I should start off by saying I apologize if this isn’t the best forum to ask the following question, or if you get bombarded with these types of requests. I’ve been following /r/CISSP for the last couple weeks as I am planning to begin studying for it after I attempt the ITIL Foundation exam in the next week.
As I’m starting my InfoSec career (I currently have ~2 years work experience), my thought has always been to build a broad foundation of understanding as I feel to really understand/succeed in Security, it requires an understanding of Networking, System Administration, Management/Business, and Tools. Because of this, I’ve started working toward a variety of certifications, and will slowly start building those foundations up, while working on more specific Security certifications too. I currently hold the following certifications, Cisco: CCNA R&S and Security; CompTIA: Security+, CSA+, and CASP; EC-Council: CEH; Microsoft: MCSA 2k12; Splunk: Power User. I’ve run across your idea of “cert-snowballing” and I think it’s a great idea, and builds somewhat on top of what I was already doing.
I plan on continuing this year and trying to attain the MCSE: Cloud Platform and Infrastructure, as well as the Splunk Certified Admin this year after my CISSP (or in my case, Associate of ISC2). There are a lot of other certs I want to work toward after these: LFCS (CentOS), eJPT, CCNP RS/Sec, VMware, and more. But, I thought I would ask if you had any advice or thoughts on how you might recommend me snowballing my certs as my current job works primarily with Splunk/ACAS(Nessus) and I have the ability to study for a wide variety of technologies, whatever I feel would be useful going forward.
I appreciate you taking the time to read this wall of text, and any thoughts/advice you might have.
First off, wow. You’ve built quite the collection of certifications and skillsets already. Congratulations. With the credentials you’ve already obtained, you’re already a formidable candidate. With that said, it looks like you have a wide and varying skillset. I think it’s time you dial it in a little and pick a specialization. It appears network security and perhaps SIEM & Analytics might be something your interested in focusing on? Honestly, pick your what you’re passionate about before anything else. It doesn’t have to be about money. That comes on its own. Figuring out what I want to do long-term is something I’m struggling with myself. I’m trying to decide if I should go for the OSCP or take the CCSP next. I still don’t know what I want to be when I grow up. 🙂
I think additionally, you might want to look into some mentoring. I had some very powerful mentors in the past and wouldn’t be where I am today without them. I’m currently looking to find someone to assist me with taking my career to the next level. I suggest you do the same. https://infosecmentors.net/ is a site I recently discovered. You might want to check that out.
Anyways, my .02: I think you should continue to read /r/cissp and continue to study. However, I think the SSCP would be a better bang for your buck at the moment. You can get the full-fledged certification instead of having to settle for the associate. All the knowledge you’d gain would be applicable to the CISSP anyway. Plus, you can take the remainder of the time to aquire other certifications between now and your 5th year.
Lastly, I think you’d be a really good candidate for a position I’m looking to hire. If you’re interested in working from home, making hella good money, and becoming a thought leader in the industry let me know. I love my job and I think you would too! https://www.cyberark.com/career-search/#!/job_region=35