and in the past 6 months I have gained:

CompTIA A+
CompTIA Sec+
AWS SysOps Administrator Associate

I am scheduled to take the SSCP exam in the next month (mostly because I don't have the experience for CISSP so soon).

After this, now that I've caught the cert bug, where to go from here? Both from a resume builder and useful knowledge standpoint. I've quickly gained interest in the Cloud/InfoSec arena but as a relative convert, I want to prove my capability through the most useful certifications. Thanks for any advice!

Find more posts tagged with

Comments

ITSec14

Depends on where you want to go in your career. Answer that first as I would not just go after any and every cert out there. You should find a focus area and build on that.

You can still take the CISSP even though you don't have the experience for the full "CISSP" credential. That's what I'm doing and then I will have my Associate of (ISC)2 designation converted to the full CISSP status early next year.

markulous

If your employer will pay for it, my answer to this question will typically be SANS. They offer some great training for security and their certs are very marketable.

dave86

Thanks to you both.

As far as what I'd like to do, Development is really my only hard no. I'm good with bash/python scripting to some extent and am comfortable using that when necessary but do not want to be a developer by any means.

I find protocol analysis (from my telecom background) interesting and challenging so would welcome any system/network/security admin role or even get into pen-testing although for that I'd probably have to gain more experience in Database/SQL side.

For SANS, you'd recommend GSEC first before looking into specializing in one of the advanced certs? I see it is very expensive compared to other certs so see why you only suggest if I can get it paid for

markulous

Depends on your level of knowledge for security. GSEC seems like the S+ on steroids. If you feel like you need the fundamentals, then I would recommend that. Otherwise, if you are pretty knowledgeable, I'd consider the GCIH, GCED, or GMON.

NetworkNewb

If you like your current employer and looking to stay there, I would look for areas that you enjoy working on where you can improve on that can help your company. Where are weakness in your company? Where are areas that your company could improve that you might be able provide a positive impact on if you attained a certain skillset? I would specifically look at your current position and gauge what aspects you can improve and expand on.

Or if you don't have an opportunity to expand your current role and your company doesn't have any opportunities open for you to move a new role, I would look at job ads in your area and see exactly what they are asking for.

You said you want "to prove my capability through the most useful certifications". The most useful certification is one that either provides you knowledge to help you improve yourself at your current job, or one that helps you land your next position.

ITSec14

If you are interested in pentesting, I hear GREAT things about the eJPT from elearnsecurity. They give you all the tools you need plus include the exam fee in a low cost package. I plan on tackling that one early next year.