How to start a security career?

The other day a friend ask me how should one start a security career? What is the best path, course to study or security certification to go to? Well, my answer always starts with do CISSP certification. Why do I say that ? Why not ISO 27001 why not SABSA?

One simple reason, CISSP cover a lot of domains originally about 10 domains and now squeezed to 8 domains. CISSP to me cover a big ground and good for security generalist and a good introduction to security as predatory course. Second reason is CISSP requires a lot of effort, preparation and time investment to pass the exam. Even when one don’t pass the exam the knowledge gained is valuable and eye open to security world.

So that’s basically my simple reasons. Security over the years have matured and now you can be a specialist in any of the below field

– penetration testing and threat hunting

– incident response

– threat intelligence

– security operations and devOps

– secure development

– cloud security

– security architecture

– Governace, risk and compliqnce

– and many more. All these domains have their own certifications, so find your passion and develop your area of competence and be called an expert. I guarantee you it won’t be overnight success. Good lucky.

Author: kinyoka

A certified Information Security professional, with demonstrated experience spanned more than 10 years in financial, banking, consulting, and payment card industries in managing Information Security System Management ISMS. A post graduate degree holder in Information Security Management (M.Sc); Certified Information Security Manager (CISM), Payment Card Industry Qualified Security Assessor (PCI QSA), SABSA Chartered Security Architect (SCF), ISO 27001 Lead Auditor, CREST Registered Technical Security Architect (TSA), CREST Registered Penetration Tester (CRT), and a member of ISACA. Demonstrated to be reliable, trustworthy, and meticulous person; working in a controls-focused environment, multinational, and multicultural organisation over the years and gained a good understanding of what is required of the Information Security professional. . Specialties: ISMS based on ISO/IEC 27001/2 Payment Card Industry (PCI) DSS - QSA led services - PCI Scoping, Gap Analysis and Formal Assessment (RoC) IT Governance, Risk and Compliance (GRC) Management Cyber Security Penetration Testing Enterprise Security Architecture Technical Security Architecture

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: