Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Parn
Newcomer I
Thursday
Thursday

Advice Needed: Cybersecurity Career Growth & Certification Pathway

Hello everyone,

I’m new to this forum, and I’m excited to join a community where I can learn, contribute, and hopefully grow alongside others who share a passion for cybersecurity.

Let me introduce myself briefly. I’ve been working in the IT sector for about 10-11 years. I hold a higher education diploma in Network and Systems Administrator, I’m currently studying for a university degree in cybersecurity, and I’ve completed certifications such as:

  • MCSA Windows Server 2016

  • Administration and Configuration Exchange Server 2016

  • Oracle Cloud Infrastructure Certified: Architect and Foundations

  • Microsoft Certified: Azure Fundamentals

  • ISC2 Certified in Cybersecurity (CC)

Professional Experience:

  • Helpdesk support technician for 3 years

  • System administrator for 4 years

  • Senior system administrator for 3 years

  • Cybersecurity administrator for 1 year

During my time as a system administrator and senior system administrator, I gained experience in nearly every aspect of IT, including storage, virtualization, cloud (AWS, Azure, and Oracle), networking (design and deployment), backup and restore, system validation, and security (configuring and deploying EDR and XDR platforms). I may not be an expert in every area, but I have a strong working knowledge across these domains and have managed their operations and maintenance.

Over the past year, I decided to pivot my career toward cybersecurity, currently working as a cybersecurity administrator. I am also studying for a degree in cybersecurity and recently earned the ISC2 Certified in Cybersecurity (CC) certification.

Where I need your help:

I’m at a crossroads, unsure which certifications to pursue next or what career path to follow in terms of roles and positions. While I’m clear that I want to advance in Security and Risk Management — assessing and protecting organizational infrastructure, ensuring compliance, and identifying security gaps — I’m less clear on how to prioritize certifications and define a path for career progression. For instance, should I aim for the CISSP next, or is the SSCP a better step for someone with my background?

If anyone could offer guidance on certification paths and role progression based on my experience, I would greatly appreciate it.

Thank you in advance for any advice, and apologies for the long post!

Reply
0 Kudos
5 Replies
ericgeater
Community Champion
Thursday
Thursday

Hola!  It looks like you have a broad pedigree of background in different technologies, but the thesis statement in your post appears to be

 

I want to advance in Security and Risk Management

 

The SSCP would be excellent if you were staying in an administrative role.  But if you're moving toward security and risk management, I would go with CISSP.

 

Good to have you in the community!  Let us know how you fare.

-----------
A claim is as good as its veracity.
Reply
Parn
Newcomer I
Thursday
Thursday

Thank you so much for your feedback!

I also believe that going for the CISSP is a bigger leap, but I think with the background I have, even if I’m not an expert in all the domains covered by the CISSP, if I come across a topic or domain I’m unfamiliar with, it will just take me more time to study. However, with my overall experience and background, I believe I’ll find it easier to understand. Do you agree?

By the way, do you have the CISSP certification? I’d love to ask if you know of any good sources for study materials, practice exams, or tips.

Thanks again!

Reply
0 Kudos
emb021
Advocate I
Thursday
Thursday

In addition to looking at either the SSCP or CISSP (CISSP is better known), I would also recommend you take a look at certifications from other orgs, in particular ISACA and SANS/GIAC.  With ISACA you might benefit from CISA or CISM (way better known then ISC2's ISSMP cert), maybe also their CRISC.  With SANS they actually have career path maps and which of their certs tie into them.  Further with SANS, there is the associated SANS Educational Institute with is an accredited degree granting institution with bachelors, masters, and undergrad and grad certificates tied to their certifications.

Both of these orgs are DOD approved, as well as having ANSI/ISO/IEC 17024 certified certifications.

 

You didn't indicate what area(s) of infosec you want to specialize in, and there are certs out there that tie in that may help.  But not knowing that, we can't recommend stuff.  But for me, ISC2, ISACA, and SANS are all legit groups.  Sadly, there are a few out there I'm not so positive about.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
Reply
ericgeater
Community Champion
Thursday
Thursday

Absolutely!

 

Let's start with the freebies:

 

@rslade just finished a fantastic video tutorial where he walks around the place where he lives, teaching the CISSP curriculum.

 

Pete Zerger has a free program also available on YouTube.  I supplemented my CCSP study with his own program.

 

As for books, I passed CISSP after studying the ISC2 CBK for CISSP (I think the current author is Arthur Deane) and Mike Chapple's "Official..." Sybex book (which may now be in ninth edition).  Also pick up Chapple's practice tests.  I found them to be very good.

 

And I wholeheartedly agree with you!

-----------
A claim is as good as its veracity.
Reply
Parn
Newcomer I
Thursday
Thursday

Thank you so much for your thoughtful and helpful response emb021.

Another challenge I’m facing is that I’m not exactly sure which area of cybersecurity I want to focus on, as there are so many options and I’m unsure which one aligns best with my interests. What I’m most passionate about is ensuring that the company has all the necessary software, policies, and cybersecurity measures in place to stay as well protected as possible, while complying with all relevant regulations.

I think the area that fits best with this is Security and Risk Management, but I’m still not 100% sure, especially since there’s a lot of confusion with job titles, definitions, and the way these areas are named. What I do know for sure is that I want to move away from a purely technical role and start steering my career toward something more focused on management or leadership.

If you could offer any guidance on how to find my path or how to transition into this direction, I would really appreciate it.
Reply
0 Kudos