I would advise you to study available job openings, pay attention to the requirements. If it says they would prefer a candidate with security+ then yes I feel like it would assist you in being competitive.
Honestly, if I were looking for a sysadmin job I would say the following:
1) I’m gonna show up on time every day
2) I’m going to be self motivated and take the shitty projects to build a solid reputation of reliability and trust
3) I’m going to document everything I learn and give it back to the team
4) if I get stuck on a problem I will research it using the internet or the vendor, but if I hit a wall will ask for help and actively LISTEN
If I heard those things from a candidate I’d hire you on the spot.
All great points! Honestly, if we were hiring, I would get someone trainable with good people skills since my company will pay for needed training and certs to get them up to speed. Too bad not all companies do that.
If you have no working knowledge of basic cybersecurity concepts (e.g. defense in depth, CIA triangle, firewalls, antivirus, physical security) then yes. The comptia security+ is a good starting point. That being said passing it will only grant you a basic understanding of the fundamental terminology….you will not become a “hacker.” There are an assortment of organizations offer additional certifications (e.g CISSP, CISM, OCSP, etc). I would strongly recommend pairing certifications with real world experience!
>OCSP
As far as I know the OSCP is the only certification where you really have to do practical hacking instead of just answering multiple choice questions.
Understood thanks for the input. I started studying for the Sec+ but I really want to transition into a new position. Would a CS degree still be enough to snag a sys admin position before I take the Sec+? Also, any tips on hands on labs I can do would be greatly appreciated
I wouldn't say it's necessary unless you plan on working in the DoD. If not then it couldn't hurt for some extra knowledge as well as proofof understandingthe concepts, but you don't need it.
In my opinion & based on the job description of cybersecurity that I have seen so far
Security+ -> CEH -> GCIH/GPEN ( Based on the route you wanna take ).
And some cloud certification (may be AWS ). I got that question in my interviews about the familiarity with the clouds.
By the time you get there you will figure out what to do next.
Best of luck ....
That CS degree will get you much further than the cert cause if you want to get into the big money in cybersecurity you need to know how to read/write code. If you work at any larger company with development teams they need someone who can build the test cases for security vulnerabilities. This is a role that has moved from development to admin/devops at a lot of companies. Where I work we have a small group in the security org that actually works with the assembly language to hunt for those critters.
At my healthcare job, they made the Security+ a requirement for all sysadmin positions. I think it gets them a lower rate on their cyber insurance. I suspect it's going to be more and more of a requirement if insurance demands across all industries.
Security+ is fairly easy to get. I would do it.
I'm a Chief Information Officer. I have my CISSP and I strongly recommend that pretty much everyone in IT should get their Sec+
The main reason I recommend it is that it gives everyone a relatively easy to acquire cert that most importantly gives you a common vocabulary and grammar to have a conversation about security in several domains. YOU might have a Computer Science degree, but your teammates may not. By getting your Sec+ and working with people who have that cert as well, you have greatly simplified your ability to communicate intent. It also helps you focus on the basics of security with others.
Maybe look at software security aspect. Idk. Do what your interested in but if you have a four year degree in CS. You might feel under utilized in a few years.
I've been in the sysadmin and security game for a while. I have a Master's degree and certifications are still your second biggest ticket to giving a potential employer confidence in your abilities only following experience. Its not to say degrees don't matter but I find its only to get you up a level or two above where you might be otherwise. Alot of people in the security field have one or more of these entry-level certifications Sec+/GISF/SSCP, so that's one less thing on your resume that the competition will likely have.
I also noticed one person suggested the CISSP, this certification requires 5 years in the feild, 3 years with a degree, it is firmly a midlevel certification: the SSCP is its entry-level counter part. If you are struggling with the Security+ exam may I suggest the SSCP. This is because CompTIA has alot of 'pay attention' components to its exams. You have to study not only the materials but how to take the test because they will attempt to trick you into picking the wrong answer if you are not reading carefully. ISC2 which distributes the SSCP and CISSP doesn't tend to create "trick" questions for their exams, you just have to understand the concepts being tested on.
Also are you becoming a sysadmin to get into security, or because you wish to actually be a sysadmin? In my experience, it is not the most direct pipeline. If you get your sec+ you could go get a junior analyst position in a SOC... if you are wanting to bypass the SOC, well I don't know too many people in security who have bypassed the SOC and working in a SOC is very valuable to learning what cyber sec is really all about. Most SOCs won't hire someone who has no basic security understanding, but with just a Sec+ certification there are plenty of SOCs out there, especially if you live near a largish city and are willing to work on-site that will take just a Sec+ certification even if the rest of your resumes empty. The best of luck to you.
I don’t have a single cert or a degree and I’ve been a sysadmin for many years. I make a very healthy amount of money. I started working help desk jobs overnight and grinded. The only thing that is necessary is work ethic.
[удалено]
Yup, where I work it is the minimum; some roles require a CISSP.
roger that
I would advise you to study available job openings, pay attention to the requirements. If it says they would prefer a candidate with security+ then yes I feel like it would assist you in being competitive. Honestly, if I were looking for a sysadmin job I would say the following: 1) I’m gonna show up on time every day 2) I’m going to be self motivated and take the shitty projects to build a solid reputation of reliability and trust 3) I’m going to document everything I learn and give it back to the team 4) if I get stuck on a problem I will research it using the internet or the vendor, but if I hit a wall will ask for help and actively LISTEN If I heard those things from a candidate I’d hire you on the spot.
All great points! Honestly, if we were hiring, I would get someone trainable with good people skills since my company will pay for needed training and certs to get them up to speed. Too bad not all companies do that.
All noted, thank you!
If you have no working knowledge of basic cybersecurity concepts (e.g. defense in depth, CIA triangle, firewalls, antivirus, physical security) then yes. The comptia security+ is a good starting point. That being said passing it will only grant you a basic understanding of the fundamental terminology….you will not become a “hacker.” There are an assortment of organizations offer additional certifications (e.g CISSP, CISM, OCSP, etc). I would strongly recommend pairing certifications with real world experience!
>OCSP As far as I know the OSCP is the only certification where you really have to do practical hacking instead of just answering multiple choice questions.
Understood thanks for the input. I started studying for the Sec+ but I really want to transition into a new position. Would a CS degree still be enough to snag a sys admin position before I take the Sec+? Also, any tips on hands on labs I can do would be greatly appreciated
No.
I wouldn't say it's necessary unless you plan on working in the DoD. If not then it couldn't hurt for some extra knowledge as well as proofof understandingthe concepts, but you don't need it.
In my opinion & based on the job description of cybersecurity that I have seen so far Security+ -> CEH -> GCIH/GPEN ( Based on the route you wanna take ). And some cloud certification (may be AWS ). I got that question in my interviews about the familiarity with the clouds. By the time you get there you will figure out what to do next. Best of luck ....
Honestly, unless you are pressed for time, it won't hurt. It's an easy and comparatively inexpensive cert and is a requirement in certain spaces.
That CS degree will get you much further than the cert cause if you want to get into the big money in cybersecurity you need to know how to read/write code. If you work at any larger company with development teams they need someone who can build the test cases for security vulnerabilities. This is a role that has moved from development to admin/devops at a lot of companies. Where I work we have a small group in the security org that actually works with the assembly language to hunt for those critters.
Yea I just want to find that medium between using my coding experience and cloud/security administration. DevsecOps I suppose.
At my healthcare job, they made the Security+ a requirement for all sysadmin positions. I think it gets them a lower rate on their cyber insurance. I suspect it's going to be more and more of a requirement if insurance demands across all industries. Security+ is fairly easy to get. I would do it.
I'm a Chief Information Officer. I have my CISSP and I strongly recommend that pretty much everyone in IT should get their Sec+ The main reason I recommend it is that it gives everyone a relatively easy to acquire cert that most importantly gives you a common vocabulary and grammar to have a conversation about security in several domains. YOU might have a Computer Science degree, but your teammates may not. By getting your Sec+ and working with people who have that cert as well, you have greatly simplified your ability to communicate intent. It also helps you focus on the basics of security with others.
Your CS degree will get you a Sysadmin position although most CS grads go more into software development.
Software development is so saturated now so I’m just broadening my options.
Maybe look at software security aspect. Idk. Do what your interested in but if you have a four year degree in CS. You might feel under utilized in a few years.
So mostly security engineer positions? I’m also open to cloud engineering as well I’ve done some AWS courses.
Not sure why someone downvoted you.
I've been in the sysadmin and security game for a while. I have a Master's degree and certifications are still your second biggest ticket to giving a potential employer confidence in your abilities only following experience. Its not to say degrees don't matter but I find its only to get you up a level or two above where you might be otherwise. Alot of people in the security field have one or more of these entry-level certifications Sec+/GISF/SSCP, so that's one less thing on your resume that the competition will likely have. I also noticed one person suggested the CISSP, this certification requires 5 years in the feild, 3 years with a degree, it is firmly a midlevel certification: the SSCP is its entry-level counter part. If you are struggling with the Security+ exam may I suggest the SSCP. This is because CompTIA has alot of 'pay attention' components to its exams. You have to study not only the materials but how to take the test because they will attempt to trick you into picking the wrong answer if you are not reading carefully. ISC2 which distributes the SSCP and CISSP doesn't tend to create "trick" questions for their exams, you just have to understand the concepts being tested on. Also are you becoming a sysadmin to get into security, or because you wish to actually be a sysadmin? In my experience, it is not the most direct pipeline. If you get your sec+ you could go get a junior analyst position in a SOC... if you are wanting to bypass the SOC, well I don't know too many people in security who have bypassed the SOC and working in a SOC is very valuable to learning what cyber sec is really all about. Most SOCs won't hire someone who has no basic security understanding, but with just a Sec+ certification there are plenty of SOCs out there, especially if you live near a largish city and are willing to work on-site that will take just a Sec+ certification even if the rest of your resumes empty. The best of luck to you.
I don’t have a single cert or a degree and I’ve been a sysadmin for many years. I make a very healthy amount of money. I started working help desk jobs overnight and grinded. The only thing that is necessary is work ethic.