I just graduated last November 2023 my course is Computer Science, I am working now as a Data Administrator in a small company. My roadmap is to get Network + and CCNA to startup my career with Cybersecurity, I plan to get a Network Administrator Job by next year and continue to gain knowledge by getting Security+, CySa+, Pentest+ and hopefully after that, land a job in a Cybersecurity role. My question is, Am I in the right path? What do you suggest?
I would get Net+ and then start applying for help desk, everybody wants to try to get into the security aspect of IT. IT security tends to be over marketed on the internet. IT security positions are generally not entry level. You tend to need to know a lot about operating systems, Windows, Linux, helps a lot if you know about mobile operating systems, you need to learn about networking, tcp/udp, IP addressing, switching and routing, other technologies underneath the surface especially with the protocols and how they operate. Then you need to layer on top of all of that knowledge of security. Understanding firewalls, intrusion prevention, VPN, authentication mechanisms, you need to understand all the topics in Security+ that takes years to be able to accumulate that kind of knowledge and to accumulate it to any significant degree so that you are able to apply to a security role. There are a lot more entry level technician roles than entry level security roles. You might want to have a different strategy, learn as much as you can about the different topics I mentioned, once you have done those things, then try to move into IT security.
So follow your passion, but dont loose your feet.
I dont know what a “Data Administrator at a small Company” means, but it actually sounds like a good role. Cybersecurity is about protecting assets and next to human life is DATA.
Data and data expertise leads into nice security roles around governance and data processing/data Custodians. If you can take that Small Business and secure their data, awesome. Identify PII and what should be stored, work out backup and restore procedures, etc.
Now your passion is threefold:
Networking
Security
Or network security.
If you are truly passionate about networking start the network+, ofcourse get a router and home lab and start practising.
Network security, start learning wireshark, Nmap and goto tryhackme/hackthebox/other security websites.
Security, see network security above but start thinking data governance and compliance. Comptia Data+ is one idea, but you are better off bypassing Comptia and doing isc^2 entry certs, i.e. CC not CCISP yet.
For a career path, you could probably sidestep PenTest+. It’s a fun certification to have and to list on your resume, but no recruiter or hiring manager really cares if you have that one. (Kinda same with CEH. Those that have it know it’s a lot of content knowledge, but zero skills.)
After you pass CySA, PenTest can help a little toward CASP (soon to be SecurityX) and I highly recommend that anyone who has a stack of CompTIA certs to get CASP as preparation for getting CISSP. They’re a ton of overlap. CISSP on its own, out of the gate, no prior certs? Hard. CISSP after stacking up CompTIA certs and sliding over after passing CASP? FAR easier.
You’re on the right path to get some networking experience under your belt. Others will point out you don’t have to do that to get certs, but it will absolutely make your resume stronger if you have practical experience.
Sounds about right, and I would add if you’re planning to earn Security+, CySA+ and Pentest+, then add CASP+ and earn the CompTIA Secure Infrastructure Expert (CSIE) stackable certification along with some others. I found the CASP+ to be a very good “in-depth” certification with more of a hands-on/ops focus. You’re early into your cybersecurity career, so you never know whether that direction will lead you into architecture, engineering, operations, infrastructure, cloud, data, pentesting, governance/risk, devops, etc. - but I suspect more than one of the aforementioned, and having cybersecurity experiences and certifications will bode well even if you’re focus is primarily not on security.
Regardless, here is my baseline recommendations to anyone wanting to establish a careen in cybersecurity these days:
Security+ - it’s an excellent starter certification, and something many HR recruiters are looking for to get the foot in the door.
CISSP - this is the “Gold Standard” cybersecurity certification. Pass this exam “Associate of ISC2” and get 5-years of documented experience and this will open the most doors. The CISSP is written into most cybersecurity job requisitions these days. Plus, it’s a challenging study program and exam.
Be Cloud Certified (big need these days) : I don’t care what you’re doing nowadays, you need to be certified with various cloud technologies.
- CCSP or CCSK (generic cloud security certification - I recommend CCSP)
- AWS (CCP) or something more advanced/specialized
- Azure (AZ-900) or something more advanced/specialized
CISA - everyone in finance and auditing know the CISA and it has great street credibility. I don’t care what you do in cyber, you’re going to be dealing with IT Risk, Auditing and Compliance in some form or fashion. I’ve got the CISA, CISM and CRISC, but the CISA is by far the most valuable…at least for me, since I’m involved with IR Risk and Security Management on a daily.
Obviously, you can earn all the certifications you wish. Likewise, if you’re interested in a career in pentesting and exploiting infrastructure and webapp vulnerabilities then the OSCP is your landing spot. Good Luck.
Depending on the employer, you can jump over Network+/CCNA and go directly for the Security+ certification. The exception is usually Federal government jobs in the USA; they traditionally look for the Trifecta.
Your CS degree will help a lot to assuage any Hiring Manager anguish about you not having Network+. You really only need three things for the first security job, in descending order of importance:
- The absolute most important thing required to break into a security role is hands on experience, preferably enumerated in a project portfolio. This can be TryHackMe certificates, HackTheBox, a home lab environment that you built with a firewall, network TAP, EDR tool, SIEM tool, virtual machine malware sandbox, et cetera. You are already in industry, and your role will also help build experience.
- Your degree will be a bright spot for Hiring Managers. All you need in addition to that is Security+, IMO.
- You need an ATS-friendly résumé that links to your project portfolio.
Keep up updated, and good luck.
It can be done.
Just go into security screw all the useless entry level shit
If you want to get into security just go for it, no need to delay. If you have Net+ and Sec+ you should be able to get an entry level job in security. Once you are working get other certifications depending on what your intrest is.
r/CompTIA_GingerSec
He is working as a “Data Administrator”, so you say go “Help desk”.
Totally wrong move IMHO. Data Administrator leads to Governance → cybersec, or DBadmin or other roles that are far closer to Cybersecurity.
You learn a lot in Helpdesk, but he is better where they are.