Related Posts
More Posts
Hey Folks,
Help me to unlock DM!
Thanks.
Does anyone know if insight has kicked off?
Additional Posts in Cyber Security Bowl
Anyone working in Pharma industry?
Views on carbon black as a product?
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.




2nd a lot of what’s been said. I see a Sec+ come in for an entry level app, I’d give it more attention than another that didn’t but experience > all. That said, if you’re looking specifically for VM roles adding on vendor certs would help a lot too (if they’re free though usually not). As mentioned elsewhere, get familiar w at least one VM tool, start slamming some VMs from VulnHub, or look at Juice Shop and Multillidae (both very OWASP and web app focused). Also consider looking at flAWS.cloud and flAWS2.cloud to gain a better understanding of common vuln sec configs in cloud (spec AWS). Start getting up to speed on current events (vuln reported) and try to understand them. Familiarize yourself with CVEs and understanding them and how they relate to the overall VM process, which you had better understand (including possible remediations and controls l). Google, NIST, and your own company resources are a good place to look (both ppl and sample deliverables/templates if you have access to them). While you’re at it see if you can pickup a little python (bash and powershell as well if you can find the time). Lastly, consider building your own vuln VM in the cloud with a guide/hints - your “secrets” people hunt for could be insights into your personality, likes/dislikes, etc. instead of your typical hash.
Its a check in the box for most places, what they are really looking for is hands on experience. I got my Sec+ and applied to a lot of places but no luck.
@SC1 look into vetsec. It's a community of veterans in cyber security. Lots of good people and good info.
Sec+ can be a door opener if you’ve got minimal cyber experience. Obviously experience is king, but you’ve got to start somewhere and it can give you an edge in a entry level role.
Qualys offers free training and certifications that can help you stand out for vuln mgmt roles. I think some other vendors offer free certs as well.
I don’t think sec+ is enough. Do the cissp
Cissp is a great cert to move from governance into more technical infosec. Besides, it gives you cred if you want to move up into management wether that will be technical or not.
Not like the investment is that huge.. The exam is 600 dollars?
In industry, yes it is. Especially government of you’re going that route.
Is your resume geared towards cyber, have you highlighted all your relevant governance and controls background?
Yea, guess the ones I applied to want more technical skills. So governance work doesn't really make a difference
Also, if you want to start with some hands on and have a lab, you can get free licenses for Nessus, get Kali, and download machines from Vulnhub and HacktheBox for practice.
No. No one cares about Sec+ unless you are doing government work...
Mentor
CiSM covers a large check box. Isaca version of cissp and is in higher regard then sec+. From that standpoint you’re covered. I recommend u network ur way in because from a certain standpoint you’re covered.
Enthusiast
Sec+ is not worth your study or exam $, it’s basic. Get a top 3 vendor tool vuln mgmt tech cert (Qualys, Tenable, QRadar). If needed consider a SANS GIAC technical cert. Then your gold.
Both of those qualify for cyber my friend. You good.