Advice for a friend

dony2015

A friend of mine need some serious advice about his career.

My friend started a new job in a big organisation few years ago where they feel he is an asset to them.

He has been given the options below to choose which path to follow but he is not quite sure which way to go yet. The company will pay for trainings for him as long as he will not leave in the next 18 months. My friend has his eyes on the contract market where he will make more money than permanent role.
Option 1 is to do CISSP and Qradar Administration and Splunk Administration (SIEM) Route.
Option 2 Study for CISSP and Amazon AWS Solution Arch Associates and Solution Arch Profession (Cloud) Route
Option 3 Study for CISSP and SANS GCIH GSEC504 (Incident Handling, Monitoring) Route.

The question now is, which of the 3 options is he likely to make more money if he goes contracting? Mind you, this friend has a bit of hands on all 3 options.

Find more posts tagged with

Comments

lucky0977

Well first off, what is this person's level of experience? They all seem valuable but I would go with option 3

paul78

My first advice is to ask your friend to create an account on TE and then he/she should post the question him/her self.

That said - what kind of contracting does your friend intend to do? There's really no silver bullet when it comes to certification vs compensation. It depends on your friend's experience and background. And what the market is like in your part of the world.

dony2015

My friend works in IT Security in London. If you read my write up well you will note that he has got some hands on on all 3 options.

paul78

I'm not familiar with the market for contracting in London or EEA so your mileage may vary.

Also - I'm making a whole bunch of assumptions about your friend such as that he has 5+ years of commercial experience and he is currently an engineer in IT security. And his experience is implementation vs operational.

I am also making a broad guess that contracting to your friend means temporary engagements lasting 3 to 6 months and those engagement would be found through his existing relationships with companies instead of a staffing firm.

The 3 options are extremely varied and don't necessarily intersect when it comes to contracting. And assuming that my assumptions are close, I would recommend the second option. The reason is that option one is vendor specific unless your friend has a roledex of companies that he would target as clients that use Splunk or Qradar. Option 3 is operational in nature and incident response isn't typically something that is outsourced to a contractor unless it's on a retainer basis but those usually go to the bigger players.

But if your friend is more on the program management side of IT security or on the process development side - option 3 may not be a bad approach.

It also largely depends on what your friend likes to do. And the type of network he already has.

And if contracting means staff-augmentation to your friend, then option 1 or option 3 could also be a good approach.

TechGuru80

Option 2 and 3 both will have exposure to SIEM tools, so I think option 1 is out.

Has your “friend” searched contract jobs in your area? Oops I meant in your “friends” area.

Option 2 will be more of an IT role versus option 3, which will be heavy in security. Given that fact, it’s all about preference in jobs. Additionally, an architect type role is less likely to have on call requirements...IR kind of roles could work weird hours.

Info_Sec_Wannabe

lucky0977 wrote: »

Well first off, what is this person's level of experience? They all seem valuable but I would go with option 3

+1 since the employer will pay for it. You don't see employers who are willing to pay for SANS courses everyday (and correct me if I'm wrong, but this option is the most vendor neutral). 18 months is relatively short unless the environment where your friend will be working is toxic.

paul78 wrote: »

My first advice is to ask your friend to create an account on TE and then he/she should post the question him/her self.

Agreed. TE is definitely helpful when it comes to stuff like this.

dony2015 wrote: »

My friend works in IT Security in London. If you read my write up well you will note that he has got some hands on on all 3 options.

While I suggested option 3 above, it would still boil down to what path your friend will want to take.

al88

Path 2 or 3 ..

Although, not everyone uses cloud but definitely everyone needs an IR.

LordQarlyn

Option 3 just for the SANS training, as it was mentioned earlier, there aren't many employers willing to fork over for the $6k+ SANS training. Option 2 is not bad and may even have a more profitable long-term future, as AWS is the hot trend at the moment and in the near future, and probably won't ever be going away.