Pathway to CyberSecurity Architect
MitM
Posts: 567Member ■■■■□□□□□□
Hi everyone,
I'm putting all my focus into security. I've been in IT for about 20 years now in various technical positions, going to senior levels in each (desktop, server, network). The only security related certs I have now are CCNA Security and Palo Alto's PCNSE 7. As of now, I've been focusing only on network security. I was studying for CCNP Security but with the goal of cybersecurity architect, I feel I need to put that on the back-burner and expand to other areas. Plus, I don't want to be limited to only network security.
I've been looking at various job CyberSecurity Architect postings and as expected, the requirements are pretty long. Anything from network security, IDS/IPS, IAM, PAM, DLP, MFA, SIEM, public cloud.
The great thing is, it's a lot to learn, and that's what interests me the most. The question is what's the best way to learn some of these things? Do I contact various companies to give me trials of their products?
From the certification side of things, what are the best options for this path? Should I continue with various vendor specific certs or go vendor neutral?
I know I'm going to begin looking at the CySA+ topics, but not sure if I'll sit the exam. I guess it can't hurt. CISSP is always an option, since it's on almost every job posting, but I want the knowledge and skills to perform the job duties. I don't feel CISSP will give me that
FWIW...My training is all self-funded and right now my budget is limited
I'm putting all my focus into security. I've been in IT for about 20 years now in various technical positions, going to senior levels in each (desktop, server, network). The only security related certs I have now are CCNA Security and Palo Alto's PCNSE 7. As of now, I've been focusing only on network security. I was studying for CCNP Security but with the goal of cybersecurity architect, I feel I need to put that on the back-burner and expand to other areas. Plus, I don't want to be limited to only network security.
I've been looking at various job CyberSecurity Architect postings and as expected, the requirements are pretty long. Anything from network security, IDS/IPS, IAM, PAM, DLP, MFA, SIEM, public cloud.
The great thing is, it's a lot to learn, and that's what interests me the most. The question is what's the best way to learn some of these things? Do I contact various companies to give me trials of their products?
From the certification side of things, what are the best options for this path? Should I continue with various vendor specific certs or go vendor neutral?
I know I'm going to begin looking at the CySA+ topics, but not sure if I'll sit the exam. I guess it can't hurt. CISSP is always an option, since it's on almost every job posting, but I want the knowledge and skills to perform the job duties. I don't feel CISSP will give me that
FWIW...My training is all self-funded and right now my budget is limited
0
Comments
From a technical angle, your best all-in-one shot would be to download security onion & get it up & running in your house and then maintain it daily as you would in an enterprise.
overall i'd also say download the CIS Top 20 Critical Security Controls and read through and learn about everything they preach, both from the technical & administrative/process side.
Do all that and I'll give you a job!
Currently Working On: Python, Pentesting
Next Up: eCPPTv2, OSCP
Studying: Code Academy (CLI, Git, Python)
But, but, but, it's the "gold standard"!
2019 Goals: GCIH, OSCP, Study for GSE
Some experienced architect don't really understand the cloud and they try to design using the old knowledge or whatever they're comfortable with...I guess it's human nature.
To me, I didn't get my job because of a cert...I don't even have an Azure or AWS cert, but I can talk the talk and walk the walk when it comes to cloud technologies (I sleep in the console
Financially it was a lateral move because I was a security analyst/manager; but I was ready for a new challenge and ready to fix the BS designs I was seeing.
If it is an Architecture role where it is more hands on design and configuration, then technical skill level is more of the idea here which will need various vendor and non vendor technical skills. In the end a CISSP will make a technical engineer even better.
Most Architecture roles I see require both technical skills and enterprise management. A Security Architecture role is such a high level position, you should be required to do both.
So regardless, CISSP is a good start or measurement of skills you should have at a minimum for either type of Architecture role.
Being a Security Architect is one of my goals in the near future, I am working on the technical hands on skills as you can see. However, eventually I want to obtain the ISSAP and the SABSA Architect certifications mainly the SCF(foundation) and the SCP(practitioner). I heard the SABSA is considered one of the best enterprise security architecture certifications.
After taking the foundation courses/exam the SCP looks like a beast.
It is not possible to assess Advanced competency using multiple-choice testing techniques so Advanced module examinations take the form of demonstrable assignments. Examination papers contain 5 questions from which candidates must choose 2 to answer. Using examples from real working environments, or by creating a case study, or a combination of both, candidates are required to assess issues, evaluate solution approaches, and customise and apply the SABSA method and framework to create and populate appropriate SABSA work-products (techniques, tools, templates, models, frameworks, etc.).
http://www.sabsa.org/certification-levels
As mentioned above the CIS CSC top 20 is also heavily needed, it is something we are working on at my current employer as well as GDPR.
SANS has a good course on the CIS CSC, I am set to attend later this year.
Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), SANS Security West SEC660 (May), SANS Network Security FOR508 (Sept),
Certs: SLAE, GCIA (in progress), GCIH, GXPN, GCFA
My current position entails network security and vulnerability management. By vulnerability management I mean, I'm responsible for our scanners, I resolve my network vulnerabilities and then discuss all the others with the appropriate teams. If time permits, I'm going to look into the other teams vulnerabilities more and help them research/resolve them
@ChrisOne, I'm currently more interested in Architect roles that are hands on (for now). Thanks for the links
This is a very good point. I think it would take me longer than a month though. I believe the new exam comes out in April. Maybe I'll work on CySA+ and follow it up with CISSP.
But while it may get you the interviews, ultimately you get there by your ability to deliver.
2018: Virtual Hacking Labs
2019: eCPPT &/or OSCP | CISSP
Thanks for the reply. Very true, you have to put in the work to get it.
The Cissp is a good start but ultimately experience is king / because only then can you incorporate principles such as defence in depth/fail secure/open design etc into your work. As far as I know Sans don’t have a course that teaches “design” per se and I’ve asked them this before though many people have different terminology regarding what a security architect actually is depending how you look at it