topic Re: advice needed in Welcome

advice needed

tinkuhalder — Tue, 19 Aug 2025 16:19:54 GMT

I passed cc exam august 25. I am a self employed personal. what next certification should I choose to gain practical expertise on IT and network security.?

Re: advice needed

ericgeater — Tue, 19 Aug 2025 18:07:01 GMT

Congratulations for passing the exam six days from now

Re: advice needed

emb021 — Tue, 19 Aug 2025 19:09:06 GMT

@tinkuhalder "what next certification should I choose to gain practical expertise on IT and network security.?"

Huh?

Certifications don't get you practical expertise. They basically show that you have knowledge and maybe skills.

What gives you practical expertise is working in the field, ideally in a job or doing volunteer work.

If you are looking for practical knowledge, take a look at the training from SANS, which is pretty expensive.

I would recommend you start networking with infosec professionals locally, thru local groups like ISSA, ISC2, ISACA, etc. They can help you in getting practical experience.

Re: advice needed

tinkuhalder — Tue, 19 Aug 2025 19:15:42 GMT

august 25 mean in august month 2025 year .Thanks

Re: advice needed

tinkuhalder — Tue, 19 Aug 2025 19:21:07 GMT

thank you sir for your reply. I have a small request to you kindly advice me which certification after cc will be good for career path as a SOC analyst.

Re: advice needed

JoePete — Wed, 20 Aug 2025 11:15:22 GMT

To follow on @emb021, there is a gross misconception that certifications precede job experience. That misconception permeates from HR, through job boards, Indeed, etc., but with limited exception, when you get yourself in front of a manager who will be hiring you, that manager will be asking about what you have done, not what you have passed. Good certifications validate experience; they don't substitute for it.

If you are starting in the industry (just passed the CC), prioritize the opportunity for experience. As someone self employed, something that you can bring to a future interview is the diversity of tasks and clients you work with. I am retired now, but I always looked for flexible, curious, self-starters. The folks who graduated college, took a test, and went into a very narrow role with a big organization were always gambles to me. You have to be able to switch hats quickly in this industry and know how to handle pressure. That's not just being a hard worker but also knowing how to turn it off. No one wants to hire someone already burnt out or who will be in six months.

If you want the feathers in your cap, the CompTIA Network+ and/or Security+ were helpful to see; you have to understand networking, but if you have a small business client with multiple subnets, and can explain the challenges and solutions you employed for them, that's the kind of "show me don't tell me" experience that's great in an interview.

Re: advice needed

emb021 — Wed, 20 Aug 2025 14:33:24 GMT

@JoePete excellent points.

There seems to be this prevailing idea in our industry among certain people that certifications are some kind of "golden ticket" to a high paying IT/infosec job.

At best, they get you past the HR gatekeepers to get an interview with the hiring manager. But once you get there, it will be YOUR knowledge, skills, experience, and attitude that will get you the job. NOT your certs.

Re: advice needed

nkeaton — Thu, 21 Aug 2025 04:52:07 GMT

The next exam from ISC2 would be the SSCP. Your AMF will go up but will never increase again no matter how many of their certifications earn. It requires a year of experience, but if you look at the exam objectives, you may already have that. There are not really any good vendor neutral network certifications. I would recommend reading Network+ materials but not taking the exam.

Congratulations on passing your CC.

Re: advice needed

Onam — Fri, 22 Aug 2025 02:48:24 GMT

Nice job on the CC! I’m a security administrator with many years in the field, and honestly, there’s still a lot to learn on the network side. A good next step is CompTIA Security+ to build a solid base, then you can aim for tougher certs like Cisco CCNP Security or Fortinet NSE4—both are hands-on and big in the real world. If you’ve got questions, you can ask anytime.

Re: advice needed

tinkuhalder — Fri, 22 Aug 2025 15:02:38 GMT

thank you sir

Re: advice needed

nkeaton — Fri, 22 Aug 2025 19:50:44 GMT

@Onam I hold a bit of a different opinion. I have held Security+ since 2010 and keep it current mostly because of our employees to better assist them (we have around 800). I have helped several hundred of them earn theirs. The problem is not CompTIA as much as the "schools" that offer it. They put forward what I call the big lie. First there are so many open positions; there are but are not at entry level and would require 5 - 10 years of experience. Can work from anywhere, no way are we letting an entry level cybersecurity person work remotely. Can pick your own hours, definitely will never happen. Big pay, not for entry level. DoD created this mess, and private industry followed. Since the DoD has changed their requirements, I only hope that private industry follows again because experience and education have always been more important indicators. CompTIA brags at over 700K Security+ certified which is actually a pretty embarrassing brag. That's the competition; the job market is flooded with this certification. Security+ no longer differentiates a potential entry level candidate. I definitely never recommend vendor certifications to anyone who is not working in that environment. I do believe that those are both good companies, but their training is often vendor specific. Networking really doesn't have a good vendor neutral/agnostic certification unfortunately. The issue of vendor certifications is even worse when talking about cloud. I know that some CISSPs are offended by the CC like it somehow devalues our certification. I applaud the effort for an actual recognized entry level cybersecurity certification. I am glad to see our AMFs being used for that and volunteered to participate in the pilot program (ELCC). They are up to almost 70K certified in just 3 years. I feel that it is much better for entry level than Security+. I see the CC and SSCP as excellent stepping stones to the CISSP which is the goal of many cybersecurity people. This is just my perspective. I have been working in cybersecurity since 2008. One of my jobs is getting our people cybersecurity certified and to help them keep their certifications. So economies of scale, I stay on top of cybersecurity certifications in order for our people to do their work and am available for their questions and guidance.

Re: advice needed

Onam — Sat, 23 Aug 2025 04:44:58 GMT

@nkeatonI really appreciate your perspective. I agree with you on most points, especially about Security+ being oversold and the CC/SSCP being stronger entry-level paths. At the same time, I think it depends a lot on the career path. If someone needs to build hard technical skills, vendor-specific certs can sometimes be necessary. In the end, it really comes down to where someone wants to go in their career, but I share much of your view.

Re: advice needed

nkeaton — Sat, 23 Aug 2025 11:54:55 GMT

@Onman thank you for your response. There’s no actual right or wrong for sure and of course may depend on the individual as well. As you can tell, I believe in building theory first. Where they go from there will depend on their interests and skills. The worst I see in vendor certifications is always cloud. People will go for one or many vendor cloud certifications without being employed. I think those are best if are working for an organization with that product. My employer does not recognize those but does recognize CCSP and Cloud+. I appreciate your input as well. I am guessing that your work is more hands on which I have a lot of respect for. It takes many skillsets for effective defense in depth.