Cyber Security career advice - Get certified or not


I recently received a query from a fellow veteran on value and requirement of getting certifications in Cyber Security. I have appended the question and my reply for others who are planning to delve into an information security career.

Dear Vikas,

Have gone through your linkedin profile. You are a highly qualified officer having even done CISM & PMP.

I'm a ____ but have a fair amount of exposure in IT having done ADP(SAP), ADP(SYS) & two appts in IT Field ! However, I do understand practically a whole lot of things having executed & handled network projects, cyber security etc.

I wish to ask you if it is worth getting certified in CISM, PMP & CISSP or not !!

Thanks & regards,
XYZ

Dear Sir

Being certified or not is a personal choice and there are number of arguments both for and against  getting certifications. My perspective is based on my requirements and aspirations which I will be outline below.

For an Army Officer transitioning to Corporate the key goal is to get a Job. For this it is imperative to demonstrate basic knowledge of the subject to the organisation. Certifications on a CV  demonstrate that you have a fundamental background in Security and therefore it makes it easier for HR folks to select your resume from a pile. It may get you an interview but not the job itself. For example CISSP certification conveys a basic understanding of all domains of Info Security but in no way can certify that you have the skills for a career in InfoSec.

Secondly certification material provides you with a already  curated list of material which you need to study and ensures you have a well rounded knowledge of the subject. You may not take the exam but it is always good to know the areas you need to study. On the other hand the disadvantages are high cost of maintaining certifications, syllabus not being current and in tune with latest trends and  industry requirements. Moreover gaining all this knowledge without application is also not useful. It is essential that you apply the knowledge gained practically to retain it.

Most industry veterans after having established themselves do not bother getting certifications and instead attend useful conferences and learn online.

Finally my advice is to get a few certifications. Do CISSP first then CISM and attend a few conferences and look for what job requirements demand. You may also require training or self study on frameworks such as ISO 27001 , COBIT, NIST Cyber Security framework  etc ,  knowledge of latest technologies such as NextGen Firewalls, IDS/IPS, DLP, EMM/MDM, SAST/DAST, WAF etc and product offerings by vendors. Now with so many free courses available online from Coursera, edX and Cybrary it should not be difficult to get a good understanding of all these technologies.

Last thing is I believe to know the latest technology deployed, one needs to read to know what are the challenges and solutions. Examples of latest trends are Cloud, Social Media, Big Data Analytics and Mobile Strategy. Additionally understanding of IOT and OT Operational Technology networks, their integration and the security challenges therein. This is my take on certifications and knowledge enhancement. Please do let me know if you have any other queries.

Hope this helps.
Regards
Vikas

Comments

Post a Comment

Popular posts from this blog

API Security - A risk based approach for CISOs

       APIs or Application Programming Interfaces are the building blocks of modern applications. As the usage of APIs  and API traffic increases it is likely to be the major attack vector for hackers. APIs are utilised for a variety of purposes such as - share data with partners, customers, and other third parties. As per Akamai, 83 % of internet traffic is driven by APis. While APIs are a powerful enabler of digital transformation, they also present new security challenges. In fact, Gartner predicts that in 2023, API abuses will be the most frequent attack vector. To substantiate that prediction, OWASP has come out with a separate OWASP Top 10 for APIs in 2019. Also multiple organisations such as Coinbase and IRCTC have been affected by API security vulnerabilities in their applications.  To tackle this emerging attack vector, CISOs should understand the key risks associated with APIs. These include: Data Breaches or Data Leakages -  Risk of data le...
Read more

2024 Year Review and thoughts

  My review of 2024.  The year was a mixed bag with a overall positive outlook and a few hiccups. My ratings on key parameters  Health - Average  Family - Good  Professional - Good  Career - Good  Finances - Average  Health -  My health has been a mixed bag with several notable improvements and some setbacks. Exercise - I was able to regularly attend Gym and do strength training.  Due to improved leg strength I was able to run a 10 k run in Dec in a time of 67 mins . I was 40th out of 120 runners in the Veteran category which I am satisfied with keeping in mind the several issues I had been having at the start of the year.  Gut Health : My stomach and gut issues continued which led me to a take a nutritionist led meal plan. This has helped but I still continue to have gas and loose motions intermittently  and outside food does not suit me at all. The worry is that my weight has reduced from 68 Kg to 63 Kg in las...
Read more

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection In today's world, data is often referred to as the new oil, given its immense value to organisations. Companies have access to vast amounts of data, from customer information to intellectual property and strategic plans.  Over the last decade cyber criminals have targeted organisations repeatedly related to multiple breaches. Some organisations like Uber have faced multiple breaches and even government organisations are not spared as we observed in the Snowden case where confidential data of US  govt was leaked online. Protecting this data has become essential, and having an effective data protection program is crucial to achieving this requirement.  In my role as a CISO for the last five years I have found data protection as the most complex initiative yet most closely related to business enablement. This can be related to protecting customer data to prevent c...
Read more