Path to Begin for Security Professional

wdebrianwdebrian Registered Users Posts: 1 ■□□□□□□□□□
I am the Director of Security for a medium sized business, and have worked in Security for quite some time. I have my CISSP among others. Unfortunately, I am not up to speed on many of the entry level certificates that exist these days. I have a co-worker that has recently worked in sales completing RFP's, but has a lot of institutional knowledge on overall security audit tasks as she has assisted me with SOC 2 preparation among other things. She's a good friend of mine and wants to be out of the Sales role and focus on Security to actually begin a career path. She is a very sharp lady, young and VERY detail oriented. Therefore, I am bringing her onto my staff to assist with SOC 2 audit, internal client security audits, policy work, etc. I will teach her the in's and out's of Risk Assessments, vulnerability scanning and more.

What would you recommend for certs to learn the basics. I have already recommended the SEC+ cert as well as possibly tackling the GISF. She is NOT highly technical in terms of existing networking/IT knowledge, but she is very knowledgeable of business processes, and security fundamentals. I am essentially taking her under my wing to help her on this path.

Again, I don't see her being a pen tester or along those lines. What would be the recommended path for non-technical certs that you all recommend. I have my own thoughts, but wanted to really hear from others as my views may be tainted.


  • Options
    mokazmokaz Member Posts: 172
    According to the few keywords i could grab from your post, i'd say that something like CISA should be geared towards your needs.. But she might not qualify yet for the required experience..
  • Options
    TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    Add ITIL to your list, if she is good with business processes ITIL could elevate her even more. The PMI-RMP might be another one. To get a bit more in-depth beginner knowledge you can also consider the GSEC.
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Security+ for the win. Can't think of a better entry-level learn the basics 101 test or study program.
  • Options
    leboratoricalleboratorical Member Posts: 46 ■■■□□□□□□□
    I think you're on the right path with the Security+ in order to fill out the 'minimum' of the technical areas. Also, it sounds like your co-worker is on, and wants to be on more of the GRC/audit pathway.

    If that is right, then you might also want to consider something like the CCSK if you're also moving into the cloud, but the ISACA CISA, CRISC and CGEIT certs are all options.
    Otherwise, it might help to do some specifics - you say vulnerability scanning etc. Are there Qualys specific qualys that will help in her early years?
  • Options
    stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    I was going to suggest looking into COBIT 5, by ISACA, but their site is unavailable.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • Options
    TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    I too would suggest something like the CISA but after some fundamental knowledge...even if it's just from Sec+ and Net+. CISA is based on processes and managing risk for the business instead of getting into the weeds of technology...but CISA has an experience requirement so it wouldn't help immediately. Eventually the CISSP needs to be on her roadmap because it's one of the big ones to get but at this point it's more of a future thought.
Sign In or Register to comment.