Community Manager at Infosec!
Who we are | What we do
Is Security+ the right certification for me?
Hey Folks!
I seek some advice on which certification should I take?
I have 7 years of I.T experience with focus on Software Development. Because I was working for a bank, I have dealt with security aspects of software development, but it was not the major focus. Because of my bachelors in I.T and 7 years of I.T experience I know the basics of information security.
I am currently doing my MBA (in Business Analytics) from a premier institute in Canada, and also doing my internship as "Cybersecurity, Risk and Compliance Analyst". Even though it is an internship, it is as good as a full-time role. I will do 8 months of internship in this role, during my MBA.
I was always interested in Cybersecurity, but never looked at making a career out of it. While doing my internship, I realized that I will want to continue working in this field.
Post my MBA in 2020, I will try to look for roles in this field. However, I am not sure how much my bachelors, I.T experience and 8 months of Cybersecurity experience will help me to get a full-time role after my MBA.
I have 4 months of free time, so I wanted to look at the possibility of doing a certification so that I can market myself better. After that I will get back to strenuous MBA curriculum, and will not be able to invest time for certification prep until May 2020.
I really wanted to know what certifications should I do which will help me get a Cybersecurity role after my MBA. CISSP, CISA, CISM are out of question due to experience requirements.
After following several threads, CompTIA Security+ seems like the right option for me, and I can later build on by taking other certifications. Please advise whether taking this certification will be of any help.
Thanks in advance!
I seek some advice on which certification should I take?
I have 7 years of I.T experience with focus on Software Development. Because I was working for a bank, I have dealt with security aspects of software development, but it was not the major focus. Because of my bachelors in I.T and 7 years of I.T experience I know the basics of information security.
I am currently doing my MBA (in Business Analytics) from a premier institute in Canada, and also doing my internship as "Cybersecurity, Risk and Compliance Analyst". Even though it is an internship, it is as good as a full-time role. I will do 8 months of internship in this role, during my MBA.
I was always interested in Cybersecurity, but never looked at making a career out of it. While doing my internship, I realized that I will want to continue working in this field.
Post my MBA in 2020, I will try to look for roles in this field. However, I am not sure how much my bachelors, I.T experience and 8 months of Cybersecurity experience will help me to get a full-time role after my MBA.
I have 4 months of free time, so I wanted to look at the possibility of doing a certification so that I can market myself better. After that I will get back to strenuous MBA curriculum, and will not be able to invest time for certification prep until May 2020.
I really wanted to know what certifications should I do which will help me get a Cybersecurity role after my MBA. CISSP, CISA, CISM are out of question due to experience requirements.
After following several threads, CompTIA Security+ seems like the right option for me, and I can later build on by taking other certifications. Please advise whether taking this certification will be of any help.
Thanks in advance!
Comments
-
mikey88 Member Posts: 495 ■■■■■■□□□□Have you looked into SecDevOps that expends on your SW dev experience? Security+ is a good starting point, but look into expending your existing skills rather than trying to change career paths all together as that would be a long climb uphill.Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux
-
LaduLaser Member Posts: 31 ■■■□□□□□□□If you have time and money on your hands, I can't see why you shouldn't. It's comparatively easy and looks good on a resume. If I ran a company in which there were a lot of digital secrets, I'd get my whole staff to complete Sec+ training just so I knew everyone understood non-repudiation, why not to insert foreign USB devices into company computers or allow anyone to tailgate etc.
-
paul78 Member Posts: 3,016 ■■■■■■■■■■What kind of software development do you have experience with? If you enjoy software engineering, you could also consider trying to get a job at a security product company. Depending on what you like about cybersecurity - working as a software engineer/developer could develop your skills better.ps. - no need to double post in the forum - and welcome to TE.
-
akxshay Member Posts: 11 ■■■□□□□□□□mikey88 said:Have you looked into SecDevOps that expends on your SW dev experience? Security+ is a good starting point, but look into expending your existing skills rather than trying to change career paths all together as that would be a long climb uphill.
-
akxshay Member Posts: 11 ■■■□□□□□□□LaduLaser said:If you have time and money on your hands, I can't see why you shouldn't. It's comparatively easy and looks good on a resume. If I ran a company in which there were a lot of digital secrets, I'd get my whole staff to complete Sec+ training just so I knew everyone understood non-repudiation, why not to insert foreign USB devices into company computers or allow anyone to tailgate etc.
-
akxshay Member Posts: 11 ■■■□□□□□□□paul78 said:What kind of software development do you have experience with? If you enjoy software engineering, you could also consider trying to get a job at a security product company. Depending on what you like about cybersecurity - working as a software engineer/developer could develop your skills better.ps. - no need to double post in the forum - and welcome to TE.
I have worked on IBM middleware tools such as DataPower, Message Broker, MQ etc. using XML, XSLT, ESQL etc.
I am not sure whether I would want to go back to pure technical role post my MBA. -
LonerVamp Member Posts: 518 ■■■■■■■■□□I'd strongly suggest you look at the CISSP experience requirements again, and look back on your previous work experience. Did you deal with identity (accounts)? Anything with patching systems, secure coding, authentication, cryptography/encryption?After an MBA, a Security+ is going to sound a bit entry-level, but you're also going to be coming out into the field with an MBA which is going to be beyond entry-level. For this, I'd again make sure to not sell yourself short on your previous IT experience and try to nudge into non-entry-level positions this way.I think CISSP, CISA, and CISM should be goals as soon as you feel comfortable doing them.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
akxshay Member Posts: 11 ■■■□□□□□□□LonerVamp said:I'd strongly suggest you look at the CISSP experience requirements again, and look back on your previous work experience. Did you deal with identity (accounts)? Anything with patching systems, secure coding, authentication, cryptography/encryption?After an MBA, a Security+ is going to sound a bit entry-level, but you're also going to be coming out into the field with an MBA which is going to be beyond entry-level. For this, I'd again make sure to not sell yourself short on your previous IT experience and try to nudge into non-entry-level positions this way.I think CISSP, CISA, and CISM should be goals as soon as you feel comfortable doing them.
I too am worried that I might end up under selling myself post my MBA. My natural inclination was towards CISSP, CISM and CISA (in same order), but I was not sure about the experience requirements.
Majority of my experience (around 5+ years) was working on IBM DataPower, which provides security, control, integration and optimized access to a full range of mobile, web, application programming interface (API), service-oriented architecture (SOA), B2B and cloud workloads.
Following are the security related features I remember working on:
AAA implementation, XML Firewall, configured crypto objects, Kerberos, Encryption/Decryption, Web Application Firewall (WAF), configured SSL profiles for client and server etc.
These were not the focus of my role. However, DataPower was primarily being used as secure gateway, hence I had to deal with security related stuff most of the time.
I have no idea how much will this contribute to the work requirement for CISSP. I will try to dig more and see where this experience can lead me to.
Thanks again! -
paul78 Member Posts: 3,016 ■■■■■■■■■■akxshay said:Thanks for your response.
I have worked on IBM middleware tools such as DataPower, Message Broker, MQ etc. using XML, XSLT, ESQL etc.
I am not sure whether I would want to go back to pure technical role post my MBA.Based on your description of your experience, you ought to qualify for CISSP. -
Infosec_Sam Admin Posts: 527 Adminakxshay said:LonerVamp said:I'd strongly suggest you look at the CISSP experience requirements again, and look back on your previous work experience. Did you deal with identity (accounts)? Anything with patching systems, secure coding, authentication, cryptography/encryption?After an MBA, a Security+ is going to sound a bit entry-level, but you're also going to be coming out into the field with an MBA which is going to be beyond entry-level. For this, I'd again make sure to not sell yourself short on your previous IT experience and try to nudge into non-entry-level positions this way.I think CISSP, CISA, and CISM should be goals as soon as you feel comfortable doing them.
I too am worried that I might end up under selling myself post my MBA. My natural inclination was towards CISSP, CISM and CISA (in same order), but I was not sure about the experience requirements. -
yoba222 Member Posts: 1,237 ■■■■■■■■□□Security+ where you are right now sounds like a great way to put a decent cert on your CV without being too time consuming. I think CISSP would be a bit of a stretch right now and you'll have plenty of time for that once you land a full time paying infosec job. That internship I think will help out massively getting your foot in the door.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
akxshay Member Posts: 11 ■■■□□□□□□□paul78 said:akxshay said:Thanks for your response.
I have worked on IBM middleware tools such as DataPower, Message Broker, MQ etc. using XML, XSLT, ESQL etc.
I am not sure whether I would want to go back to pure technical role post my MBA.Based on your description of your experience, you ought to qualify for CISSP.
-
akxshay Member Posts: 11 ■■■□□□□□□□
Thanks Sam for your valuable inputs!
It's my understanding that the CISSP associate certification (what you get when you pass the test but don't meet the experience reqs) still pulls a bit of wight. The CISM/CISA are both great choices as well. Since no one has mentioned these yet, I'd like to bring up GIAC's certifications as another option. They have a couple of certs aimed more towards developers, so those might be good options to build on what you've already accomplished. I'm thinking the GSSP and the GWEB would both be of interest to you.
The certifications you have mentioned are quite technical. I already have decent software development experience, and do not want to get back to similar role after my MBA.
I have planned to start with Security+, and will then eventually move on to CISSP. I want to do something which helps me enter the Cybersecurity field, and an entry level certification such as Security+ will help me build a strong foundation.
-
akxshay Member Posts: 11 ■■■□□□□□□□yoba222 said:Security+ where you are right now sounds like a great way to put a decent cert on your CV without being too time consuming. I think CISSP would be a bit of a stretch right now and you'll have plenty of time for that once you land a full time paying infosec job. That internship I think will help out massively getting your foot in the door.
I have started preparing for Security+, and will hopefully get this out of the way very soon and get a couple more certifications before I resume my MBA term in September.
These will give more credibility to my profile and lay a strong foundation for my prep towards CISSP, CISM etc. -
Infosec_Sam Admin Posts: 527 Adminakxshay said:yoba222 said:Security+ where you are right now sounds like a great way to put a decent cert on your CV without being too time consuming. I think CISSP would be a bit of a stretch right now and you'll have plenty of time for that once you land a full time paying infosec job. That internship I think will help out massively getting your foot in the door.
I have started preparing for Security+, and will hopefully get this out of the way very soon and get a couple more certifications before I resume my MBA term in September.
These will give more credibility to my profile and lay a strong foundation for my prep towards CISSP, CISM etc. -
craig009 Member Posts: 57 ■■■□□□□□□□I have started with security + too which is a good footing for CISSP. I had a BSC MSC ,ITIL foundation and CTFL.However after carefully consultations from versed and experienced guys in the field .I was told the roadmap is Security+ 501 .
Hopefully I passed it soon and experienced experts on here will show me more route towards passing the CISSP next .
So I will say the decision to take the Security+ is a good step to be honest .Good luck with studies and keep us posted with development -
TrunksXV Member Posts: 33 ■■■□□□□□□□I would go for Security+ and CySA+ and CASP+ as a start, after you've gotten some experience with doing some of those tests, then perhaps you can go for the CISSP. I'm right with the other posts, perhaps you should check if your paid experience that you already have gotten will count towards the requirements for taking the CISSP. Otherwise what you have already done seems impressive enough at least on paper.Certifications: A+, Network+, Security+, Project+, CySA+, MCP, ITIL
Future Goals: DevOps, CASP+, Server+, Linux+, Red Hat, PenTest+ -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□You can go for Sec+, it is an easy exam. However have you thought about CSSLP, it is the ISC(2) certification for secure software development. It would be easier to map your experience to their experience requirement.