Re: Many certs Little experience

AbduBahira · ‎10-18-2024

I wanted to ask what my chances of getting a mid tier security job with the following experience:

https://www.linkedin.com/in/abderraouf-bahira-3485631b1/

The situation is that I have 4 years of experience in non security, IT related Jobs. I have 5 decent certifications including Sec+ Pentest+ and CISSP. I have not yet graduated college but am looking for a mid tier security job, whether that's red team or blue team.

Is it reasonable to chase after mid tier sec jobs with this portfolio?

nkeaton · ‎10-18-2024

I am not going to look at the profile, but my first question is how did you get a CISSP without the required experience? Private industry followed DoD in this current valuing certifications situation. Fortunately DoD has changed that stance, and hopefully private industry will follow again. Currently certifications are only relevant if the person does not have experience and education. Unfortunately because of the prior mess, Security+ is not a good differentiating factor for employment candidates as the job market has been flooded with them. CompTIA embarrassingly bragged about over 700K+ Security+ holders the last time that I looked. That is the competition. Without at least 5 - 10 years of work experience, you will not find anything other than entry level, and there are way too many people competing for those. The Pentest+ might help you get into a SOC or NOC, but it will be entry level. Unfortunately the ads about so many jobs is not the complete truth. Most of those jobs would require years of relevant experience. So they are only telling half truths. It bothers me every time that I hear one of those ads.

dineshmuppidi

Hi @nkeaton ,

I am going to complete my masters in cybersecurity in couple of months now, I am still trying to figure out how to become job ready. I have planned to take the security+ certification but as you mentioned in the comment I have noticed that every one has that certificate and we cannot stand out with just that one certification. If I choose to do CISSP I would need experience in Security field which I do not have. Could you please suggest me on how do I proceed now. What to do or how should I gain the experience so that I can get hired by someone ?

nkeaton

I would suggest the CC which is no cost for most (self-study training and exam voucher). Then after passing that I would suggest the SSCP which only requires a year to be fully certified. It is very similar in knowledge to Security+ but costs less ($249 vs $404) and has no performance based questions. These 2 create an excellent path towards the CISSP. I would emphasize on resumes that are ISC2 certifications and your ambition to become a CISSP.