Hey c/Cybersecurity!
Just looking for some advice on what certifications are worth getting?
I am wanting to steer my career into ICS Incident Response and was wondering what Entry level certs are worth it? I want to get my SANS FOR-508 (GCFA) and SANS ICS-515 (GRID) certifications, however due to the expense of these I am looking to hopefully do some cheaper ones first until I can get the company I work for to pay for them.
I was considering perhaps CompTIA Security+ and CompTIA CySA+ but I don’t know if the time spent towards them could be better invested in another course such as CISSP.
I am Based in Australia and have a Bachelor of Computer Science, and a Bachelor of Electrical Engineering. I have also been working as a Process Control Systems engineer for about 3 years since finishing uni if this helps gives some more context.
Any career advice or recommendations is highly appreciated, I am kind of overwhelmed by all of the options. Also keen to do some more non-certified courses to increase my knowledge, I have been working through a few from Chris Sanders’ recently and want to do more from him.
CISSP is an advanced level certification and although you would be expected to have significant experience behind you to succeed in the exam, you can just cram and blag it - the main issue is you won’t be credible as a CISSP without the corresponding experience.
I recommend the CompTIA certs to get a foot in the door and work towards the CISSP after 3-5 years experience. You could also consider the ISACA CISM cert at that level.
Other courses you could consider would be COBIT5 Foundation, ISO 27001 lead implementer, Cloud Auditing certs and ITILv3 foundation which would round out the more practical CompTIA ones and put your CV on top of the pile for entry level roles.
This is great information thank you!
The SANS ICS courses are the only ones I know that specifically focus on ICS; but yes, do not spend your own money to get expensive certs like those. Your employer should be paying on your behalf. Security+ is worth it if you’re making a lateral move to security.
Hey thankyou for taking the time to reply. Do you think a Security+ cert is worth it with my degrees or should I focus on something different? It sounds arrogant but I have been going through some of the practice exams and they seem pretty basic
It’s essentially a way to get your foot through the door if you’re trying to get into the security field. I guess if you’re planning to switch roles within your current org it’s not really necessary vs trying to get hired at a new company. I haven’t checked how much they cost, but maybe you can try some of the Cisco certs as well?