Since quitting my job it has been all about learning for me. As I
mentioned before, this year I really started getting serious about a
timeline to make a move into security. I have been doing more CTFs and
taking classes on things related to security. I've realized that I was
trying to accomplish too much too fast and so I broke down the steps I
plan to take to get into the security field. In no particular order
these are the certs I'm focused on and why.
CEH
---
The CEH is the certified ethical hacker certification. It's something I
probably should have gotten in undergrad but whatever. I have decided
this will be a major milestone in my security certifications. The CEH is
a general overview of how to work with pentesting tools or creating
white hat hackers. It also really helps you get into the mindset of what
you should look for and the tools to use.
I originally wanted my CEH by my birthday. It was a reasonable goal but
things happened and focus was lost. Now I don't have a date goal per se
but I can say that based on how my studying is going I should have it in
the near future. Working on the CEH has helped me setup a lab,
introduced me to some new tools I wasn't previously using, and taught me
better recon skills that I can use in CTFs. Having the CEH makes me more
marketable for jobs such as cyber security analyst, security engineer,
cyber security engineer, and security analyst. There are more jobs that
you can use this cert for but those are what I'm personally looking at
getting into.
AWS Certified Cloud Practitioner {#awscertifiedcloudpractitioner}
--------------------------------
AWS CCP is pretty self explanatory, but it's a certification that says
you understand the basics of using AWS cloud. I have been using AWS for
\~4 years now but I wouldn't say I really understand AWS. Cloud is going
to be really big in the next 1-3 years so it would be great if you know
how to use at least one of the cloud services (AWS, Google, or Azure).
Why did I pick AWS? Well I've never used Azure and didn't like GCP
(Google) when I was using it in grad school. I enjoy creating Alexa apps
and host some sites on AWS so I think it only makes sense that I stick
to something I use frequently.
AWS CCP is going to be really important for me soon. I mention that I
want to work on medical device security a lot. I think that as medical
tech picks up there is going to be a stronger use with the cloud for
easy checking between patients and doctors. An example of this would be
someone with a pacemaker. You would signup for an account on a site
(hosted on AWS), and then from there as things may happen with your
pacemaker your data uploads to the cloud and will alert your doc if
certain criteria are met (lambda functions and sns).
Security+
---------
To be honest I'm not 100% sure what the security+ involves yet. After
talking with [Beez](https://capitalsb.io/) I have decided that this is
very important as I want to move in to contracting work and in
particular government contracting. Now everyone doesn't find this
appealing due to the test and things but I'm not everyone. Plus a lil
sacrifice here and there isn't that bad.
This cert has to be obtained by October for me. I want to secure a
security job by the holidays so come the new year at the latest I have
something to look forward to.
CISSP
-----
Now the cissp is the holy grail of certs. You get this and you can
almost write a ticket anywhere. The hardest part of this test is rumored
to be the cryptology section. Having the CISSP in security is
like\....getting that black badge at defcon (total plug to me heading
that way). I been looking at this cert for like 3 years and honestly
just never felt like I could do it.
The CISSP allows one to do more government consulting in regards to
security (the ultimate goal) and really just lets people know your
serious and know what your doing. I'm fairly positive this is my
ultimate career goal and I'd like to obtain it before or around the time
I graduate with my masters.
------------------------------------------------------------------------
I get this list was super personalized but I hope it gives anyone else
looking at certs an idea of what they could and should go for. Everyone
has different goals and that's cool but don't shoot yourself in the foot
struggling to reach goals if you don't have to.
P.S. Go talk to Beez about career navigation. I know things but she put
me on even more game