Security Implementation/Architecture Path

mikey88mikey88 Member Posts: 495 ■■■■■■□□□□
So I recently acquired CISSP certification just because it's highly sought after, but I'm not really interested in management track right now. My other certs are CompTIA (CySA+, Sec+ etc) My current duties right now are mostly administration of existing cybersecurity tools as well as server management etc.

What I'm looking to do is move into more of an Implementation Engineer/Architect role. So what skills should I be learning? What about certifications?

CASP - How valuable is it actually outside of DoD?
CCNP Security - Cisco proprietary, how valuable is the knowledge to deploy non cisco gear?
MCSE - No security track for MCSE currently? 
RHCA - We deploy some red hat servers but I don't know how common they are in enterprise environments?
VCP/Citrix/AWS/Azure - Not sure how valuable these are

Anything else I'm missing? Thanks for reading.

Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux


  • Options
    stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    How about one of the CISSP concentrations or the TOGAF?
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • Options
    JDMurrayJDMurray Admin Posts: 13,026 Admin
    Security architecture and security engineering (implementation) are two different career paths that are alternatives to working in security operations. When deciding on certs for any of these career paths, you should look at many job postings and note which certs are asked for in the jobs that appeal to you. Also, note what non-cert qualifications are asked for. You will find that there is rarely an "entry-level security architect" position advertised and that many architects were security (or network) engineers and even started in security operations. Engineers need to be more technical than architects, but architects that have a good technical background are usually better than those that don't.

    Also, keep in mind:
    • Most enterprise networks are based on Microsoft Active Directory.
    • Most servers and midpoint boxes are running UNIX or Linux.
    • Most user interfaces use Web-based technologies.
    • Organizations that are growing are moving to the Cloud and AWS is the big dog in that area.
    • Security is about defending against active and malicious attackers. You must always be aware of this in your architectural or engineering mindset. Anything else (accidents, incompetence, negligence, etc.) is just safety issues.

  • Options
    mikey88mikey88 Member Posts: 495 ■■■■■■□□□□
    Good points @JDMurray. So basically know everything haha. If only I had unlimited time
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • Options
    JDMurrayJDMurray Admin Posts: 13,026 Admin
    edited April 2019
    mikey88 said:
    So basically know everything haha. If only I had unlimited time

    This is why you need to look at job postings to see what employers are looking for. No one can be a hands-on SME in everything. An AD architect must be very experienced in AD networks, but many orgs won't care that their engineers are UNIX/Linux experts if you know how to get around on the command line. You need to find what is in demand and what you enjoy and that will indicate your most successful career path until the market, or your desire, changes.

    No matter how much you may not like it, finding a new job--and a new career--is work.
  • Options
    Pmorgan2Pmorgan2 Member Posts: 116 ■■■■□□□□□□
    I am doing security engineering now.  Here's what I would recommend:
    • Experience 6+ years in system, network, and/or sysops administration.  This is called system support services, infrastructure, or SAN experience at various places.
    • Get your CCNA, MCSA, Linux+, and VCP-DCV to demonstrate solid fundamental understanding of systems infrastructure.
    • Get Security+, SSCP, GSEC, CASP, CISM, CISSP, or GSE to demonstrate a fundamental understanding of a wide array of security topics.  Skip straight to CISM, CISSP, or GSE if you're capable, or build your way up.
    • Get CRISC, GSNA, GCCC, GMON, or CISA to demonstrate security compliance knowledge.
    • Select a focused security area of expertise and get advanced certifications in that area.  I.E. - JNCIE / CCIE Security / PCNSE for network security engineering.  GAWN / OSCP / OSCE for system testing.  GICSP / GRID / GCIP for industrial control system security architecture.  Project+ / CAPM / GCPM / PMP for project management if you're going into a large organization.
    • As you prepare to move from security engineer to security architect, learn and certify advanced knowledge in multiple focus areas.
    If starting from scratch, I would recommend:
    1. Get a Junior SysAdmin or help desk job.
    2. Security+ or SSCP
    3. MCSA
    4. CCNA
    5. Linux+ and/or RHCSA
    6. Move to SysAdmin or SysOps if you haven't already.
    7. VCP-DCV
    8. GSEC or CASP
    9. Move to Risk Compliance or Security Management
    10. CISM, CISSP, and/or GSE
    12. Move to Security Engineering
    13. CISSP or GSE if you haven't already.  CISSP-ISSEP, CISSP-ISSMP, or OSCP if you have.
    14. Move to Security Architecture
    15. Get GSLC, CISM, and a master's degree
    16. Move to CISO / CIO / CEO
    2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist
  • Options
    UnixGuyUnixGuy Mod Posts: 4,564 Mod

    Reading the book might be sufficient from a knowledge perspective, if you are interested in Enterprise Security Architecture.


    Learn GRC! GRC Mastery : https://grcmastery.com 

Sign In or Register to comment.