Need Advise. Making move to Cloud/Security after 10 years in IT

Hi Everyone,

I have been in Federal IT consulting for about 10 years specializing SharPoint migrations, Office 365 architecture. My primary focus has been on security office 365 data across our big organization while rolling out tools like MS Teams. I am looking to make a move to Cloud architecture and Security and have a couple of questions on what the right certifications to get me going. I have a masters in Network security from 2008 but things have changed dramatically since then. Which of the following options are practical and most effective?

1) Security + and Cloud+ to get a solid understanding of the basics
2) AWS Cloud practitioner and the Microsoft Azure equivalent to it

With 3 small kids my goal is not land a 24/7 night shift SOC role. I did it for 2 years. Iam looking to make the right decision and to invest my time wisely.

Thank you!
J

Find more posts tagged with

Comments

EANx

If you want to do almost anything with DOD or DHS, Security+ is one of your first-stops, other civilian agencies will be hit-or-miss on that requirement.

Both AWS and Azure are big in the Federal space right now. If you simply want to make yourself marketable in the space, you can't go wrong with either but if you work for an agency with a very specialized culture (DOD and State come to mind), you might want to leverage that experience and try to read the political tea-leaves to see which way that agency is headed. Really headed because it's not unusual for an agency to have several cloud initiatives underway at the same time.

rs23

Thank you! That is a great input. I was also looking into something vendor neutral like ISC2 CCSP

LordQarlyn

rs23 wrote: »

Thank you! That is a great input. I was also looking into something vendor neutral like ISC2 CCSP

If time permits it, try to pursue both. The vendor neutral cert shows you have a handle on the theoretical concepts while the vendor specific cert shows you can do something with the knowledge.

rs23

Got it! Kinda newbie question. Do I have to recerify every 3 years or is there a way I can maintain multiple certs with ongoing education?

LordQarlyn

rs23 wrote: »

Got it! Kinda newbie question. Do I have to recerify every 3 years or is there a way I can maintain multiple certs with ongoing education?

That's all specific to the certifying body. I know ISC2 certs you can maintain them by paying the annual maintenance fee and getting the CPEs. Don't know about Amazon certs. Other bodies, such as Cisco, you either have to retake the exam or pass a higher level exam. A few, such as Microsoft, have certs that simply don't expire.

paul78

Just my 2 cents - but given that you already have about 10 years of IT experience, you may not want to bother with the SEC+ unless you want to just take it for the knowledge. Since you seem to have an MS-centric background - you could start with these certs - https://www.microsoft.com/en-us/learning/azure-certification.aspx and perhaps followup with the AWS certs and the AWS security specialty.

rs23

@paul78 thats a good point and you are right. I am wanting to do Sec+ more to brush up on a wide variety of security concepts. I feel like i have been working in a Silo specializing in Office 365.

I have also been thinking long term if its a good idea to have the CISSP. I feel like with my managerial experience it will add value. Any thoughts on that?

Thanks!

paul78

rs23 wrote: »

@paul78 thats a good point and you are right. I am wanting to do Sec+ more to brush up on a wide variety of security concepts. I feel like i have been working in a Silo specializing in Office 365. I have also been thinking long term if its a good idea to have the CISSP. I feel like with my managerial experience it will add value. Any thoughts on that? Thanks!

Hmm - if you are really just thinking of using Sec+ to brush up on concepts. You could just use CISSP for that if you already have a fair amount of knowledge on various IT subject. For me personally, if material isn't new, then I tend to get disengaged very quickly. So you may find that going through CISSP materials to be more interesting.

For context - I never did any certifications for the first 20 years in my career. The first cert that I did was the CISSP.

yoba222

I agree that you're aiming a little too low with the Security+. I also suspect you're being a little too critical of your own knowledge. Sure, your degree is from 2008, but we're still using the same TCP/IP stack from then. Remember back then when we were going to switch to IPv6?

rs23

@yoba222 I see you point! My goal is to switch from what I'm doing to a cloud security architect role that pays well and in demand. Since it's a slight pivot for me I'm trying to figure out what's the right path especially with azure/aws and Google cloud platform. And yes I remember the IPV6 time lol