| Okay, so - long story short, you need both. I know collectively we're understaffed in security in general, but I am also sick of this "everyone from every walk of life wants to be and can be security" mindset, seen too many people come in who don't know the first thing. I don't mind helping out my juniors, but if you come at me with questions and obviously no prior knowledge or even attempt to research on your own, I am going to help you along to the door. And not everyone can be red team, that's what a huge portion of people want, because it sounds sexy and they listen to too many podcasts. There are not that many positions for that specific job. Personal rant aside - Paul Jerimy did a good sort of layout of certs and where they fall in the various security domains. https://pauljerimy.com/security-certification-roadmap/ So where do you want to be? Risk? Software? Ops? Network? Certs will help you get hired, but if you have no experience aim for junior positions. The best security people spend a few years in another position, a network or systems admin or developer first, to learn the ropes within what will become their specialty, got time and really want to be good, go that route. |
That certification roadmap is excellent, thank you for this gem and thank you for your input.