Far too many people think they can get into security without a firm understanding of what they are securing. So the question is do you know your basic Windows and Linux, how to configure a basic wireless router, can understand a basic script? At a meeting the other day it was brought up how so many auditor are rather worthless because they don't understand what they are auditing and it becomes less of an audit and more of. a rubber stamp.
To me a strong foundation is worth more than any certification.
Just my .02
John-
@alywingoh86 wrote:
I am currently working as the Head of Legal Risk Compliance and Procurement Operations in a fintech and am looking to broaden my scope into cybersecurity.
We seem to get a lot of these types of questions these days. While there are many routes into information security, more so than a lot of other disciplines, it's more something you do rather than learn. I'd liken it to becoming a certified auto mechanic or something. At some stage, you have to get under the hood and really apply yourself. As you do, you discover your aptitude and interest. I would follow your curiosity more than a specific cert. What's motivating you to get into this area? Find a way to dig into that curiosity deeper, whether within your current company or just experimenting on your own.