Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
edric ( @scytale@lemm.ee ) English2•5 months agoOutside of the SANS courses, are there any other reputable trainings that focus on Cloud Security Architecture?
AWS has their own first-party certs if you want something vendor-specific (I’m sure Google and Msft have similar). ISC^2 has something too https://www.isc2.org/certifications/ccsp
noUsernamesLef7 ( @noUsernamesLef7@infosec.pub ) English1•5 months agoI’m studying for CCSP right now. It’s fairly general and tries to be vendor neutral but Architecture is one of the knowledge domains on the exam. Might be worth it if you meet the work requirements or experience waiver requirements.
A lot of people also seem to conflate it with the CISSP when it comes up in conversation I’ve noticed.
PaddleMaster ( @PaddleMaster@beehaw.org ) English1•5 months agoCompTIA has a cloud cert
noUsernamesLef7 ( @noUsernamesLef7@infosec.pub ) English1•5 months agoI just started my first official cybersecurity position at a medium size company in an industry that is currently being heavily targeted with ransomware.
I’m starting pretty much from scratch as they have not had a dedicated security role in over a year and my predecessor didn’t make much progress. So far i’ve been focused on inventory lists, policies, and procedures for hardware, software, and data. I think we’re doing okay with minimizing stuff thats internet facing and patching is in a good place (well, at least with the devices and os’s that are still supported).
Any suggestions on where to go from there or what to prioritize?
noUsernamesLef7 ( @noUsernamesLef7@infosec.pub ) English2•5 months agoThanks! This is actually exactly what I have been basing my efforts on so far, it’s just sobering to look at how far away we are from completing implementation group 1.