The other day a friend ask me how should one start a security career? What is the best path, course to study or security certification to go to? Well, my answer always starts with do CISSP certification. Why do I say that ? Why not ISO 27001 why not SABSA?
One simple reason, CISSP cover a lot of domains originally about 10 domains and now squeezed to 8 domains. CISSP to me cover a big ground and good for security generalist and a good introduction to security as predatory course. Second reason is CISSP requires a lot of effort, preparation and time investment to pass the exam. Even when one don’t pass the exam the knowledge gained is valuable and eye open to security world.
So that’s basically my simple reasons. Security over the years have matured and now you can be a specialist in any of the below field
– penetration testing and threat hunting
– incident response
– threat intelligence
– security operations and devOps
– secure development
– cloud security
– security architecture
– Governace, risk and compliqnce
– and many more. All these domains have their own certifications, so find your passion and develop your area of competence and be called an expert. I guarantee you it won’t be overnight success. Good lucky.