What certification should I undertake next?

deltzydeltzy Member Posts: 34 ■■■□□□□□□□
in General Certification
I'm currently a security engineer that gets involved in producing security design artifacts and provide general security consultancy. This is reflected in my wide variety of certifications (see signature). I was studying for CCSP and I was exam ready but I have rescheduled that for the end of the year due to the coronavirus.

I was wondering if anybody has any recommendations on what I should do next to "future proof" myself, I'd likely still want to be in a design/architecture consultancy type role in the future. I was thinking doing the Azure cloud certifications as my company is utilizing Azure but at the same time I really enjoy pen testing and could spend my time enhancing those skills through HacktheBox but without any certifications sadly.

Any thoughts?
CISSP | OSCP | CREST CRT & CPSA | CCSKv4 | SEC + | CCENT | CISMP | AZ-900
In Progress: CCSP, AZ-500

· Share on FacebookShare on Twitter

Comments

  • Reef-TipReef-Tip Member Posts: 8 ■■■□□□□□□□
    Hi,
    I have just completed and obtained my GCIH. This was great training and I would highly recommend this or any of the SANS training. However, it would depend on the budget, as it was costly. 

    I see that you have an OSCP. How was the process of obtaining that, as I am about to start?
    · Share on FacebookShare on Twitter
  • deltzydeltzy Member Posts: 34 ■■■□□□□□□□
    Reef-Tip said:
    Hi,
    I have just completed and obtained my GCIH. This was great training and I would highly recommend this or any of the SANS training. However, it would depend on the budget, as it was costly. 

    I see that you have an OSCP. How was the process of obtaining that, as I am about to start?
    Wish I could afford GIAC courses but my company just don't pay for it!

    OSCP was quite a journey, I personally put a lot of hours in over about 4 months before completing it. Again depends on your previous experience, I had never used linux command line before OSCP. Would highly recommend it, was tough but rewarding.
    CISSP | OSCP | CREST CRT & CPSA | CCSKv4 | SEC + | CCENT | CISMP | AZ-900
    In Progress: CCSP, AZ-500

    · Share on FacebookShare on Twitter
  • SteveLavoieSteveLavoie Member Posts: 899 ■■■■■■■■□□
    many company or MSP/VAR need Cloud Consultant and Cloud Security Consultant.. so you have a nice bunch of general security cert, I would complete this with some certification from the cloud provider you want to specialize in. 
    · Share on FacebookShare on Twitter
  • DatabaseHeadDatabaseHead Teradata Assc 16, CSM, MS Access 2016, 2019 Member Posts: 2,587 ■■■■■■■■■□
    edited May 22
    SteveLavoie said:
    many company or MSP/VAR need Cloud Consultant and Cloud Security Consultant.. so you have a nice bunch of general security cert, I would complete this with some certification from the cloud provider you want to specialize in. 
    This right here!

    @deltzy - Your thoughts in regards to Azure could certs is a good one IMO.



    · Share on FacebookShare on Twitter
  • deltzydeltzy Member Posts: 34 ■■■□□□□□□□
    Thanks all, I've started studying for the AZ-500!
    CISSP | OSCP | CREST CRT & CPSA | CCSKv4 | SEC + | CCENT | CISMP | AZ-900
    In Progress: CCSP, AZ-500

    · Share on FacebookShare on Twitter
  • SteveLavoieSteveLavoie Member Posts: 899 ■■■■■■■■□□
    And a nice strategy also, is to specialize into one provider (Azure by example) and at least get a basic certs on AWS. This way, you can advise and don't sound like a fan boy of Microsoft.
    · Share on FacebookShare on Twitter
  • chrisonechrisone Senior Member Member Posts: 2,141 ■■■■■■■■■□
    You can pentest cloud technologies.... :smile:

    That is the route I am heading towards. Azure/O365 & AWS Security mixed in with cloud pentesting. 
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (completed)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eWPT (failed 2x, no further attempts), eCIR (complete), eCTHPv2 (report: awaiting results), eCPTXv2 (Dec)
    2021: AZ-500, AZ-104, AZ-204, AZ-303, AZ-304, MS-500
    · Share on FacebookShare on Twitter
  • deltzydeltzy Member Posts: 34 ■■■□□□□□□□
    SteveLavoie said:
    And a nice strategy also, is to specialize into one provider (Azure by example) and at least get a basic certs on AWS. This way, you can advise and don't sound like a fan boy of Microsoft.
    This is exactly my plan! I'm assuming most of these security concepts in the cloud are pretty similar across all providers, just different terminologies and way of achieving those controls.

    chrisone said:
    You can pentest cloud technologies.... :smile:

    That is the route I am heading towards. Azure/O365 & AWS Security mixed in with cloud pentesting. 
    Interesting path! When you say pentest cloud technologies, what exactly are you referring to? For example you can test applications which have been deployed in the cloud.
    CISSP | OSCP | CREST CRT & CPSA | CCSKv4 | SEC + | CCENT | CISMP | AZ-900
    In Progress: CCSP, AZ-500

    · Share on FacebookShare on Twitter
  • SteveLavoieSteveLavoie Member Posts: 899 ■■■■■■■■□□
    @deltzy and to have worked with both,  you need to get familiar with AWS and Azure. and at least know the name of the equivalent service.  Azure use some rather generic name that are easy to guess their purpose, however AWS are using mostly codename.. For example, Route 53 for DNS, or other codename that are not as explicit. 
    · Share on FacebookShare on Twitter
Sign In or Register to comment.