Starting out in Information Security
There are many avenues to get your foot in the door into and gain Cyber Security/Information Security qualifications, these can widely vary depending on the type of Security job that suites you. Perhaps you enjoy the offensive side of Security and want to learn penetration system whereby you actively try and attack systems and networks as an ethical hacker WITH explicit approval. Or perhaps you enjoy designing systems from the ground up to be secure where your strengths will be in Security Architecture.
The traditional route into Information Security is to attend and graduate university with a degree or masters in Information Security or a related IT course. There are however many other methods like I previously mentioned such as apprenticeships and work experience which leads onto a full time work (which is how I got into it) or perhaps starting another role in IT such as helpdesk or 1st line support, which can be a fantastic stepping stone to Security due to the invaluable experience gain in general IT. If you aren’t having any luck with getting a role that suites you then you can always try sending out a cover letter and CV to Security Managers in the industry which is fantastic trick to getting your foot in the door.
Information Security Courses/Qualifications
Below is a list of Information Security qualifications for whatever role you are thinking of pursuing. These can either be additional qualifications to ones already gained or beginner qualifications such as Comptia Security+ which is a fantastic one to get under your belt if you are just starting out, however I would recommend taking the Network+ prior. Some great books for these can be found here and here.
Additionally to the list of qualifications above which is by no means a complete list I would also suggest gaining vendor specific qualifications such as the ones provided by Microsoft and AWS. These are great to get your teeth into and are highly desirable in the industry as most businesses plan or are already operating the cloud.
There are some Microsoft qualifications which will be extremely useful to learn and not even necessarily to take such as the AZ-900 course which teaches the fundamentals of Azure or the AZ-500 exam which teaches in-depth knowledge about Azure Security and Office 365.
What’s the best Cyber Security Qualifications?
If you are thinking of starting in the Security sphere than look no further than Comptia Security+ as previously mentioned. This qualification covers a vast number of topics from cyrptography, penetration testing, defensive security, identity management and the list goes on. Check out the following book which covers everything you need to know. Cyber Security on Azure: An IT Professional’s Guide to Microsoft Azure Security
Techy Courses for techy people
If you are already established in Cyber Security and want to take the next step then the first exam that should be taken is SSCP. Following this the infamous CISSP is never a bad shout but requires 5 years in Security to attain full certification or otherwise an associate certification. These two qualifications build on the Security + knowledge but really deepen this, particularly with CISSP. Although be careful some of the questions are specifically designed to trick you if you do not read the question properly.
Thinking of moving into management?
If your thinking of moving into a Security management role or are already in this role then the exam to take is CISM (Certified Information Security Manager). This exam will provide all the relevant knowledge to manage a Security team and get the best out of your employees without continually feeling you need to hire somebody else to do x specific task.
Do you like breaking stuff and finding loopholes then look no further than offensive Security.
While you probably already have knowledge around finding loopholes and exploiting vulnerabilities the CEH (Certified Ethical Hacker) qualification will be a very strong one to have under your belt. This will prove your knowledge to potential employers or your current employer. For a more technical exam and course then the OSCP (Offensive Security Certified Professional) is an ideal option and will as the exam body say “prove they have a clear, practical understanding of the penetration testing process and lifecycle.”
Want to fend against those pesky hackers and close the loopholes?
While defending can sometimes feel like an ever increasing task with high burnout it can also be one of the most rewarding and exciting in an IR scenario (although one should not pray for that). Some of the exams above such as SSCP and CISSP will be fantastic qualifications to assist in the defensive side of a business or personal endeavour.