What certification should I undertake next?

I'm currently a security engineer that gets involved in producing security design artifacts and provide general security consultancy. This is reflected in my wide variety of certifications (see signature). I was studying for CCSP and I was exam ready but I have rescheduled that for the end of the year due to the coronavirus.

I was wondering if anybody has any recommendations on what I should do next to "future proof" myself, I'd likely still want to be in a design/architecture consultancy type role in the future. I was thinking doing the Azure cloud certifications as my company is utilizing Azure but at the same time I really enjoy pen testing and could spend my time enhancing those skills through HacktheBox but without any certifications sadly.

Any thoughts?

Find more posts tagged with

Comments

Reef-Tip

Hi,
I have just completed and obtained my GCIH. This was great training and I would highly recommend this or any of the SANS training. However, it would depend on the budget, as it was costly.

I see that you have an OSCP. How was the process of obtaining that, as I am about to start?

deltzy

Reef-Tip said:

Hi,
I have just completed and obtained my GCIH. This was great training and I would highly recommend this or any of the SANS training. However, it would depend on the budget, as it was costly.

I see that you have an OSCP. How was the process of obtaining that, as I am about to start?

Wish I could afford GIAC courses but my company just don't pay for it!

OSCP was quite a journey, I personally put a lot of hours in over about 4 months before completing it. Again depends on your previous experience, I had never used linux command line before OSCP. Would highly recommend it, was tough but rewarding.

SteveLavoie

many company or MSP/VAR need Cloud Consultant and Cloud Security Consultant.. so you have a nice bunch of general security cert, I would complete this with some certification from the cloud provider you want to specialize in.

DatabaseHead

SteveLavoie said:

many company or MSP/VAR need Cloud Consultant and Cloud Security Consultant.. so you have a nice bunch of general security cert, I would complete this with some certification from the cloud provider you want to specialize in.

This right here!

@deltzy - Your thoughts in regards to Azure could certs is a good one IMO.

deltzy

Thanks all, I've started studying for the AZ-500!

SteveLavoie

And a nice strategy also, is to specialize into one provider (Azure by example) and at least get a basic certs on AWS. This way, you can advise and don't sound like a fan boy of Microsoft.

chrisone

You can pentest cloud technologies....

That is the route I am heading towards. Azure/O365 & AWS Security mixed in with cloud pentesting.

deltzy

SteveLavoie said:

And a nice strategy also, is to specialize into one provider (Azure by example) and at least get a basic certs on AWS. This way, you can advise and don't sound like a fan boy of Microsoft.

This is exactly my plan! I'm assuming most of these security concepts in the cloud are pretty similar across all providers, just different terminologies and way of achieving those controls.

chrisone said:

You can pentest cloud technologies....

That is the route I am heading towards. Azure/O365 & AWS Security mixed in with cloud pentesting.

Interesting path! When you say pentest cloud technologies, what exactly are you referring to? For example you can test applications which have been deployed in the cloud.

SteveLavoie

@deltzy and to have worked with both, you need to get familiar with AWS and Azure. and at least know the name of the equivalent service. Azure use some rather generic name that are easy to guess their purpose, however AWS are using mostly codename.. For example, Route 53 for DNS, or other codename that are not as explicit.