I need your advice regarding this one.
I currently work as the website manager in a medium size school here in the Philippines. Our CTO has offered me a new role in Cybersecurity. There’s no one from the IT department who specializes in this field and he assigned me for this task. This is a new field for me also and I don’t have any background with cybersecurity.
Few of the the possible task that he mentioned include network and website penetration testing, permissions and security audit of different institutional systems (HRIS, ERP systems, Student Information Systems, etc), simulated phishing attacks for company employees.
What trainings or certifications should I take in order to be successful on this type of job? I did a little bit of research and I’m planning on taking comptia network+, security+, cysA+, pentest+ and possibly OSCP.
Is this a good way to start? I do have a plenty of time to study while at work/home.