What Path to take After Security+

Aqeelnaqvi

I have passed security+ a few months back, and currently i am working on Azure Fundamentals (Az-900) and perhaps AZ-100 series. Ultimately, I would like to earn CISSP down the road; however, due to lack of exposure in the specific field, I fill a little overwhelmed by what path is the correct one.
Currently I have completed 
1. Cyber security curriculum at Champlain College offered by my employer
2. Security+ SY0-501 

Working on
Auzre fundamentals AZ-900
AZ-100 series.

Long Term Goal:
SSCP
CISSP

Also, I want to mention that currently, I am not working directly in IT, I am a Radio Access network engineer working in Telecom industry, so i will be taking a different route once my resume is presentable enough.

nisti2

Congrats!
You can check CCNA Cyber Ops. 

Aqeelnaqvi

Thanks for the feedback.
do you think I am not experienced enough in the field to prepare for SSCP yet? or you mean i should overlook SSCP for now, and go for CCNA Cyber ops.

Infosec_Sam

I'd say there's nothing wrong with casually applying for IT jobs now, if that's eventually the route you want to take. To answer the question in your comment - the SSCP requires a year of security experience to be officially certified, so it's tough to list it on your resume before you actually have it. The CCNA cyber ops is one that you just need to take the test to earn the cert.

Keep in mind that this year of experience can be completed before or after you pass the exam, but you need both in order to officially earn the cert. If you choose to take the exam before getting your year of experience, you'll be designated as an "Associate of ISC^2." That being said, the CCNA cyber ops is something you can quickly take and throw on your resume, which will help you get your year of experience for the SSCP.

Another option is to go the CCNA R&S route to build a more well-rounded base to build from. Companies love their security guys who know networking.

Aqeelnaqvi

oh so please correct me if i am wrong, getting CCNA cyber OPS will automatically give me a year of experience for SSCP as well?
If that's correct i see what was meant in the first comment

I really appreciate all the feedback.

mikey88

CCNA since you're already in telecom but lack the experience for higher level certs.

Aqeelnaqvi

Yup, lack of experience in the dedicated field is kind of holding me back. and I want more certifications before making a move.
Does anyone disagree with a blend of security certs and Azure certs along with it?

On a different note, my current field although could provide a better connection for security of IOT devices since my current job and the path i am taking towards security aligns at IOT; however, I am not aware of many IOT certifications that may provide a bridge in that. 

Aqeelnaqvi

Also, based on my scenario I may not qualify directly for IAT level 3 certs, but does it make one more presentable if there are more certs in the same IAT level? like Comptia Sec+ and CCNA Cyber Ops are in the same level.
I mean i understand that it will provide more opportunities as per say, but does is it a good path for the long term?

		IAT Level II		IAT Level III
			CCNA Security CySA+ ** GICSP GSEC Security+ CE SSCP		CASP+ CE CCNP Security CISA CISSP (or Associate) GCED GCIH

mikey88

Aqeelnaqvi said:

Also, based on my scenario I may not qualify directly for IAT level 3 certs, but does it make one more presentable if there are more certs in the same IAT level? like Comptia Sec+ and CCNA Cyber Ops are in the same level.
I mean i understand that it will provide more opportunities as per say, but does is it a good path for the long term?

With DoD 8570 there is also what's called computing environment (CE) requirements. So for example, to work with networks, you'll need a CCNA or MSCA to work with servers. Even if the certs are in the same level there are still benefits to having them if not a strict requirement.

You mentioned the end goal for you is CISSP and a Cyber job, and the most straightforward way to get there is with a bit of networking experience (CCNA)

Aqeelnaqvi

Make sense! Thank you

I think I will finish my AZ-900 and AZ-100 hopefully over next 2-3 months, and aim for CCNA Cyber ops after that, I hope 6 months are enough for that?

Also, i have started using cbtnuggets recently to study for certs, I am not sure if anyone can answer that cbtnuggets alone is a source good enough to get through CCNA Cyber Ops

wiredtitan

CBT Nuggets is a great resource, but even so, it's always good to add other ways to study. What one doesn't teach another might cover. Plus, it helps get the concepts ingrained.

If I can add another thing. LAB! Get experience here and find ways of thinking what skills will be most marketable (searched linkedin and indeed to see what recruiter requirements are, etc).

Good luck on your journey. You made a good choice with certs. The demand for cloud and security skills is rising!

Aqeelnaqvi

Thanks for the feedback
Cbtnuggets does have lab experience for the course that i have started so far. But  i have just recently started my journey on cbtnuggets, so it may lack lab on other courses i dont know.

Any recommendations for books for ccna cyber ops? 
I think az-900 and az-100 are better prepared with actuall hands on if i am not wrong

Infosec_Sam

You can never go wrong with Cisco's official books! I used (and am using) these for my CCENT/CCNA R&S, and they're everything I need them to be. I think that book plus Cbtnuggets would be a great choice. 

Aqeelnaqvi

cool great... it seems some of you guys have passed CCNA cyber ops; how long do you think it would take to get through with both parts of this certification

ctmcron

I think it depends on what you want to do both short/long term. I'm more on the Project Management side so I'm geared more towards management type certs CAP/CISM there are a few different paths you can take. Do you want to be more technical focused etc...

Aqeelnaqvi

ctmcron said:

I think it depends on what you want to do both short/long term. I'm more on the Project Management side so I'm geared more towards management type certs CAP/CISM there are a few different paths you can take. Do you want to be more technical focused etc...

On that i would say, down the road, I hope I can manage my current experience with my desired experience in cyber security field. I think somewhere down the road, I may get into IOT security, since that will be a blend of RF and security. I am not sure if that gives a clear answer.

For now I want to know if 3-4 months are enough to prepare for CCNA cyber ops 210-250, and then another 3-4 month for the 255 part?

beads

With your telecom/radio background have you looked into or thought about VoIP or wireless as well? Depending on your long term goals this may dovetail nicely for you.

Aqeelnaqvi

beads said:

With your telecom/radio background have you looked into or thought about VoIP or wireless as well? Depending on your long term goals this may dovetail nicely for you.

I am not entirely sure what do you mean there? Wireless I am already in, VOIP would probably mean going more on the switch an routing side; i dont want to take route.

I would rather take the security management route, and somehow may be blend my wireless LTE RF performance experience down the road towards IOT.

Unless, i am not able to understand what u mean there, please explain it to me. Thanks for the response

ctmcron

Ok if you are going the management route then I would tell you to focus more on policy related certs. Dont get me wrong the technical certs are important however managers need to be effective leaders so developing rules, standards, policy is kind of where you might want to go. I would recommend one of the following (not in any order) CISSP, CISM, CISA then you can develop your niche for where you ultimately want to be. These are certs that most managers have at least one of and have a good blend of some management principles. Understanding risk management, policy, management and governance demonstrates that you have the advanced technical skills and knowledge to authorize and maintain information systems which is what most employers are looking for in security management.

Aqeelnaqvi

ctmcron said:

Ok if you are going the management route then I would tell you to focus more on policy related certs. Dont get me wrong the technical certs are important however managers need to be effective leaders so developing rules, standards, policy is kind of where you might want to go. I would recommend one of the following (not in any order) CISSP, CISM, CISA then you can develop your niche for where you ultimately want to be. These are certs that most managers have at least one of and have a good blend of some management principles. Understanding risk management, policy, management and governance demonstrates that you have the advanced technical skills and knowledge to authorize and maintain information systems which is what most employers are looking for in security management.

Yes, that is the plan from the beginning, I am asking peers to give advice on a path that leads to CISSP, providing my current work experience is RF related specifically LTE wireless network performance management).
I have completed SEC+ 5 months back, and I am hoping to cover more ground towards CISSP over next 12-18 months, and then make a switch, to gain experience in the specific field.
I am looking for a road map to get CISSP eventually.  

So far, from what others have suggested it seems like security+, CCNA Cyber ops, with my current in progress AZURE certs (AZ-100, and AZ-900) should provide me good grounds to make a switch from RF to related IT job, and then there I can gain experience while working towards CISSP.

I hope i make sense 

beads

Telecom appears to be the path of least resistance here but you did not indicate any preference. I can see that I have offended you with my choice of wording here so I will drop it.

-b/eads

Aqeelnaqvi

beads said:

Telecom appears to be the path of least resistance here but you did not indicate any preference. I can see that I have offended you with my choice of wording here so I will drop it.

-b/eads

I am not offended and i did not mean to offend anyone giving advice, i am not sure if my words are phrased wrong, apologies if that's the case. Anyway, please feel free to provide assistance.

I did mention that I would like to earn CISSP down the road, but I am trying to get advice on what path to take. If picking a position of my choice lets say down the road, I see myself working as Security analyst, and eventually paving way to become CISO.