Newbie question270718

WillisyWillisy Registered Users Posts: 1 ■□□□□□□□□□
Hi All,

I am a newbie just as the subject said. I am an experienced IT professional. I have done almost everything on IT, from Networking to Cloud, to security. At this point in time, I am at a crossroad of my career. My problem now is, I have some money to embark on some certification but, I am confused which way to go about it. I am looking for some reasonable suggestion and that is why I am here. I am in UK and the UK IT market is buoyant at the moment.

I have two options to go to:

option 1 go for CISSP training and certification.

option 2 go for SANS, the GCIH, or the GCIA.

I am in two minds which of the two to go.

please advice.


  • Options
    Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Depending on what you want to do with your career they are pretty different paths. Option one can be done with a book and some free videos for under 1,000, option 2 is pushing 15K. One is more wide and less focused, but more recognized, option too goes much deeper on fewer topics.
  • Options
    DonklanderDonklander Member Posts: 47 ■■■□□□□□□□
    Exactly what the person above me said.

    You're getting far more value with option 2, considering it's a lot harder to just study for those (though possible).

    Option 1 is something that doesn't really require more than a book or 2, videos, and a practice test engine.
  • Options
    LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    There isn't an exact answer as it can vary from the situation you are in and the path you are considering to take, but a few factors that you may want to consider are ROI, life commitment and career progression. Let me break it down in more details so that you can consider better.

    1) Return on Investment

    The cost of getting the certification versus the estimated monetary returns for the next job hop. Let's say a SANS course that cost about 6+k USD, and the new job is not going to give estimated growth after investing the money. Then probably you may want to rethink if the return on investment is worth it. However, if you are confident to study yourself without the course material, or if the course is being reimbursed/subsidized, then the ROI may vary depending on the situation you are in. Alternatively, it may be as simple as simply wanting to break into infosec, which means that the money invested may not be a huge matter to your consideration.

    2) Current Life Commitment to Hands On/Technical Studies

    Since that there are some certifications is much more hands-on than other certification, another consideration to note of is the luxury of time to do a certification that requires more hands-on technical practice than others. Among the 3 certifications you had listed, GCIA requires a fair amount of hands-on work more than other certification. GCIH and CISSP are more theory oriented, and something that may be viable especially if it is difficult to get on hands-on stuff due to the current commitment to life and family.

    3) Career Goal - Technical vs Compliance

    The last factor is largely depending on which area of infosec work that you would want to break into, and getting the necessary certification to reach that goal. Getting into compliance/audit work will be more straightforward, if you have CISSP and continue to look out actively, you can easily break into the infosec sector for compliance. However, technical work is more stringent and require more effort to break into. If your interest is in the technical sector, then you will have to actively be analysing stuff after work hours to make yourself competitively enough. Of course, it is also possible to break into the technical aspect of infosec with CISSP, good luck and best if you can be shown to be an excellent performer in your area of work.

    While I don't have the exact answer to the question you posted, I hope I had given you enough ideas which can better help you to select the course that you are looking at. GIAC certification usually looks better after getting the second one, and the ROI is better if you can get it through self-study or the work-study program. If there are any other concerns that you may want to discuss further on, please feel free to pm me or add a response here and I will be happy to discuss them with you.

  • Options
    al88al88 Member Posts: 62 ■■■□□□□□□□
    Rule of thumb with SANS (for the majority anyway) is:

    If your work won't pay for it, then do the work-study approach (Google it it search here in TE)..

    Otherwise, the RoI is minimal compared to what you are paying, except, if you are at the door of a rare opportunity that requires a specific GIAC cert.. then go for it.

    Since you have all the technical experience from everywhere, i believe its time to first label you as a security professional (i.e.: getting CISSP) before diving head first in advance security specalizations, such as DFIR SANS courses.
  • Options
    TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Depends on what you want. If you want lots of attention on your resume, the CISSP is the way to go, It's a heck of lot cheaper to obtain as well. If you want technical knowledge, SANS is the where it's at. The SANS certifications are gaining more industry recognition, but the CISSP is the gold standard (whether it deserves to be is another discussion) in security certifications.
    Still searching for the corner in a round room.
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    cissp is for HR/resume/CIOs who don't know any better. no real world, hands-on skills
    sans is for knowledgeable infosec mgrs hiring you and also real world, hands-on skills skills
Sign In or Register to comment.