+ Reply to Thread
Results 1 to 7 of 7
  1. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    1
    #1

    Default Path to Begin for Security Professional

    I am the Director of Security for a medium sized business, and have worked in Security for quite some time. I have my CISSP among others. Unfortunately, I am not up to speed on many of the entry level certificates that exist these days. I have a co-worker that has recently worked in sales completing RFP's, but has a lot of institutional knowledge on overall security audit tasks as she has assisted me with SOC 2 preparation among other things. She's a good friend of mine and wants to be out of the Sales role and focus on Security to actually begin a career path. She is a very sharp lady, young and VERY detail oriented. Therefore, I am bringing her onto my staff to assist with SOC 2 audit, internal client security audits, policy work, etc. I will teach her the in's and out's of Risk Assessments, vulnerability scanning and more.

    What would you recommend for certs to learn the basics. I have already recommended the SEC+ cert as well as possibly tackling the GISF. She is NOT highly technical in terms of existing networking/IT knowledge, but she is very knowledgeable of business processes, and security fundamentals. I am essentially taking her under my wing to help her on this path.

    Again, I don't see her being a pen tester or along those lines. What would be the recommended path for non-technical certs that you all recommend. I have my own thoughts, but wanted to really hear from others as my views may be tainted.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2014
    Posts
    161
    #2
    According to the few keywords i could grab from your post, i'd say that something like CISA should be geared towards your needs.. But she might not qualify yet for the required experience..
    Last edited by mokaz; 09-02-2017 at 07:37 AM.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    May 2006
    Posts
    2,027

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #3
    Add ITIL to your list, if she is good with business processes ITIL could elevate her even more. The PMI-RMP might be another one. To get a bit more in-depth beginner knowledge you can also consider the GSEC.
    Reply With Quote Quote  

  5. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    881

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #4
    Security+ for the win. Can't think of a better entry-level learn the basics 101 test or study program.
    Reply With Quote Quote  

  6. Member
    Join Date
    Mar 2015
    Posts
    41

    Certifications
    Security+, CISSP, CISM
    #5
    I think you're on the right path with the Security+ in order to fill out the 'minimum' of the technical areas. Also, it sounds like your co-worker is on, and wants to be on more of the GRC/audit pathway.

    If that is right, then you might also want to consider something like the CCSK if you're also moving into the cloud, but the ISACA CISA, CRISC and CGEIT certs are all options.
    Otherwise, it might help to do some specifics - you say vulnerability scanning etc. Are there Qualys specific qualys that will help in her early years?
    Reply With Quote Quote  

  7. Senior Member stryder144's Avatar
    Join Date
    Nov 2012
    Location
    Denver, CO
    Posts
    1,289

    Certifications
    CompTIA A+, Network+, Security+, Server+, Linux+ and CSA+; MCSA: Windows 7, ITIL Foundations
    #6
    I was going to suggest looking into COBIT 5, by ISACA, but their site is unavailable.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    May 2013
    Posts
    1,265

    Certifications
    CISSP, GWAPT, GSEC, C|EH, CCNA:Security, CCNA:R&S, CCENT, Security+, Network+
    #7
    I too would suggest something like the CISA but after some fundamental knowledge...even if it's just from Sec+ and Net+. CISA is based on processes and managing risk for the business instead of getting into the weeds of technology...but CISA has an experience requirement so it wouldn't help immediately. Eventually the CISSP needs to be on her roadmap because it's one of the big ones to get but at this point it's more of a future thought.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks