Is Security+ the right certification for me?

akxshay

Hey Folks!

I seek some advice on which certification should I take?

I have 7 years of I.T experience with focus on Software Development. Because I was working for a bank, I have dealt with security aspects of software development, but it was not the major focus. Because of my bachelors in I.T and 7 years of I.T experience I know the basics of information security.

I am currently doing my MBA (in Business Analytics) from a premier institute in Canada, and also doing my internship as "Cybersecurity, Risk and Compliance Analyst". Even though it is an internship, it is as good as a full-time role. I will do 8 months of internship in this role, during my MBA.

I was always interested in Cybersecurity, but never looked at making a career out of it. While doing my internship, I realized that I will want to continue working in this field.

Post my MBA in 2020, I will try to look for roles in this field. However, I am not sure how much my bachelors, I.T experience and 8 months of Cybersecurity experience will help me to get a full-time role after my MBA.

I have 4 months of free time, so I wanted to look at the possibility of doing a certification so that I can market myself better. After that I will get back to strenuous MBA curriculum, and will not be able to invest time for certification prep until May 2020.

I really wanted to know what certifications should I do which will help me get a Cybersecurity role after my MBA. CISSP, CISA, CISM are out of question due to experience requirements.

After following several threads, CompTIA Security+ seems like the right option for me, and I can later build on by taking other certifications. Please advise whether taking this certification will be of any help.

Thanks in advance! 

mikey88

Have you looked into SecDevOps that expends on your SW dev experience? Security+ is a good starting point, but look into expending your existing skills rather than trying to change career paths all together as that would be a long climb uphill.

LaduLaser

If you have time and money on your hands, I can't see why you shouldn't. It's comparatively easy and looks good on a resume. If I ran a company in which there were a lot of digital secrets, I'd get my whole staff to complete Sec+ training just so I knew everyone understood non-repudiation, why not to insert foreign USB devices into company computers or allow anyone to tailgate etc.

paul78

What kind of software development do you have experience with? If you enjoy software engineering, you could also consider trying to get a job at a security product company. Depending on what you like about cybersecurity - working as a software engineer/developer could develop your skills better.

ps. - no need to double post in the forum - and welcome to TE.

akxshay

mikey88 said:

Have you looked into SecDevOps that expends on your SW dev experience? Security+ is a good starting point, but look into expending your existing skills rather than trying to change career paths all together as that would be a long climb uphill.

Thanks for your response. I have some experience with DevOps, but not any with SecDevOps. I will surely explore this option.

akxshay

LaduLaser said:

If you have time and money on your hands, I can't see why you shouldn't. It's comparatively easy and looks good on a resume. If I ran a company in which there were a lot of digital secrets, I'd get my whole staff to complete Sec+ training just so I knew everyone understood non-repudiation, why not to insert foreign USB devices into company computers or allow anyone to tailgate etc.

Thanks for your response, I really appreciate it.

akxshay

paul78 said:

What kind of software development do you have experience with? If you enjoy software engineering, you could also consider trying to get a job at a security product company. Depending on what you like about cybersecurity - working as a software engineer/developer could develop your skills better.

ps. - no need to double post in the forum - and welcome to TE.

Thanks for your response.

I have worked on IBM middleware tools such as DataPower, Message Broker, MQ etc. using XML, XSLT, ESQL etc.

I am not sure whether I would want to go back to pure technical role post my MBA. 

LonerVamp

I'd strongly suggest you look at the CISSP experience requirements again, and look back on your previous work experience. Did you deal with identity (accounts)? Anything with patching systems, secure coding, authentication, cryptography/encryption?

After an MBA, a Security+ is going to sound a bit entry-level, but you're also going to be coming out into the field with an MBA which is going to be beyond entry-level. For this, I'd again make sure to not sell yourself short on your previous IT experience and try to nudge into non-entry-level positions this way.

I think CISSP, CISA, and CISM should be goals as soon as you feel comfortable doing them.

akxshay

LonerVamp said:

I'd strongly suggest you look at the CISSP experience requirements again, and look back on your previous work experience. Did you deal with identity (accounts)? Anything with patching systems, secure coding, authentication, cryptography/encryption?

After an MBA, a Security+ is going to sound a bit entry-level, but you're also going to be coming out into the field with an MBA which is going to be beyond entry-level. For this, I'd again make sure to not sell yourself short on your previous IT experience and try to nudge into non-entry-level positions this way.

I think CISSP, CISA, and CISM should be goals as soon as you feel comfortable doing them.

Thanks a lot for your response.

I  too am worried that I might end up under selling myself post my MBA. My natural inclination was towards CISSP, CISM and CISA (in same order), but I was not sure about the experience requirements.

Majority of my experience (around 5+ years) was working on IBM DataPower, which provides security, control, integration and optimized access to a full range of mobile, web, application programming interface (API), service-oriented architecture (SOA), B2B and cloud workloads.

Following are the security related features I remember working on:

AAA implementation, XML Firewall, configured crypto objects, Kerberos, Encryption/Decryption, Web Application Firewall (WAF), configured SSL profiles for client and server etc.

These were not the focus of my role. However, DataPower was primarily being used as secure gateway, hence I had to deal with security related stuff most of the time.

I have no idea how much will this contribute to the work requirement for CISSP. I will try to dig more and see where this experience can lead me to.

Thanks again!

paul78

akxshay said:

Thanks for your response.

I have worked on IBM middleware tools such as DataPower, Message Broker, MQ etc. using XML, XSLT, ESQL etc.

I am not sure whether I would want to go back to pure technical role post my MBA. 

If you're not interested in a pure technical role, then I would agree with @LonerVamp. You probably should look at CISSP and/or CISM instead.

Based on your description of your experience, you ought to qualify for CISSP.

Infosec_Sam

akxshay said:

show previous quotes

LonerVamp said:

I'd strongly suggest you look at the CISSP experience requirements again, and look back on your previous work experience. Did you deal with identity (accounts)? Anything with patching systems, secure coding, authentication, cryptography/encryption?

After an MBA, a Security+ is going to sound a bit entry-level, but you're also going to be coming out into the field with an MBA which is going to be beyond entry-level. For this, I'd again make sure to not sell yourself short on your previous IT experience and try to nudge into non-entry-level positions this way.

I think CISSP, CISA, and CISM should be goals as soon as you feel comfortable doing them.

Thanks a lot for your response.

I  too am worried that I might end up under selling myself post my MBA. My natural inclination was towards CISSP, CISM and CISA (in same order), but I was not sure about the experience requirements.

It's my understanding that the CISSP associate certification (what you get when you pass the test but don't meet the experience reqs) still pulls a bit of wight. The CISM/CISA are both great choices as well. Since no one has mentioned these yet, I'd like to bring up GIAC's certifications as another option. They have a couple of certs aimed more towards developers, so those might be good options to build on what you've already accomplished. I'm thinking the GSSP and the GWEB would both be of interest to you.

yoba222

Security+ where you are right now sounds like a great way to put a decent cert on your CV without being too time consuming. I think CISSP would be a bit of a stretch right now and you'll have plenty of time for that once you land a full time paying infosec job. That internship I think will help out massively getting your foot in the door.

akxshay

paul78 said:

show previous quotes

akxshay said:

Thanks for your response.

I have worked on IBM middleware tools such as DataPower, Message Broker, MQ etc. using XML, XSLT, ESQL etc.

I am not sure whether I would want to go back to pure technical role post my MBA. 

If you're not interested in a pure technical role, then I would agree with @LonerVamp. You probably should look at CISSP and/or CISM instead.

Based on your description of your experience, you ought to qualify for CISSP.

Thanks again Paul!

akxshay

show previous quotes

It's my understanding that the CISSP associate certification (what you get when you pass the test but don't meet the experience reqs) still pulls a bit of wight. The CISM/CISA are both great choices as well. Since no one has mentioned these yet, I'd like to bring up GIAC's certifications as another option. They have a couple of certs aimed more towards developers, so those might be good options to build on what you've already accomplished. I'm thinking the GSSP and the GWEB would both be of interest to you.

Thanks Sam for your valuable inputs!

The certifications you have mentioned are quite technical. I already have decent software development experience, and do not want to get back to similar role after my MBA.

I have planned to start with Security+, and will then eventually move on to CISSP. I want to do something which helps me enter the Cybersecurity field, and an entry level certification such as Security+ will help me build a strong foundation.

akxshay

yoba222 said:

Security+ where you are right now sounds like a great way to put a decent cert on your CV without being too time consuming. I think CISSP would be a bit of a stretch right now and you'll have plenty of time for that once you land a full time paying infosec job. That internship I think will help out massively getting your foot in the door.

Thanks for your response. I have decided to do exactly the same thing.

I have started preparing for Security+, and will hopefully get this out of the way very soon and get a couple more certifications before I resume my MBA term in September.

These will give more credibility to my profile and lay a strong foundation for my prep towards CISSP, CISM etc.

Infosec_Sam

akxshay said:

show previous quotes

yoba222 said:

Security+ where you are right now sounds like a great way to put a decent cert on your CV without being too time consuming. I think CISSP would be a bit of a stretch right now and you'll have plenty of time for that once you land a full time paying infosec job. That internship I think will help out massively getting your foot in the door.

Thanks for your response. I have decided to do exactly the same thing.

I have started preparing for Security+, and will hopefully get this out of the way very soon and get a couple more certifications before I resume my MBA term in September.

These will give more credibility to my profile and lay a strong foundation for my prep towards CISSP, CISM etc.

That sounds like a great plan! It's never a bad idea to cover the basics first - just make sure to keep us posted with your progress!

craig009

I have started with security + too which is a good footing for CISSP. I had a BSC MSC ,ITIL foundation and CTFL.However after carefully consultations from versed and experienced guys in the field .I was told the roadmap is Security+ 501 . 
Hopefully I passed it soon and experienced experts on here will show me more route towards passing the CISSP next .
So I will say the decision to take the Security+ is a good step to be honest .Good luck with studies and keep us posted with development

TrunksXV

I would go for Security+ and CySA+ and CASP+ as a start, after you've gotten some experience with doing some of those tests, then perhaps you can go for the CISSP. I'm right with the other posts, perhaps you should check if your paid experience that you already have gotten will count towards the requirements for taking the CISSP. Otherwise what you have already done seems impressive enough at least on paper. 

SteveLavoie

You can go for Sec+, it is an easy exam. However have you thought about CSSLP, it is the ISC(2) certification for secure software development. It would be easier to map your experience to their experience requirement.