sorry, entered too soon,.
Based on my interests/skillsets, I am leaning towards:
As an Oracle Data Professional, and AWS tech, I have had the opportunity to work on cloud and been involved in SOC2 audits..:)
so I guess, question is: whats best to augment if you would want to enhance/build your contracting/consulting business?
I read about PCI QSA which is awesome, but I would have to be employed by a QSA approved firm
thanks
Hi, based on your profile, I would have thought CISA by ISACA as the natural next step among the ones in your list. I'm quite keen to hear the community view.
CISA might be good for you. I recommend getting involved with your local ISACA chapter, as many offer prep courses for it (mine does). I always recommend people take a look at the application for it to be sure you are doing the work that meets the domains. With the ISACA certs you have 5 years after passing the test to get the experience and submit the paperwork. If you have a degree or certain certs, you can knock off a year or two of that. Also, much of the CPE work you do for CISSP will probably count for the CISA (does for me).
As you're doing cloud work, CCSP might be good, but may be too general. Also look at the AWS certs themselves. Am looking at both myself.
Not aware of any forensic certs right now, unless you look at the SANS/GIAC certs. These can be pricy, sadly.
IF you're doing privacy, take a look at the CIPP. There are actually several of them. One is aimed at IT people, another the privacy people, and they have ones aimed at folks in Europe, US, etc. Some of what I do overlaps, but have only taken a cursory look at it. See if there is a local CIPP chapter that you can drop by and chat with folks.
> oradba888 (Newcomer II) posted a new topic in Certifications on 05-06-2019 09:15
> Subject: What next after CISSP?
Well, as we've pointed out elsewhere, have a look at
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-181.pdf
and you should get lots of good ideas ...
It all depends on where you'd like to go with your career, but having the paper qualification is only part of the picture. It would probably make sense to group them by job family and then decide what sort of career path your hoping to follow:
Pen Testing
CREST Practitioner Security Analyst (CPSA)
CREST Registered Penetration Tester (CRT)
Certified Ethical Hacker (CEH)
Licensed Penetration Tester (LPT) Master
Offensive Security Certified Professional (OSCP)
GIAC Penetration Tester (GPEN)
GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)
PCI
Internal Security Assessor (IS)
Payment Card Industry Professional (PCIP)
Incident Response
GIAC Certified Incident Handler (GCIH)
CyberSec First Responder (CFR)
Engineering
System Security Certified Practitioner (SSCP)
Information Systems Security Engineering Professional (ISSEP)
Auditing
GIAC Systems and Network Auditor (GSNA)
ISACA Certified Information Systems Auditor (CISA)
ISO27001 Internal Auditor
ISO27001 Lead Auditor