An interesting discussion at least ISC2 and CISSP was shown to be best for global recognition!
Cybrary.it topped the charts.
Topic covered extensively on LinkedIn. Definitely helps to look at the ROI (if cert will help towards obtaining a higher level position, higher rate, stand out with the competition, compliment experience, job requirement). Also interesting to look at the numbers of certificate holders (hard to find as well if its a close to accurate count by provider). PMP (1,000,000),CISSP (152,632),CCIE (59,737),CRISC (28,000),CISM (50,000),CISA (160,000)
GIAC (165,000),CEH (11,678),Security+ (600,000),GSE (228),GCIH (4,000), OSCP (25,000). Might be worth to check Amazon/Azure/Cloud certifications as well as more jobs are looking for specific cloud provider experience not generalized. Also depending on where an individual is at in the career, job experience and CBTs might be enough to where maybe at a higher level position (intermediate/journeyman/sr level) a cert is mostly needed to justify the higher labor rate.
Also remember that there can be different "Best" certificates based on where you are in your career journey.
Entry-level ? CISSP is not the one for you. Go with Security+ or other entry level cert.
Not entry level but want to advance your career? Then I would say CISSP is for you.
Want to get to cyber leadership roles or C-level positions in cyber? Then definitely need CISSP.
I'm sure I'm not the only one who has paid for their certs out of there own pocket. I always see SANS on all the lists but ti always just seemed too expensive to even consider. I often wonder if I should stop listing some of my certs like A+ and Network+ just because I have have advanced well beyond that level. I am a life long learner and always will be. I got the CCSP and now I am studying Azure just so I feel a have a proper foundation for the CCSP. I see too many people not getting the proper foundations to really understand thing. I have the bad habit of looking at what I'm missing for positions instead of what I have. People tell me I should be looking at C level, but I see the few things I'm lacking, like not having managed a big budget... any advice on this stuff?
@JKWiniger John, it also depends on your organisation that you work for and their strategic partnerships, and direction. Often clients are the driving force behind, which certifications one achieves and obtains. The example I will give is an initiative driven by my own international organisation across the world. Obtain cloud certifications, regardless of whether it is IBM, AWS, Azure or GCP - just doing them and often they will provide the initiatives and opportunities to do this on a quarterly basis and then they will reimburse the examination fees, as long as you pass. This is driven by annual assessments of the individuals, keeping your growth and development on a steady basis. It up to the individual to take up those opportunities and drive their own careers. Obviously you can opt out, but they will find yourself struggling in a short period of time.
It is also about developing the soft skills, as well, so don't forget those as well, You need to be well rounded being up your experience, often this can be achieved by volunteering to challenge your own self, overcoming fears, and barriers we raise ourselves and taking risks. Only by taking risks, do we learn from our mistakes and gain experience.
Fortunately, they drive this via annual initiatives to keep you developing, and driving your own careers, by providing the opportunities to grow no matter what level you are at the present time.
The emphasis is just don't sit there, look at the strategy, look at the opportunities, volunteer and drive yourself forward. There is so much to learn, pushing yourself forward whilst balancing everything else is an art in itself.
I stopped listing the entry level certs once I surpassed that level and obtained a higher one, UNLESS it was required for a job I was applying for. One of the things I liked about the organization I was at the time I was studying for my CISSP is that they required anyone who was taking the CISSP to have taken and passed the Network+ and Security+ certifications BEFORE they were allowed to attend the CISSP bootcamp and take the exam. My org paid for all three certs and that definitely helped me pass it. Those foundations were helpful in my CISSP journey.
As far as having not managed a big budget, the only way to get that experience is to be in a job that requires you to do it. Ask you boss if you can help with the budget process or shadow them to see what goes into it. Maybe you could ask them to show you how it is done so you understand it better.
If you want to go C-level, make sure you have some business acumen and understanding of people. It helps to be able to play office politics well and be able to support both your team and management's desires. It also helps to be able to make sound decisions and make the tough decisions when you have to. One of the major pitfalls I see in people who either fail at the C-level or aren't making it to the C-level (i.e. applying for jobs but not getting them) are usually they are too strict about security (being a jerk, or not flexible) or they don't know how to communicate the same thing to different levels of audiences.
If you don't have management experience look for roles that lead up to manager experience. In my career path I went from an ISSO role (security officer responsible for security over one system), to an ISSM role (security manager responsible for security over 15 systems). Then I got my first CIO position, which luckily for me I had my CISSP cert and the agency had put that requirement in the job position. The person they really wanted to give the job too didn't have it and wasn't going to get it so they went with the second best option, me.
You could also look for deputy roles or assistant to the CISO roles or a security manager role.
It's funny how at times we don't listen to our own advice that we give others. Someone mentioned something about money to me and without a thought I, if you can properly manage $400 then you can manage $400,000, it's just a matter of a decimal point moving. And it's true because if you are good with money and budgeting in general then you will be fine as the decimal moves.
I have done the AZ-104 and AZ-500, and probably the SC-100 next week just so I need I have a good understanding of the Azure cloud. Years back I used to go to meetups on topics I knew I would never directly work in but I found it very useful when talking with those who did. I allowed me to judge and gauge things much better. I cam considering a new tag line just because of all the C level people I have seen that have no real background or foundation... "You cannot lead or design what you do not understand."
I used to keep my resume at 2 pages, first page education and skills, and the second as employment history. I am now working on turning it into a very streamlined 1 page. I went from a "Summary" heading to a "Profile", but I'm hearing that may not even be needed anymore. Thoughts? And thinking, and I'm not sure I need to state it but "Full resume on LinkedIn"
It's hard for me to figure out what things need to be outright stated and what things are just a given...