The Painful Process of Choosing My Next Cyber Security Certification

Over the past months I have been looking for new contracts and have found that my I.T certifications need to be expanded to give me a better chance of winning more work. This raised to the question of “What certification should I choose?”. I foolishly thought this was going to be an easy task, unfortunately there is no correct answer. Each client asks for different skill sets and most of them like to ask for conflicting job roles, such as a Dev Ops specialist which is also an OPSec specialist, a Penetration Tester Specialist, and an ICS Engineer. Knowing what the market wants is hard!

After doing my research I decided to revisit my CV and look at the type of work I did in the past, such as AWS deployment,  IDS security and Firewall deployment. I found that choosing a vendor can be quite limiting as each client asks for different technologies and my company really wants to be vendor independent.  The downside of not choosing a vendor is that it does not highlight you have actual experience in the area.

So, it’s time to take a chance and go down an AWS route for cloud technology, Fortigate for network firewalls and OSSEC for HIDS solutions. You may ask “why choose those technologies?”, to be honest it is a calculated guess. AWS appears to be more popular; I have a Fortigate firewall to practice for exams and OSSEC keeps appearing in opensource SIEM solutions. It’s more of a calculated guess of market share than what I enjoy. I must be honest with myself on what time I can put aside to study for exams. Most courses don’t provide any of the practical skills that I use, most of the installations I’m involved in go way beyond the course material. The courses I keep taking are almost like a sales and marketing pitch, I prefer to know what a system cannot do as opposed to what it can do.  

One thing I do appreciate is that information technology is an ever-evolving field and as a security consultant I must be able to quickly adapt, this makes gaining all those certifications very expensive. I almost forgot, if you work for a company that’s refusing training courses due to budget cuts, don’t let that stop you, take the courses and exams yourself and negotiate that salary increase to compensate, you have just increased your value to the company so its only fair. If you do not take those certifications now, you might regret it later when you choose to work for another company or get the next contract.

I hope that reading this post helps to highlight some of the areas that you can think about when creating your training plan. Now, if you don’t mind, I have a set of AWS exams to pass.