Is security+ a good entry cert to help transfer to cyber positions (vulnerability mgmt/threat intelligence)? I come from a IT governance and controls background. Been applying to cyber positions but no luck.. Also don't feel like studying for cissp right now. I got CISA and CISM

like
Posting as :
works at
You are currently posting as works at

2nd a lot of what’s been said. I see a Sec+ come in for an entry level app, I’d give it more attention than another that didn’t but experience > all. That said, if you’re looking specifically for VM roles adding on vendor certs would help a lot too (if they’re free though usually not). As mentioned elsewhere, get familiar w at least one VM tool, start slamming some VMs from VulnHub, or look at Juice Shop and Multillidae (both very OWASP and web app focused). Also consider looking at flAWS.cloud and flAWS2.cloud to gain a better understanding of common vuln sec configs in cloud (spec AWS). Start getting up to speed on current events (vuln reported) and try to understand them. Familiarize yourself with CVEs and understanding them and how they relate to the overall VM process, which you had better understand (including possible remediations and controls l). Google, NIST, and your own company resources are a good place to look (both ppl and sample deliverables/templates if you have access to them). While you’re at it see if you can pickup a little python (bash and powershell as well if you can find the time). Lastly, consider building your own vuln VM in the cloud with a guide/hints - your “secrets” people hunt for could be insights into your personality, likes/dislikes, etc. instead of your typical hash.

likesmarthelpful

Its a check in the box for most places, what they are really looking for is hands on experience. I got my Sec+ and applied to a lot of places but no luck.

likehelpful

@SC1 look into vetsec. It's a community of veterans in cyber security. Lots of good people and good info.

Sec+ can be a door opener if you’ve got minimal cyber experience. Obviously experience is king, but you’ve got to start somewhere and it can give you an edge in a entry level role.

likefunny

Qualys offers free training and certifications that can help you stand out for vuln mgmt roles. I think some other vendors offer free certs as well.

likehelpful

I don’t think sec+ is enough. Do the cissp

likesmart

Cissp is a great cert to move from governance into more technical infosec. Besides, it gives you cred if you want to move up into management wether that will be technical or not.
Not like the investment is that huge.. The exam is 600 dollars?

like

In industry, yes it is. Especially government of you’re going that route.
Is your resume geared towards cyber, have you highlighted all your relevant governance and controls background?

smart

Yea, guess the ones I applied to want more technical skills. So governance work doesn't really make a difference

Also, if you want to start with some hands on and have a lab, you can get free licenses for Nessus, get Kali, and download machines from Vulnhub and HacktheBox for practice.

helpful

No. No one cares about Sec+ unless you are doing government work...

funny

CiSM covers a large check box. Isaca version of cissp and is in higher regard then sec+. From that standpoint you’re covered. I recommend u network ur way in because from a certain standpoint you’re covered.

smart

Sec+ is not worth your study or exam $, it’s basic. Get a top 3 vendor tool vuln mgmt tech cert (Qualys, Tenable, QRadar). If needed consider a SANS GIAC technical cert. Then your gold.

smart

Both of those qualify for cyber my friend. You good.

Related Posts

Hi,

I am going through psychological stress, mild depression and anxiety issues due to recent workload and have lost all motivation to continue. I am planning to quit but afraid will i get a job post that. What shall i do?

like

I have been given with a case study to solve. Its a secondary research based case study.
I have to share an output in a ppt.
Are there any hacks to solve it?

like

Is the military a well-paid career? I’m asking for my future.

like

Hi Fellow Fishies,

I am reaching out because I was recently contacted to interview for Cigna Provider Engagement Development Program. I wanted to see if I could connect with anyone on here that I can help give a breakdown of what this program entails, day-to-day, and WLB. Any tips on the interview and interview process for anyone working in this position? I would be truly grateful for any help or information that can be provided!

Cigna

like

Anyone who recently appeared for interview at Deloitte UK (consulting). Need to know more about the interview process and some tips for preparation.

like

When can you take the CISSP exam? Also, is it 150 questions in 3 hours or 250 questions in 6 hours?

like

Is moving from Product management to management consulting a right move given the future growth and compensation ? I have around 11 plus years of IT experience largely in Product Management.When I see LinkedIn profile of management consultants I see few of them get hired on C level positions in other companies but do not see that for Product manager except starting their own startup.Need suggestions if i should keep this transition dream or not

like

Hi All,

I have 4.3 years of experience in P2P domain and I got selected in Genpact Uppal branch for Assistant Manager profile and my current profile is Senior Operations Analyst.

So wanted to confirm the hierarchy is totally depends on teams to teams or there is a fixed hierarchy.

like

Hi Friends, i attended 2 client interviews and both went wrong. I don't know what to do. I am new to EY GDS......Is anyone faced the same ?

like
like

Okay so, its been a while since I've been seeing this in Linkedin:
The Job requirement says its Entry Level, but the experience it requires is always 6 year+... like how would a fresher match that.. should I've started coding at 6th grade or what?

I understand that it's a way of "SEO" in LinkedIn but it just discourages us freshies.

Actually not sure if this post belongs in this bowl but.. it is what it is?
P.s. I still apply to these because what's the worst that could happen... right?

Over the last couple of months I’ve interviewed for a number of jobs and made it to second and third round interviews but never got an offer. My last interview was on Monday and I got feedback that I did not get selected because it did not seem like I was a a team player. Ive got three interviews coming up and l am wondering how I can improve my chances of getting an offer. Any ideas are welcome. I need a new job like yesterday.

like

How many days will it take for Wells Fargo to release the offer letter ?
I attended my interview and got shortlisted as well, I just got an email stating congratulations and send us list of documents !! After which When I try contacting the HR, he's not responding !! What do I do in such case !!
Kindly Advise...

like

I had final round interviews last week for the company I really want to work for. I have an offer from another company, which I communicated to the recruiter which expedited the interview to final rounds. I need to respond to the other company's offer letter soon. Should I follow up with the hiring recruiter for the company I want an offer from? Or just move on if I haven't heard back by end of this week?

like

I am an IT architect with 10 years of experience specifically in Salesforce products. I am thinking of moving from a strategy consulting role to an architecture role in Salesforce (company) itself. I have experience building tech strategies and also technical project delivery.

Wondering if it makes sense to apply for an Enterprise Architect (pre-sales) or a Senior Technical Architect role??

Also in terms of seniority and salary are these roles any different?

like

Thoughts on Wealth Management as an industry? Offered a role to work under a senior FA and eventually take over the book (~$800M AUM and growing). It sounds great, but I am worried about the disruption this industry is facing with Robo advisors and other low cost, DIY options. I’d want to make sure the clients stay through the transition, and I don’t want to join a dying industry. Thoughts and advice?

like

Can anyone share the questions PwC AC Kolkata will ask for interview in assurance for CA as A2/SA1?

Does anyone have any advice on how to shift from a specialist (paid advertising) to a more strategic (in digital marketing) role? I've been job searching for a couple of weeks and would love to be considered for roles outside paid advertising but it seems to be extra challenging this time of the year.

like

How easy is it to move from an investment bank firm to a tech company?

like

Any 🐠 from London Business School here working at MBB in the US? I am a current MBA student and would love to connect with alums to know more about their experience about cross geography recruiting.

More Posts

Is anyone in the Tac group?

Getting out of M&A? I am a 3rd yr at a V30 and want to get entirely out of M&A and do more licensing/media/entertainment work. Willing to take paycut and be retooled. Any idea where to begin?

like

How are the areas around white rock lake to buy an investment property? Any suggestions appreciated!

like

What do you do to get yourself comfortable saying something doesn’t exist in an agreement or in case law? When i get questions like this (Ex. Does this contract have XYZ-type language?) I usually figure out the answer pretty quickly…but then I spend a ton of time trying to prove myself wrong. I got burned on a question like this as a 2nd yr, so I think I’m just hyper aware of the risk. I’ve been told I need to get “more efficient” though, so I’m trying to work on this. Any suggestions?

like

Hey Folks,

Help me to unlock DM!

Thanks.

like

Do law firms ever cover the cost of the CIPP/US certificate?

like

How can I stop data brokers from selling my information to political campaigns & other Ad compaigns? I don't live in California so CCPA does not apply to me..

like

Can we talk about privacy vendors? We are looking for a platform to handle data inventory and/or data discovery, as well as automating the privacy impact assessment process. We already have vendors for DSARs and cookies. Do most people consolidate all these functions to one platform or use multiple? Anyone willing to share vendors they have had good or bad experiences with?

like

Just lateraled to another big law firm, starting in a couple of weeks. Firm extended WFH until at least Oct. Any tips for starting new job remotely/connecting with people? Should I still ask to go to the office just to see what it looks like...?

like

About to finish my first year. I’m a specialist. Only going to hit 65% of my hours (took a 4 week vacation cause of wedding/hm).

I never say no to work and i have fantastic reviews, and the head of my practice (with whom I work a lot for) has great things to say about me.

I’ve been fully utilized starting ~June, but first few months were slow. Am i fine?!

like

Does anyone have a career coach they would recommend? Preferably someone familiar with creative fields. I’m trying to figure out if I want to transition out of marketing.

Does anyone know if insight has kicked off?

like

KPMG is looking for qualified CA for their US audit engagement teams (statutory audit). DM me or reply in the comments if interested.
(Job ID - 22000E44 || Location - Kolkata)

Post Photo

I have two job offers, one as a waiter and one as a bartender. Which one would you take? I’m thinking bartender for the tips.

like

Any possibility of postponing the LWD by the manager here in CGI, even we have not taken any leaves?

like

Does anyone know what vaccinations are looking like? Where to get them and when they’ll be available?

like

Has the overturning of Roe v. Wade significantly impacted anyone's relationships? I lost two friends who were pro-life and on the verge of losing another. Wondering if I'm being too rigid in my perspective or if this is normal in Texas

like

I can do my job better than 87 percent of the people who have my job title. Maybe 88 percent. Still unemployed

like

Anyone know when rewards/workday are likely to get updated with PA results?

like

What is the experience required to become senior manager in US taxation

Additional Posts in Cyber Security Bowl

Anyone currently enrolled or will be enrolled in the online masters cyber degree at Georgia Tech?

like

Anyone working in Pharma industry?

like

I start my journey of being more technical today. I am giving myself 2 yrs. I started a role doing IT controls, Identity and Access Management work. I have prior experience in UAT, business process controls (A-123). I am planning on passing the Security plus and CISSP certs within 2 yrs. Have a TS clearance. Any advice or reality check is welcome.
I will like to do cyber work in the Intelligence Community.

like

I’m an international student with MSc in CyberSecurity. I’m in search of a company willing to sponsor my green card. I’m proficient in Cloud Security with certifications and projects to show for it. Any potential employer can please reach out.

like

For those who have passed the CIPM exam, what is it like (and how does it compare to the CIPP/US exam)?

Anyone else at CyberArk Impact this week? Anything exciting going on?

Anyone at Protiviti in their Cybersecurity consulting practice willing to chat? Looking to inquire about pay, culture, etc. Thanks!

like

is CRISC worth it? dont see it coming up as much as others

like

Views on carbon black as a product?

helpful

Any EY PPMD 🐠 willing to chat/connect? Interested in learning more about the cyber practice. I’m a new campus hire in the Hoboken office. Thanks in advance!

like

Has anyone gone through the deloitte cyber risk interview process recently? How many interviews did you have and how was the process?? Salary?

like

How to make a jump to cloud security when I just have SOC experience? Currently studying for Solutions Architect cert

like

Is there a demand for privacy professionals? Been seeing this discussed more and more recently

like

New to the U.S., is the Healthcare Industry (via HIPAA), the only industry in the U.S. that legally mandates having a designated Privacy Officer? So for example, although GLBA has obvious privacy requirements, unlike with healthcare, financial institutions in the U.S. are not mandated by law to have a designated Privacy Officer?

like

Currently stuck in risk but interested in Cyber. Have done one related engagement from a regulatory perspective. But a lot of posts here making me think it’s harder to break into than I expected (non-technical background). If you had a six sigma green belt / supply chain degree/exp., would you still go through the effort of going into Cyber or take easy risk money being offered / easier transition back to supply chain? 2-3 YOE and trying to decide career course, any advice highly appreciated

like

Thinking about getting the AWS Cloud Practitioner certification. Does EY have any amazon resources or training materials that they provide? Any advise from people who have taken it before? Thanks!

like

Has anyone left cyber for another technical field (I.e. software engineer) ?

like

Privacy fish - Anyone taken the CIPM and can share what the exam is like?

Content outline seems like application of standard consulting approach, so how do they test it on an exam?

Thinking of moving from Big4 cyber to Accenture cyber. Any major differences (other than no channel restrictions).

like

I have a younger family member (almost 13) who is very interested in cybersecurity. How can this person learn and grow in a safe manner if he/she isn’t near a city with youth clubs and etc? Idea is to reinforce ethics, but this material is far too advanced for the parents.

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal