Hi folks. I’m hoping I could get some suggestions as to what “what’s next” might look like in my career. I’ve been in IT for about 23 years, and trying to shift my focus.
Current situation: I’m currently a system administrator for computing researchers, and have been in this role for a bit over 20 years. It’s a generalist role, where I do everything from standard infrastructure (bare metal and virtualized, all on prem) to configuring containers and setting up AI training platforms to fixing desktops and diagnosing printers, and doing it all securely because our central IT is big on Zero Trust. I earned an MS in InfoSec in 2012, and probably should have tried to move into a more directly related security role at that point, but I until recently I enjoyed and was fairly challenged by my job. I’m ready to move on now though. Other than the degree, I have no current certs (although I’ll have an AWS SAA shortly). I did take an ISC(2) CISSP course about a decade ago and did well, and I’m certain with some studying I could pass that without too much difficulty.
Where I’d like to be: something more specialized, using more of my security knowledge, preferably focused on the cloud. I’ve also enjoyed forensics, incident response, policy design, and auditing, though, so I feel like anything that doesn’t involve a lot of development would work for me. I’m also not a particularly talented pen tester, although I’m fine working through a toolbox. I’m still figuring out what sorts of roles are out there.
Questions I have:
– What sort of roles should I be looking at? I’d be new at a specialized cybersecurity role, but I don’t know that an entry level position is the right option – or is it?
– What certs should I be thinking about to show more current knowledge? Is CISSP the way to go? Or are there better respected/more specialized certs that are preferred?