Security Can Be Overwhelming
Since quitting my job it has been all about learning for me. As I mentioned before, this year I really started getting serious about a timeline to make a move into security. I have been doing more CTFs and taking classes on things related to security. I’ve realized that I was trying to accomplish too much too fast and so I broke down the steps I plan to take to get into the security field. In no particular order these are the certs I’m focused on and why.
The CEH is the certified ethical hacker certification. It’s something I probably should have gotten in undergrad but whatever. I have decided this will be a major milestone in my security certifications. The CEH is a general overview of how to work with pentesting tools or creating white hat hackers. It also really helps you get into the mindset of what you should look for and the tools to use.
I originally wanted my CEH by my birthday. It was a reasonable goal but things happened and focus was lost. Now I don’t have a date goal per se but I can say that based on how my studying is going I should have it in the near future. Working on the CEH has helped me setup a lab, introduced me to some new tools I wasn’t previously using, and taught me better recon skills that I can use in CTFs. Having the CEH makes me more marketable for jobs such as cyber security analyst, security engineer, cyber security engineer, and security analyst. There are more jobs that you can use this cert for but those are what I’m personally looking at getting into.
AWS Certified Cloud Practitioner
AWS CCP is pretty self explanatory, but it’s a certification that says you understand the basics of using AWS cloud. I have been using AWS for ~4 years now but I wouldn’t say I really understand AWS. Cloud is going to be really big in the next 1-3 years so it would be great if you know how to use at least one of the cloud services (AWS, Google, or Azure). Why did I pick AWS? Well I’ve never used Azure and didn’t like GCP (Google) when I was using it in grad school. I enjoy creating Alexa apps and host some sites on AWS so I think it only makes sense that I stick to something I use frequently.
AWS CCP is going to be really important for me soon. I mention that I want to work on medical device security a lot. I think that as medical tech picks up there is going to be a stronger use with the cloud for easy checking between patients and doctors. An example of this would be someone with a pacemaker. You would signup for an account on a site (hosted on AWS), and then from there as things may happen with your pacemaker your data uploads to the cloud and will alert your doc if certain criteria are met (lambda functions and sns).
To be honest I’m not 100% sure what the security+ involves yet. After talking with Beez I have decided that this is very important as I want to move in to contracting work and in particular government contracting. Now everyone doesn’t find this appealing due to the test and things but I’m not everyone. Plus a lil sacrifice here and there isn’t that bad.
This cert has to be obtained by October for me. I want to secure a security job by the holidays so come the new year at the latest I have something to look forward to.
Now the cissp is the holy grail of certs. You get this and you can almost write a ticket anywhere. The hardest part of this test is rumored to be the cryptology section. Having the CISSP in security is like....getting that black badge at defcon (total plug to me heading that way). I been looking at this cert for like 3 years and honestly just never felt like I could do it.
The CISSP allows one to do more government consulting in regards to security (the ultimate goal) and really just lets people know your serious and know what your doing. I’m fairly positive this is my ultimate career goal and I’d like to obtain it before or around the time I graduate with my masters.
I get this list was super personalized but I hope it gives anyone else looking at certs an idea of what they could and should go for. Everyone has different goals and that’s cool but don’t shoot yourself in the foot struggling to reach goals if you don’t have to.
P.S. Go talk to Beez about career navigation. I know things but she put me on even more game