Anyone work in Cyber Security?

[reflux]

Hello all

I'm thinking of making the move across to Cyber Security after 10 years in web design. I'm currently a design manager with a decent salary and I enjoy what I do, but the higher earning potential and opportunity to work more closely with computers interests me. At the moment I'm trying to work out what qualifications I need and figure out what area I might want to move into.

I've been speaking to a training provider called Learning People. They gave me two options:

• Four course package - COMPTIA A+, Security+, Network+ and Certified Ethical Hacker. £3795.
• Three course package - COMPTIA A+, Security+, Network+. £2395.

These include all the training material, labs, exams, exam resits, career guidance etc.

So the questions:

1. Do I need to take a the 'training package' from a big vendor or can I really learn it all from a few books? Bearing in mind I've got a lot of experience in IT at an enthusiast level.
   
2. Do I need all of the above qualifications, or are some more important than others? I was thinking Security+ is the main one but happy to look into any others.
3. It looks like Security+ gets revised every 3 years by COMPTIA. It was last issued in October 2017. If that's the case, and it gets revised in October this year, would I need to do it again?

Happy to take any advice anyone might have

 

[reflux]

Why specifically security? This is quite key really, you'll be competing with people who have years of foundational helpdesk/1st/2nd/3rd line/infrastructure/cloud/applications support roles so it's why aren't you looking at those instead? Why not the more foundational support roles?

Basically because, whilst there's nothing wrong with being in IT support as a career, I do it enough for friends and relatives. I want to do something more advanced, and I've always been interested in the expertise and technology involved in securing computer systems. Another part of my interest comes from a very good friend who has a great role in vulnerability analysis and has encouraged me to investigate the field. Certainly there's a case to say that it's a good idea to work up to more advanced roles from doing some foundational ones, but then there's a bigger pay gap to contend with, so that's where the idea of doing a load of training comes in.

Most people work out the first two of those through experience in the field first. If you want to skip this, and haven't done a serious amount of research on it, I suggest you return to it and find a reason better than it's good money, because it sort of isn't that amazing unless you're experienced and doing what you love. Don't forget that security - slightly more so than other sides of things - has the capacity to become stressful and thankless very, very quickly.

Yeah, I definitely have no issue with continuing to research the field. I suppose my questions above were really trying to get to the heart of what I need to take to skill up to a level of understanding that opens some doors not only in terms of understanding but also knowledge. Maybe I should have phrased it better. Also no worries about it having the potential to be stressful... my current role feels almost totally thankless and can be very difficult. I'm sure it won't be quite the same but I'm used to dealing with pressure.

I'm going to point you towards this thread in the careers subforum I replied to a while back. https://forums.overclockers.co.uk/threads/professional-it-quals.18884617/#post-33543438

:edit: Certifications "refreshing" won't affect the validity of any you hold, it's really more an exam change. Yours will remain valid until their expiry date regardless, just a new exam is released/the old one retired.

Thanks, that's handy and good to know about the certification validity

------------------------

Thanks for all the responses. It's been tricky narrowing down what specifically I want to do in IT security, but that's partly because it's a wide field and there don't seem to be essential qualifications that can guide you in a particular direction. Unlike web design, for example, where most of us went to uni and did a design related course which narrowed the funnel a lot. So I've been doing some research, speaking to friends, and also talking to this training provider.

For the time being, I decided that what Learning People are charging for their courses is too high based on feedback from this thread, so I've bought a Security+ book and I'm going to see if I get on with it.

Doing further research and looking at the roadmap that @Conanius posted definitely points me in the direction of pen testing. Anyone do that on a regular basis?

 

[reflux]

I have been working in cyber security for 8 years.

Started as BAU 3rd line support and then into project engineering and now I am a TA.

I would recommend getting the CISSP official study guide even if you don’t take the exam as the book is very good and gives good overview of the different security domains.

I have worked with a few external pen testers, they would do there tests and produce a report a few days laters with the vulnerabilities listed and what threat level they are.

As a web designer have you ever used Qualys ssl server test on your sites?

Thanks, that's all good to know.

Nope, never used Qualys ssl server test on our sites. That's more the domain of our dev team really.