Is it worth investing the time to learn something like Security Onion’s SIEM features to gain some experience (and bridge the gap between no-knowledge and experienced) to a more mainstream enterprise product like Splunk? That is to say, would the transition be relatively seamless (tell a prospective employer you can use Splunk) getting hands on practice with something like SO and reading a Splunk cert book?
What about something like Snort to get hands on practice on ASA/ISR/ASR IPS systems? I always imagined that Cisco being behind both would make the transition relatively painlessly.
Anyone familiar enough with both the enterprise products and the open-source solutions to make a general opinion? Obviously, a lot of it will be individually based on how you learn and how adaptive a person is, I’m not asking for anyone to assess that in me, just you personally.