0

I work in cyber security r&d for several years. Meanwhile, I have obtained a CEH (Certified Ethical Hacker) certificate and a CISSP certificate.

I wish to move to security industry instead of r&d environment as my next step plan. Thus, what kind of certificate could be my next target?

TJCLK
  • 838
  • 8
  • 25
  • There's no objective answer to this, and it all depends on exactly what kind of things you want to do. Also, does "unlearning CEH" count as a new certificate? I think it should. – forest Sep 05 '18 at 01:54
  • The certifications that you may (or may not) need will depend on what your target is. You have not explained that part at all. – schroeder Sep 05 '18 at 07:01
  • @forest please stop bashing the CEH without some sort of qualification on why you think that it might be bad, else it comes across as a personal rant. CEH has its place, but just like every certification, it has its limitations and appropriate applicability. – schroeder Sep 05 '18 at 07:04

1 Answers1

0

The CEH and CISSP certifications will likely help quite a bit. I suggest ongoing trainings (and certain certifications) through specific services, such as Amazon Web Services (AWS), Microsoft, IBM or Google. It could also be beneficial to learn about various other security vendors and explore training opportunities (and possibly joining partner networks) for multi-factor authentication (Duo, etc.) and virtualization tools (VMware, etc.) and continuously follow research on "DevSecOps" and other industry best practices. I also suggest following development and communities / trainings, based around open source security tools and best practices, such as Open Web Application Security Project (OWASP): https://www.owasp.org/index.php/Main_Page

Zoe Braiterman
  • 32
  • 2
  • Can you elaborate on the cloud specific security certifications? – eternaltyro Sep 05 '18 at 03:47
  • You've given a very wide swath of training and certifications but focused on a very narrow scope of applicability. After 20 years in infosec, I can say that I have done 1 or 2 things from your list because I am not "that kind" of infosec professional. You might need to either make your suggestions more general so that they apply to a wider field or get more from the OP about what the target is. – schroeder Sep 05 '18 at 12:01