What certification should I undertake next?

deltzydeltzy Member Posts: 34 ■■■□□□□□□□
I'm currently a security engineer that gets involved in producing security design artifacts and provide general security consultancy. This is reflected in my wide variety of certifications (see signature). I was studying for CCSP and I was exam ready but I have rescheduled that for the end of the year due to the coronavirus.

I was wondering if anybody has any recommendations on what I should do next to "future proof" myself, I'd likely still want to be in a design/architecture consultancy type role in the future. I was thinking doing the Azure cloud certifications as my company is utilizing Azure but at the same time I really enjoy pen testing and could spend my time enhancing those skills through HacktheBox but without any certifications sadly.

Any thoughts?
CISSP | OSCP | CREST CRT & CPSA | CCSKv4 | SEC + | CCENT | CISMP | AZ-900
In Progress: CCSP, AZ-500

Comments

  • Reef-TipReef-Tip Member Posts: 8 ■■■□□□□□□□
    Hi,
    I have just completed and obtained my GCIH. This was great training and I would highly recommend this or any of the SANS training. However, it would depend on the budget, as it was costly. 

    I see that you have an OSCP. How was the process of obtaining that, as I am about to start?
  • deltzydeltzy Member Posts: 34 ■■■□□□□□□□
    Reef-Tip said:
    Hi,
    I have just completed and obtained my GCIH. This was great training and I would highly recommend this or any of the SANS training. However, it would depend on the budget, as it was costly. 

    I see that you have an OSCP. How was the process of obtaining that, as I am about to start?
    Wish I could afford GIAC courses but my company just don't pay for it!

    OSCP was quite a journey, I personally put a lot of hours in over about 4 months before completing it. Again depends on your previous experience, I had never used linux command line before OSCP. Would highly recommend it, was tough but rewarding.
    CISSP | OSCP | CREST CRT & CPSA | CCSKv4 | SEC + | CCENT | CISMP | AZ-900
    In Progress: CCSP, AZ-500

  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    many company or MSP/VAR need Cloud Consultant and Cloud Security Consultant.. so you have a nice bunch of general security cert, I would complete this with some certification from the cloud provider you want to specialize in. 
  • DatabaseHeadDatabaseHead Member Posts: 2,755 ■■■■■■■■■■
    edited May 2020
    many company or MSP/VAR need Cloud Consultant and Cloud Security Consultant.. so you have a nice bunch of general security cert, I would complete this with some certification from the cloud provider you want to specialize in. 
    This right here!

    @deltzy - Your thoughts in regards to Azure could certs is a good one IMO.



  • deltzydeltzy Member Posts: 34 ■■■□□□□□□□
    Thanks all, I've started studying for the AZ-500!
    CISSP | OSCP | CREST CRT & CPSA | CCSKv4 | SEC + | CCENT | CISMP | AZ-900
    In Progress: CCSP, AZ-500

  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    And a nice strategy also, is to specialize into one provider (Azure by example) and at least get a basic certs on AWS. This way, you can advise and don't sound like a fan boy of Microsoft.
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    You can pentest cloud technologies.... :smile:

    That is the route I am heading towards. Azure/O365 & AWS Security mixed in with cloud pentesting. 
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • deltzydeltzy Member Posts: 34 ■■■□□□□□□□
    And a nice strategy also, is to specialize into one provider (Azure by example) and at least get a basic certs on AWS. This way, you can advise and don't sound like a fan boy of Microsoft.
    This is exactly my plan! I'm assuming most of these security concepts in the cloud are pretty similar across all providers, just different terminologies and way of achieving those controls.

    chrisone said:
    You can pentest cloud technologies.... :smile:

    That is the route I am heading towards. Azure/O365 & AWS Security mixed in with cloud pentesting. 
    Interesting path! When you say pentest cloud technologies, what exactly are you referring to? For example you can test applications which have been deployed in the cloud.
    CISSP | OSCP | CREST CRT & CPSA | CCSKv4 | SEC + | CCENT | CISMP | AZ-900
    In Progress: CCSP, AZ-500

  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    @deltzy and to have worked with both,  you need to get familiar with AWS and Azure. and at least know the name of the equivalent service.  Azure use some rather generic name that are easy to guess their purpose, however AWS are using mostly codename.. For example, Route 53 for DNS, or other codename that are not as explicit. 
Sign In or Register to comment.