September 11, 2021

Need advice on certifications to further my cybersecurity analyst career


I am currently employed as a contractor for IBM X-Force R&D and have been so for the last 9 years. I do not have an official title although my activities are those of a cyber security analyst. Unfortunately, I am one of the 10000 people who have gotten laid off (you can read a bit more here:

I got into this field by chance, learned as much as I could and it evolved into something that I love doing. After I will be gone from IBM at the end of the year, I want to continue working as an analyst and this is where I have problems. I do not have a higher education diploma and I can not afford to go back to university to get one.

While I did get a glowing letter of recommendation, I want to compensate my lack of higher education diplomas with certifications which show potential new employers that I am competent in my field.

I still have until the end of the year to take advantage of IBM’s learning programs on Coursera. As a minimum, I will get the certification for being a Security Cyber Analyst. I am also interested in doing the Security+ certification.

My question to you: would this make sense? Are there any other certifications that would help solidify my CV?

Thank you so much in advance,


edit: grammar and more job info



With nine years relevant experience I’d go straight for the CISSP. It will open a lot more doors for you than the likes of Sec+. Just double-check your experience covers enough of the domains to qualify you for full certification. I would be surprised if that’s an issue for you though.


As much as I understand wanting to go get some certifications. I keep wondering if you’ve tried applying elsewhere yet with a resume clearly stating 9 years?! Of cyber security r&d / analyst skills at IBM X-force.


The fact is, degrees are always the answer. Right now it’s a BS but soon it’ll be an MS. They’re enough candidates with degrees to make it the minimum standard.

We posted a job once that said something along the lines of “bachelor’s and 4 years of experience or master’s and 0-2 years of experience.” I naturally protested, making the point that obtaining a masters degree wasn’t equivalent to 4 years experience. It was politely explained to me that, from a client-facing stand point and an executive-facing stand point, these things were of the utmost importance. That looking good on paper was half of the battle (or in this instance, obtaining the contract). Nevertheless, I was assigned a team member with a masters in statistics who was interested in data analytics (which is not what we do). He is a nice guy but remains a constant drag on the team due to his lack of industry operational knowledge or even desire to do it.

I don’t know how it got to this point but production is less of a factor than appearance. Applying for a job, without at least a BS, is already putting you in a long-shot position. So, your best course of action is to finish a degree.

Outside of the IT world, CISSP, CCNP, OSCP, etc., mean nothing (even to some inside the IT world). However, BS in XYZ is a global credential that everyone understands. It’s antiquated thinking and is usually harmful to an organization but it’s the reality of the current job market.


Cissp gets me tons of job offers, it’s like night and day how much more marketable I am

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.