Hey c/Cybersecurity!
Just looking for some advice on what certifications are worth getting?
I am wanting to steer my career into ICS Incident Response and was wondering what Entry level certs are worth it? I want to get my SANS FOR-508 (GCFA) and SANS ICS-515 (GRID) certifications, however due to the expense of these I am looking to hopefully do some cheaper ones first until I can get the company I work for to pay for them.
I was considering perhaps CompTIA Security+ and CompTIA CySA+ but I don’t know if the time spent towards them could be better invested in another course such as CISSP.
I am Based in Australia and have a Bachelor of Computer Science, and a Bachelor of Electrical Engineering. I have also been working as a Process Control Systems engineer for about 3 years since finishing uni if this helps gives some more context.
Any career advice or recommendations is highly appreciated, I am kind of overwhelmed by all of the options. Also keen to do some more non-certified courses to increase my knowledge, I have been working through a few from Chris Sanders’ recently and want to do more from him.
CISSP is an advanced level certification and although you would be expected to have significant experience behind you to succeed in the exam, you can just cram and blag it - the main issue is you won’t be credible as a CISSP without the corresponding experience.
I recommend the CompTIA certs to get a foot in the door and work towards the CISSP after 3-5 years experience. You could also consider the ISACA CISM cert at that level.
Other courses you could consider would be COBIT5 Foundation, ISO 27001 lead implementer, Cloud Auditing certs and ITILv3 foundation which would round out the more practical CompTIA ones and put your CV on top of the pile for entry level roles.
This is great information thank you!