|
I was hoping I could get some advice in what certs I should aim for after security+ if I'm hoping to be in more of a consilting or management gig long term? I was on the admin side of IT for a long time, where I finished mcsa 2003-16 and some cisco and comptia certs. It's nice to know how the systems and networks work and what actual admins are up against because it makes admins mire comfortable when I can speak their language and relate to their struggles. But I don't know if pentest+ vs cissp vs something in cmmc is more relevant at the moment? I feel like they all demonstrate different value to different roles? Is there something beyond security+ that would be must have for most serious security engineers? There are a lot of auditing and assessment certs for cmmc that require technical knowledge butthose roles also seem to require a lot of ability to talk people into your point of view.
|
#
¿
Oct 19, 2021 01:16
|
|
|
|
| # ¿ May 22, 2024 07:14 |
|
|
Cup Runneth Over posted:Yeah, even "requirements" are nothing more than a wishlist. If you think you can do the job, apply. If they have no one else they will consider you. We posted a job that any experienced admin could do about 6 months ago and got 2 candidates within the first several weeks. We hired the candidate that didn't want help with relocation expenses to move halfway across the country. As a case in point that HR isn't the only department who doesn't know what to put into the job description: the person we hired reportedly checked "almost none" of the boxes in the credentials in the job description but they were a dream candidate to find when our team finally got their resume and this person fixed something in the first 2 months that our "SME" had been working on for about 2 years with no success. Companies hire bad candidates all the time because they: Already had clearance Already had an expensive cert Already had a "manager" title Already "managed" 2 or more people Already "did" security somewhere else
|
|
#
¿
Aug 2, 2022 15:14
|
|
|
Earlier today I had an admin try to tell me that the dev environment they manage didn't need a documented security baseline because putting it behind VDI desktops was enough of a mitigation. Yes, I'm sure that's what the CMMC auditors will agree with when they ask why this node of our in-scope systems has no documented baselines. I'd wish that all the mouthbreathing, knuckle-dragging, lazy-as-gently caress admins would just get paid to stay home but then we'd have like 1/25th of the staff needed to do anything.
|
|
#
¿
Apr 23, 2024 18:25
|
|
|
I didn't get a job in "IT Security" until 3 years ago because... 14 years ago, when IT security started being buzz word and companies started rolling out CISSP paper mills, I figured these the engineer/admin field and "security" field was about merge. I was doing "IT Security" (automating audit alerts, writing SOPs, writing POA&Ms for my boss because he wanted to see what big issues were out there and when I'd have them fixed) becuase otherwise I got to spend entire weekends rebuilding environments. I was not just wrong. I was what I now refer to as "gently caress-me-in-the goat-rear end" wrong. Now, I have to defend why someone should hire me instead of someone who's been a "security analyst" for 5 years but can't make a network diagram or someone who's got a CISSP but can't or won't run an incident response exercise. Get your CISSP or some high level security cert yesterday, folks. I mean some places now have rolled toward DevSecOps, but good luck finding them. tadashi fucked around with this message at 19:16 on Apr 23, 2024 |
|
#
¿
Apr 23, 2024 19:14
|
|
|
Cannon_Fodder posted:I'm not a fan of Oracle, atlassian, or loving Palo Alto right now I love how smug I feel when I don't get an interview for an infosec job I applied for and then the company has a huge information security issue. There's probably no difference I would have made, but they don't know that 
|
|
#
¿
May 6, 2024 13:56
|
|
|
I finally registered to take the CISSP. I've used the official study guide, some classes, Destination CISSP, CISSP flash cards, podcasts. Basically everything I can think of other than actual Brain Dumps/test banks. Any last advice from anyone?
|
|
#
¿
May 6, 2024 18:17
|
|
|
|
| # ¿ May 22, 2024 07:14 |
|
|
Execs: We have a meeting on Monday in conference room x. Security: When is the meeting? Who is coming? What company do they work for? Execs: We have a meeting on Monday.
|
|
#
¿
May 13, 2024 15:31
|
|