What certification to go for next?

I'm currently working as a security consultant/security engineer, and have been doing so for about a year and a half. Before then I had no prior security experience. I've been working hard trying to gain some certification and I've got the following in order:

CISMP, CompTIA Sec +, CCSK and most recently OSCP. I've also got my CCENT exam booked in very soon.

Just wondering on what I should do next, happy to hear thoughts. I've got no desire to move role currently as I enjoy my role, but I've got an opportunity to build my certification list/knowledge to make finding a role in the future easier. I don't want to do any more networking or any of the management type exams (CISSP, CISM) but open for anything else.

I was thinking either Linux+, CASP+, AWS or maybe OSWE but the don't think I can commit the time for that exam just yet.

Cheers!

Find more posts tagged with

Comments

NetworkNewb

You just named 4 certs that deal with different areas... I'd choose the one that most aligns with your current work and what you enjoy doing. Depending on what exactly you work on, some of those certs would be pointless to get.

deltzy

My role requires me to have a little bit of knowledge in everything hence the range of certifications. The penetration testing stuff I just do because I enjoy it and it better enables me to think about how malicious actors can attack systems.

I have no need to specialize in anything at the moment, although with everything moving to the cloud it may be good to get some AWS Security type certifications under my belt. Linux + will help penetration testing type activities and CASP+ will just reinforce my broad knowledge across everything security. That's my logic anyway!

NetworkNewb

deltzy said:

I have no need to specialize in anything at the moment, although with everything moving to the cloud it may be good to get some AWS Security type certifications under my belt. Linux + will help penetration testing type activities and CASP+ will just reinforce my broad knowledge across everything security. That's my logic anyway!

If you do work specifically with AWS than sure that sounds like a good idea. If you wanted a general cloud security cert I would go for CCSP.

I wouldn't get Linux+ just to get better at pen testing personally.

I also wouldn't get CASP but that just me. Don't think the cert adds a lot of value. (not that the knowledge in it isn't useful, but I'd just a video or read a book if I just wanted the knowledge)

Really your answer is gonna be whatever area you enjoy working in and what subject do you want to prove to others your most knowledgeable in. Then get a well known certification in that subject.

yoba222

How about eCPPT? From what I've heard it covers some ground not thoroughly covered in OSCP.

NetworkNewb

I've heard people taking the eCPPT as kinda a warm up before studying for the OSCP. Never the other way around. Since you got your OSCP, why not try for the OSCE as your next pentest cert? That one would impress some people. I would be surprised if I ever met someone outside of this forum who has heard of the eCPPT. No one but you is most likely going to care if you pass that.

Certifications can be a good way to learn a topic, but they are mostly to impress others (HR, managers, potential clients). IMO, try and stick to big ones that people have heard of. (my company paid for my GISP cert is the only reason I have it)

CISSP is always a good one to have in IT Security. Whether you have intentions to be a manager or not.

deltzy

I've also heard eCPPT is sometimes used as a pre-OSCP exam, not sure how much that would benefit me.

Certifications for me is both to impress others but also drive me to actually learn and memorize concepts as I've got to go over them again and again for the exam. This is sort of the reason I would like to do CASP+ even though it might not look that impressive or add too much to my CV.

Having a little think I think I'm going to go for the Crest CPSA next which will give me the Crest CRT through the OSCP equivalency, as I am based in the UK.

I'll re-examine what I want to do next once I've passed the CPSA, but happy to hear thoughts from anybody else!