Congratulations on your CC. I would not recommend against reading CompTIA materials, but I would not recommend taking the exams. While I have helped hundreds get their Security+, it no longer differentiates a candidate. The last brag saw from CompTIA was 700K certified in Security+. So that is the competition, and they have completely flooded the job market. A+ is worse. Besides the materials being very out of date, it takes 2 exams making it much more expensive than Security+. People who come to me can pass the first exam but not the second. The maintenance fee for Security+ is $50 a year. It is much more complicated and frustrating to do continuing education with CompTIA than ISC2. As far as a next certification, I would suggest the SSCP. It is very similar in content to Security+ but is much less expensive ($249 vs $404) and no performance based questions. You will only have one continuing education system to deal with. ISC2 is much easier and more flexible for earning continuing education. The annual maintenance fee goes up to $135 but would be paying $100 for both your CC and CompTIA. That amount never goes up even when you earn the CISSP.

Not keeping to your format, but look in your area for active cybersecurity chapters, and attend meetings. People there will have a much better idea of local job opportunities. Join no cost organizations such as Infragard and CSA. Even if they don’t have active local chapters, you will get other information and can list the memberships on your resume.

Congratulations on earning your ISC2 CC certification!

 

Next, I recommend you study for and pass your CompTIA Network+ and Security+ certifications. These certifications do not have a work experience requirement for earning the certification.

 

An ISC2 SSCP certification cannot be earned until you have completed one of the following:

 

- One year of cumulative work experience in one or more of the domains of the ISC2 SSCP exam outline; or

- A college degree in Computer Science, Computer Engineering, IT, MIS, or another approved related curriculum; or

 

If you pass your SSCP exam but do not have one of the above, you will earn an Associate of ISC2 designation until you have completed the required experience.

 

Since you mentioned transferable auditing skills, I recommend you look into the ISACA CISA certification for later on in your career.

 

Let me add to the comments of both @Spirnia and @nkeaton made.

I would advise you to look into the different types of cybersecurity roles.  Without a lot of technical knowledge, some may not be a good fit for you.  As you noted your experience in the area of audit, and feel that compliance, such as security audit and assessments may be a good fit for you.  Take a look at ISACA.  While their CISA cert isn't something you can get now, some of their audit related certificates (and the training for them) maybe a good fit.

For more technical training, tho it IS expensive, there is the SANS Institute.  Look at their "work study" program to lower the costs.

While I would not recommend getting the A+ cert, I do think getting the Sec+ and Net+ certs a good idea.  Regardless that there are just TOO many Sec+ holders out there, too many companies respect it more so then the CC.  So having it you avoid being ignored.  I would agree that looking to the future of getting the SSCP and CISSP a good idea.

I also encourage getting involved with local groups.  Look for local chapters of ISSA, ISC2, ISACA, and the like.  I'd also recommend Infragard as well.  Attend local events, especially BSides Conferences, which often will have a job track or the like, and local recruiters and consultant companies who may be hiring.  In getting involved with local groups, please realize that this is a long-term investment in your networking.  Don't expect an immediate payoff, but I know of many who have gotten their 2nd, 3rd, etc jobs thru their networking connections (myself included).  It's just not going to happen overnight.

Finally, if you DO want to get into more GRC type roles, you WILL need to become more knowledgeable about various standards, frameworks, and regulations.  This means getting up to speed on things such as the CIS Controls, NIST RMF and NIST CSF, ISO/IEC 27001, PCI-DSS, et al.  For some of these there are courses and even certificates, and while learning about some of these can be low cost, this isn't always the case.

Hope this helps.

As @emb021 has said, find local chapters of (ISC)2, ISACA, Infragard, etc. and attend their meetings.  Talk to folks at these meetings.  Ask about volunteer positions that you may be able to pick up.

 

I would recommend that you apply for the SSCP, (you did state that you recently graduated), so you would have the pre-requisite.

 

I would also say that you should take some basic IT courses.  CompTIAs A+ and Net+ are good places to pick up information and new skill sets..

 

ISC2, also offers a  number of certificates (not certifications) that you could take to augment your existing skill set.

 

https://www.isc2.org/professional-development

 

The organisation also offers a number of Express Courses that might assist you in defining "who you are" to a potential employer.

 

Regards

 

d