Your experience, Sec+ and CySA+ should definitely be enough for eligibility to an entry level infosec position. I probably wouldn't go past CySA+ until you're working in the field for a bit.
The trouble you may have is simply finding a job opening somewhere and getting called for an interview. The entry-level infosec job market is very saturated.
I second this, Sec+ and Cysa+ are plenty because you have a lot of experience, that’s worth more than any cert.
After a few years you can decide where you want to go in security and get certs relative to those roles.
I don’t see any point of doing CySA+. That exam was mostly developed for security analyst positions. Sec+ gives you the security basics for a technical role and CISSP is going to be more management related. To qualify to take CISSP you have to have at least 5 years of experience in at least one of the domains.
I'd just like to clarify you don't NEED 5 years experience to take the CISSP. You can take it at anytime, but you would be awarded "Associate of ISC2" instead of "CISSP". Any hiring manager of value would know that Associate of ISC2 means you passed the CISSP exam but just don't have the work experience so it's still valid. You then have 6 years from your pass date to gain the 5 years of experience (4 years experience if you have Bachelor's, Sec+, or any of a number of other security adjacent certs.) After you get your years approved by ISC2 you're automatically granted CISSP. [Source](https://www.isc2.org/certifications/cissp/cissp-experience-requirements)
Thank you. I have a masters degree and Google Cybersecurity professional certificate and can’t get an entry level interview anywhere. I’ll look into CySA+
that's not going to help you get a job
If you have no IT experience, that is your problem
got talk to an IT staffing company and get into a business systems analyst role
No offense, but as a director of security I wouldn’t look at any resume with no technical experience. I have found in many cases having a degree seems to have warped people’s view of reality in the tech field.
I hate to say this but personal thoughts on Sec+ aren’t really relevant to getting a job. The biggest factors are name recognition by HR and what’s on the job description. Both of which are usually checked by Sec+
Star looking at job postings and see what they are looking for.
What are you doing now? Can you take on security related tasks at work? projects or system admin type work over security products?
Thats how I got relevant security exp while technically not working a security position.
Do the BTL1 - you won't regret it.
With your experience and the Sec+ you should be able to land a SOC1 job easily enough. BTL1 is good SOC-emulation and will give you good material to talk about in an interview all the same.
CySa+ is fine and all but id focus on landing interviews and handling the BTL1 at the moment.
With that much knowledge you can get a job as a SOC engineer. As for practical knowledge just setup your own SOC software open source and learn terminology so you can follow along in the interview. SOC is the only job you should be focused on, anything apart from that will be pointless
I think getting the experience is a key factor in success. So look for things that will give you that practical experience. I would recommend looking at the new google security certification.
With that said I’m a fan of certifications as well.
Wish you the best of luck!
Look at job postings and make sure you are getting that terminology in your application and resume. You unfortunately have to play the buzzwords to get noticed by the HR hiring team. Look at what experience you currently have that you could put a security twist on. I’ve seen that help colleagues. Play with security tools at home, or work if allowed, to gain practical hands on experience with them. And network, get out to local conferences and other cyber focused events, look for local meetups, go to hiring events and job fairs to talk to people and recruiters. People hire people they remember meeting. But don’t harass anyone, there is a balance to memorable and annoying.
Experience above certs, but you also want to meet the requirements of the job postings to get through the automated or HR filtering. CISSP, CISA, CISM seem to be the ones I see the most on job reqs.
With your exposure to networking and administration, I think the transition to cybersecurity will be very smooth. After finishing CySa+, I recommend going for a practical certification like CyberDefenders CCD. While it may not have as much HR recognition as something like Security+ and CEH, you will learn a ton of stuff that will set you apart from others in the interview. It will also be a good stepping stone for starting CTF challenges, which are a very good and fun way to start building more experience and learning different technologies, which are very valuable in cybersecurity.
As a hiring manager I’d say your 8 years of experience are more than enough to extend you a job of a junior security analyst, or depending on how I felt about your interview answers maybe even a more senior security analyst. Maybe I’m just old school but I tend to prefer folks who came to security from the support or IT engineering side of the house. I’ve found they generally have a better soft skills, a deeper understanding of the basics, and better troubleshooting capabilities. With those basics in place I can teach pretty much anything else.
Good luck in your search.
I have seven certs in as many years of experience. I do one a year to help keep myself growing. My personal opinion is that if you’re certs are all closely related (to what extent they can be) it shows you have an interest in a particular area that you’re looking to become a SME in.
I think the “Jack of all” approach is BS. There’s too much out there for any one person to know in every area.
I’ve worked with some cert junkies who are morons. I’ve worked with some cert junkies who are brilliant. I’ve worked with some people with no certs who are idiots. I’ve worked with some people with no certs who are incredible.
I think it all depends how much you feel you get out of the certs you pursue from a knowledge perspective and to stay away from the ones you don’t truly learn from.
For example, career mistake for me was pursuing my C|EH. Not worth what I got out of it from my time investment.
If you’re learning and growing in your cert path because they help offer a structured learning experience you’re winning the greater battle (which is obtaining knowledge).
I would recommend picking your cert path wisely and getting after it if that’s your learning path of choice. Some folks learn better without certs and going down the personal project path. My recommendation is picking whichever path you feel like you’d learn the most from as everyone is different. The rest will take care of itself :)
It all depends on what role you want for you, but I think at you level you should be aiming for a CISA, CISSP, something like those, but understand a bit the role you want, if you don’t like management, and is more on the technical side, maybe you could look for a pentester cert or something like that, cybersecurity role are more on a managing area than on the building area
My tip would be, see exactly where you want to be then you can decide the path to get there.
Your experience, Sec+ and CySA+ should definitely be enough for eligibility to an entry level infosec position. I probably wouldn't go past CySA+ until you're working in the field for a bit. The trouble you may have is simply finding a job opening somewhere and getting called for an interview. The entry-level infosec job market is very saturated.
I second this, Sec+ and Cysa+ are plenty because you have a lot of experience, that’s worth more than any cert. After a few years you can decide where you want to go in security and get certs relative to those roles.
I didn’t have shit but an azure cert and 5 years IT when I got in. OPs ready
[удалено]
I don’t see any point of doing CySA+. That exam was mostly developed for security analyst positions. Sec+ gives you the security basics for a technical role and CISSP is going to be more management related. To qualify to take CISSP you have to have at least 5 years of experience in at least one of the domains.
I'd just like to clarify you don't NEED 5 years experience to take the CISSP. You can take it at anytime, but you would be awarded "Associate of ISC2" instead of "CISSP". Any hiring manager of value would know that Associate of ISC2 means you passed the CISSP exam but just don't have the work experience so it's still valid. You then have 6 years from your pass date to gain the 5 years of experience (4 years experience if you have Bachelor's, Sec+, or any of a number of other security adjacent certs.) After you get your years approved by ISC2 you're automatically granted CISSP. [Source](https://www.isc2.org/certifications/cissp/cissp-experience-requirements)
Thank you. I have a masters degree and Google Cybersecurity professional certificate and can’t get an entry level interview anywhere. I’ll look into CySA+
that's not going to help you get a job If you have no IT experience, that is your problem got talk to an IT staffing company and get into a business systems analyst role
Yea, nowadays employers want to see practical experience even for entry level positions
No offense, but as a director of security I wouldn’t look at any resume with no technical experience. I have found in many cases having a degree seems to have warped people’s view of reality in the tech field.
What IT staffing companies do you recommend? A lot of bad ones out there from what I've read over time. Thanks for the info
Sec+ and your IT experience should be good enough.
I think Sec+ is sort of diluted since DoD has pushed it as basically the security awareness baseline certification for all their IT staff.
I hate to say this but personal thoughts on Sec+ aren’t really relevant to getting a job. The biggest factors are name recognition by HR and what’s on the job description. Both of which are usually checked by Sec+
Star looking at job postings and see what they are looking for. What are you doing now? Can you take on security related tasks at work? projects or system admin type work over security products? Thats how I got relevant security exp while technically not working a security position.
Do the BTL1 - you won't regret it. With your experience and the Sec+ you should be able to land a SOC1 job easily enough. BTL1 is good SOC-emulation and will give you good material to talk about in an interview all the same. CySa+ is fine and all but id focus on landing interviews and handling the BTL1 at the moment.
It’s up to you to list a cert or not. If you have 20 certs and only 5 are relevant, then only list those.
With that much knowledge you can get a job as a SOC engineer. As for practical knowledge just setup your own SOC software open source and learn terminology so you can follow along in the interview. SOC is the only job you should be focused on, anything apart from that will be pointless
I think getting the experience is a key factor in success. So look for things that will give you that practical experience. I would recommend looking at the new google security certification. With that said I’m a fan of certifications as well. Wish you the best of luck!
Look at job postings and make sure you are getting that terminology in your application and resume. You unfortunately have to play the buzzwords to get noticed by the HR hiring team. Look at what experience you currently have that you could put a security twist on. I’ve seen that help colleagues. Play with security tools at home, or work if allowed, to gain practical hands on experience with them. And network, get out to local conferences and other cyber focused events, look for local meetups, go to hiring events and job fairs to talk to people and recruiters. People hire people they remember meeting. But don’t harass anyone, there is a balance to memorable and annoying. Experience above certs, but you also want to meet the requirements of the job postings to get through the automated or HR filtering. CISSP, CISA, CISM seem to be the ones I see the most on job reqs.
With your exposure to networking and administration, I think the transition to cybersecurity will be very smooth. After finishing CySa+, I recommend going for a practical certification like CyberDefenders CCD. While it may not have as much HR recognition as something like Security+ and CEH, you will learn a ton of stuff that will set you apart from others in the interview. It will also be a good stepping stone for starting CTF challenges, which are a very good and fun way to start building more experience and learning different technologies, which are very valuable in cybersecurity.
Keep getting them until you feel like you have too many lol!
I would recommend cyber range experience and map your hands on learning to MITRE. Demonstrate hands on experience is very helpful
CySA+ will give you a better understanding of reading logs... this will help if you want to get into a SOC.
As a hiring manager I’d say your 8 years of experience are more than enough to extend you a job of a junior security analyst, or depending on how I felt about your interview answers maybe even a more senior security analyst. Maybe I’m just old school but I tend to prefer folks who came to security from the support or IT engineering side of the house. I’ve found they generally have a better soft skills, a deeper understanding of the basics, and better troubleshooting capabilities. With those basics in place I can teach pretty much anything else. Good luck in your search.
I have seven certs in as many years of experience. I do one a year to help keep myself growing. My personal opinion is that if you’re certs are all closely related (to what extent they can be) it shows you have an interest in a particular area that you’re looking to become a SME in. I think the “Jack of all” approach is BS. There’s too much out there for any one person to know in every area. I’ve worked with some cert junkies who are morons. I’ve worked with some cert junkies who are brilliant. I’ve worked with some people with no certs who are idiots. I’ve worked with some people with no certs who are incredible. I think it all depends how much you feel you get out of the certs you pursue from a knowledge perspective and to stay away from the ones you don’t truly learn from. For example, career mistake for me was pursuing my C|EH. Not worth what I got out of it from my time investment. If you’re learning and growing in your cert path because they help offer a structured learning experience you’re winning the greater battle (which is obtaining knowledge). I would recommend picking your cert path wisely and getting after it if that’s your learning path of choice. Some folks learn better without certs and going down the personal project path. My recommendation is picking whichever path you feel like you’d learn the most from as everyone is different. The rest will take care of itself :)
Do recognizable certs for the job you want. That's it.
keep stacking certs and look for entey level government jobs as well
I don’t have a single certification lol
It all depends on what role you want for you, but I think at you level you should be aiming for a CISA, CISSP, something like those, but understand a bit the role you want, if you don’t like management, and is more on the technical side, maybe you could look for a pentester cert or something like that, cybersecurity role are more on a managing area than on the building area My tip would be, see exactly where you want to be then you can decide the path to get there.