Options
Masters vs certificate program vs selfstudy: Cannot decide?
keeranbri
Member Posts: 97 ■■■□□□□□□□
Hello,
Needed advice from all you techs and professionals. I currently have Bachelors in technical management with a concentration in networking, graduated about 8-9 years ago. I have no certificates under my belt, although I have been working as a help desk analyst for the past 6 years. I'm 41 years old and not getting any younger, but I definitely want to get into a more specialized IT field, specifically security is my first choice since I feel it is a very interesting field that is growing. However, I just don't know what to do to get started...should I start off with security + and self study the exam by reading Darryl Gibson book and Messers videos and notes, then start going down the line to study and take the exams of more advanced security certificates. Should I take a certificate program at a online university that offers those 6-12 months IT cybersecurity programs or should I go through a Master degree. I have read that in the IT Field, most employers value certificates more. Also, I wanted to add that my Employer has tuition reimbursement but they only cover up to $5250 for a full year on bachelors/masters/certificate programs and $1000 per year for taking exams such as A+, network +, sec + etc. The cost of university tuition these days are well over 6 grand per year and I don't want to have another student loan to pay. Anyways, I hope I can get some good feedback about my question so It can help me decide what path I should take.
Needed advice from all you techs and professionals. I currently have Bachelors in technical management with a concentration in networking, graduated about 8-9 years ago. I have no certificates under my belt, although I have been working as a help desk analyst for the past 6 years. I'm 41 years old and not getting any younger, but I definitely want to get into a more specialized IT field, specifically security is my first choice since I feel it is a very interesting field that is growing. However, I just don't know what to do to get started...should I start off with security + and self study the exam by reading Darryl Gibson book and Messers videos and notes, then start going down the line to study and take the exams of more advanced security certificates. Should I take a certificate program at a online university that offers those 6-12 months IT cybersecurity programs or should I go through a Master degree. I have read that in the IT Field, most employers value certificates more. Also, I wanted to add that my Employer has tuition reimbursement but they only cover up to $5250 for a full year on bachelors/masters/certificate programs and $1000 per year for taking exams such as A+, network +, sec + etc. The cost of university tuition these days are well over 6 grand per year and I don't want to have another student loan to pay. Anyways, I hope I can get some good feedback about my question so It can help me decide what path I should take.
Comments
-
Optionsasurania
Member Posts: 145
Yea Focus on certification
Phase 1:
I would get Security+ and CISSP out of the way (you will get the associate of ISC2 instead of CISSP till you get the experience) - Those are the HR filter courses.
(CISSP / Associate of ISC2 via CISSP Exam) - is almost mandatory for any security field, so might as well just get it out of the way first.
Phase 2: - https://www.elearnsecurity.com/certification/
Through elearnsecurity I would take the two below courses/certification - They will get you the skills to be job ready, and prep you with the knowledge and skillsets to tackle the OSCP in the next phase.
1. PTS Course - Penetration Testing Student - eJPT Certification
2. PTP Course - Penetration Testing professional - ECPPT Certification
Once you done phase 2, you should be able to start job hunting.
Phase 3 - OSCP Certification - https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
- This is pretty much the gold standard of what you need to be in the security field. PTP course you did earlier would have covered most of the material in this course, but this is certification that employers really look at.
CISSP/OSCP Combo - is pretty much the end goal you are aiming for
Phase 4 - If requried - WGU Bachelor/Masters in Cyber security and Information Assurance
You can take the WGU Bachelor or Masters in Cyber security and Information Assurance. If you have a bachelor degree, then you can take the Masters for Fun and to polish of your resume. IF you have no degree, take the Bachelor. for sure, but first get ALL the above done first. -
Options
yoba222
Member Posts: 1,237 ■■■■■■■■□□
1. College reimbursement towards a Masters or even some certs is tempting.
2. Reimbursement should have happened 4 years ago. You've been in help desk for too long and need to start applying elsewhere so you can get into a higher role.
3. College certificate programs are almost completely worthless. There isn't a single job ad on the planet asking for one.
In my opinion you need to start working your resume writing and interviewing skills and this happens by applying for other jobs.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
Options
EANx
Member Posts: 1,077 ■■■■■■■■□□
I currently have Bachelors in technical management with a concentration in networking, graduated about 8-9 years ago. I have no certificates under my belt, although I have been working as a help desk analyst for the past 6 years. I'm 41 years old and not getting any younger, but I definitely want to get into a more specialized IT field, specifically security is my first choice since I feel it is a very interesting field that is growing. However, I just don't know what to do to get started...should I start off with security + and self study the exam by reading Darryl Gibson book and Messers videos and notes, then start going down the line to study and take the exams of more advanced security certificates. Should I take a certificate program at a online university that offers those 6-12 months IT cybersecurity programs or should I go through a Master degree. I have read that in the IT Field, most employers value certificates more. Also, I wanted to add that my Employer has tuition reimbursement but they only cover up to $5250 for a full year on bachelors/masters/certificate programs and $1000 per year for taking exams such as A+, network +, sec + etc.
"Security" is very broad, what part of it intrigues you? Those masters degrees in cyber are typically management and compliance/auditing focused and don't mean much if your desire is to be a penetration tester. Everyone benefits from increasing their knowledge about security, you just need to decide how you want it applied; in a theoretical fashion (design or management) or hands-on. -
OptionsDanielm7
Member Posts: 2,310 ■■■■■■■■□□
Ah, the often forgotten question of "what do you actually want to do?" Why is security interesting? What part? Just saying it's a growing field isn't going to help you with any kind of desire to learn a field that changes daily sometimes."Security" is very broad, what part of it intrigues you? Those masters degrees in cyber are typically management and compliance/auditing focused and don't mean much if your desire is to be a penetration tester. Everyone benefits from increasing their knowledge about security, you just need to decide how you want it applied; in a theoretical fashion (design or management) or hands-on.
To give you an idea why every once in awhile people ask this too often ignored question and assume you mean pen testing... I work at a 10K+ employee company, under "Security" we have teams of auditors, PCI/SOX/General compliance, Identity Access Management, BCP/DR and Cyber and Network Security. The cyber security group is one of the smallest (not including a 3rd party SOC), you know how many dedicated pen testers we have in that group? Zero.
People always assume security = only pentester and it's not at all correct.
If you really want to get into security, figure out what part of security would fit you, start here:
https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
Note how none of those tell you to work helpdesk then get a cert and start in technical security? You're going to need to learn networking, servers, etc. -
OptionsTheFORCE
Member Posts: 2,297 ■■■■■■■■□□
Ah, the often forgotten question of "what do you actually want to do?" Why is security interesting? What part? Just saying it's a growing field isn't going to help you with any kind of desire to learn a field that changes daily sometimes.
To give you an idea why every once in awhile people ask this too often ignored question and assume you mean pen testing... I work at a 10K+ employee company, under "Security" we have teams of auditors, PCI/SOX/General compliance, Identity Access Management, BCP/DR and Cyber and Network Security. The cyber security group is one of the smallest (not including a 3rd party SOC), you know how many dedicated pen testers we have in that group? Zero.
People always assume security = only pentester and it's not at all correct.
If you really want to get into security, figure out what part of security would fit you, start here:
https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/
Note how none of those tell you to work helpdesk then get a cert and start in technical security? You're going to need to learn networking, servers, etc.
Very well put. Most of Security now is based on controls and audit. In fact, the IT departments of various companies do more security implementations that the actual security analysts. IT doesn't want security analysts with domain admin access so they can go and change GPO's or install software any time they want to test stuff.
Most security people are buried in log reviews, control reviews etc. I'm one of them, when internal audit comes knocking asking they want to test xyz quaeterly control and i need to provide them with 10 reports my day is spend collecting the reports and providing the evidence. Security is not only lets hack stuff.
Heck i see organizations now putting third party vendor management and vendor risk assessment under security and the direction of CISO. Somethinf that was not the case 5-10 years ago. And these people are called security whatever and dont do anything related to hardening a system or having access to any of the security tools.