Hi All,
Apologies for another post on requesting advise on Certification. I hope I´m in the right place for this.
I´ve worked in IT for over 15 years and achieved some good experience and certifications along my career.
So far I have:
ITIL Foundations
Prince Practitioner
MSCSE 2003 (old I know)
CCNP : Expired a month ago
CISA
My path was:
Service Desk support (2
nd/3
rd line) for about 4 years
IT consultant for 4 years dealing mostly with Exchange and Windows servers, Migratin domains, etc
IT consultant running IT assesments / audits for SMBs 2 years
IT Team leader of a major Tech company reponsible for VMWARE, Exchange, Networking, Firewalls, Bluecoat, Wi-fi, telephny, projects and Internal Security (60% hands-on /40% management).
Team Manager for a Business support team on an ISP
Although I had the CCNP cert I´ve decided to let it go because I didn´t feel ready to take the new exam. I´ve done a bit of work with mostly switches and never managed to do CCNP level work so most of the stuff on the CCNP I´ve had studied and worked hard, I forgot because I didn´t get my hands "dirty" as often as I wished at the time.. Another reason was that, lately, I was only being offered CCNP related roles and I don´t want to troubleshoot networks and failing circuits. Companies and Recruiters just love "CCNP" on a CV.
I now want to pursue a more Consultancy and project/management oriented role and keep my CISA alive. I find Security and auditingfascinating but from a architecture / management / project perspective, not so much from a "Hacker" and fire-fighting perspective.
My plan now is to:
-Build my tech skills on security
- Learn Linux and penetration testing. Udemy Courses, a few good book I bought
- Refresh my Cisco Knowledge: I´ll be going through my INE Course (CCNP and CCIE material)- I still love Cisco networking and it´s absolutely necessary
- Intro to Python (Udemy and a book)
-Certifications I´m thinking about for the tech skills
- ISACA CSX practitioner
- CYSA+ or Security+: I Need your input here J
Maybe here, with the Certs and the tech knowledge I might jump into the job market and see what I can get on a security role.
After this I plan on getting the more non-technical part done. (Juicy bit and my goal)
ISO/IEC 2002
CISSP
CISM
So, 4 months (Full time) for the tech skills and the rest to apply it and prepare for CISSP and then CISM
I´m taking a gap year for this and I will be doing this full time. Thats a lot of study and lab time. Then I want to focus more on the project and managemet part and move away from the fire-fighting and troubleshooting part.
My goal is to work my way to Security auditing and/ or management role.
I´ve even considered a 6 month bootcampon the subject. See:
www.Secureset.com The ideia is to fill my gap hands-on part (penetration testing, Linux, etc) but not necessarely to make a living out of it. I´ve managed technical teams and I know from experience that you need technical experience to be competent as a manager or run a project.
Do you think this is a credible plan? Any inputs will be highly appreciated.
I feel I need to do this in a structured way as it´s quite easy to get a job and before you know it, you´re being asked to look into technologies you don´t want to support any longer like Exchange, VMware etc. Quite a few jobs are traps in disguise.. before you know it, a year has passed, you dont like what you do and you´ve spent time working on a technology you don´t want to pursue in the future because "the business needed it"
Thanks in advance.
S.
