Re: Confused on what next to do

Adewalekean · ‎09-29-2023

After getting my certification in CC few months ago, I became totally lost on what next to do. I really need help on how to go about what next to do in this field. The field is so wide that it brings confusion to me, whenever I choose a path, there's always an interconnection of other fields which in very confusing. To get into a path, another path must be completed. It's overwhelming tbh and I need help.

emb021 · ‎09-29-2023

Are you networking with anyone in the field?

If you're not involved with a local infosec group, do so. Look for groups like ISSA or local ones. Also, at most infosec conferences, especially BSides conferences, they'll often have a career track of talks that have people go over the various paths and careers.

Yes, there are many paths, but the thing is, in choosing a path you need to focus on what you like and what you are good at. I don't do pentests, as that doesn't interest me. So I don't go into forensics and the like.

Look at some of the cybersecurity paths from groups like SANS and focus on what appeals to you.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow

Early_Adopter · ‎09-29-2023

In addition to the good advice above. Are you currently working in IT, or do you have any experience in the IT field? It’s good to start here as you can work and be productive as you move into the adjacent space by taking on more tasks pertaining to security.

tldutton · ‎09-29-2023

I highly suggest joining your local ISC2 Chapter. There are ISC2 and non-ISC2 members that should be able to give you a more localized suggestion.

Meh_wish · ‎10-01-2023

The people who are living in the countries where there is no ISC2 chapters ,what do you recommend them in this regard?

Early_Adopter · ‎10-02-2023

@Meh_wish well you won’t be joining an ISC2 chapter in that case… try ISSA https://www.issa.org/ or ISACA https://www.isaca.org/ however you might need to look at forums or places like Reddit etc.

If your purpose is to get employment in the security field then it’s good to have a start in IT first, and work towards a security role.

Lesline · ‎11-15-2023

@emb021

Hello Michael Brown,

Thank you for providing your insights. The question you addressed is one that arises quite often. In an effort to benefit both the platform's community and a broader audience, I extend an invitation for you to join my podcast, which specifically delves into topics like the one you've discussed. Your perspective would be invaluable, and I believe it could greatly contribute to the understanding of others facing similar challenges.

I appreciate your consideration of this invitation.

BugMeNot · ‎01-22-2024

I agree. After several months, I have not seen any benefits to this ISC2 CC. From what I understand, it's very entry level cert to get you locked into ISC2?

It just seems like new entry level initiative, versus EC Council's C|CT , or Google's CyberSecurity Foundations Certificate.

I have had to carve my own road after the ISC2 CC after receiving no guidance. For example, this roadmap of Certifications has been more useful to my understanding: https://pauljerimy.com/security-certification-roadmap/ Also HackTheBox and TryHackMe is better for Practice, where as ISC2 CC is just entry level theory.

I think CompTIA's certificates have better chance at entry level career prospective.

Early_Adopter · ‎01-22-2024

@BugMeNot yes, and an entry level certification CompTIA’s Security+ is objectively more useful in helping you find employment Vs ISC2’s, it’s venerable, has a degree of industry trust and most importantly is listed as required/nice to have in more roles.

I think that at entry level teaching testing skill use is important and both Google’s offering and Security+ do this via simulations - however you have loads of labs available now as well - plus Kali Linux as a tool rich distribution if you’re going for offensive security.

That’s not to say CC isn’t useful(at the moment it is very inexpensive to obtain) however it would likely be better if it was just a certificate - after all why keep up certification effort for something that will nearly always be beaten out by six months on job?