I'm looking to change my career (QA) into a cyber role, and I'm not sure of the best path. I've been offered a place on an Msc Cyber Security degree from a good (NCSC certified) university. I already have a Comp Sci MSc from long ago, and I'm not sure throwing money at more degrees is the right thing to do.
I don't have any cybersecurity professional experience, but I think there are a lot of paralells in that QA is also essentially about managing risk, about investigation, etc. And I have worked in a security testing role within telecoms, and loved that aspect of monitoring/analysis. Which Is why I am aiming for blue team type roles in the future.
Although money is a facor, really I will take the path that offers the best chance of employment. I'm not expecting to be earning mega bucks any time soon, I am realistic, this is a career change and a difficult area to get into at that, but I want to aim for a completion of a certain path within 1 year, full-time study.
Certification path I have thought of: Net+ , Sec+, BLT1, SSCP ?
Or... the MSc + maybe BLT1.
I hear there's a lucrative living to be made befriending open source maintainers going through a mental crisis, persuading them to give you the keys, then planting backdoors in their software.
See, thing is this is no more or less soulless than any other corporate stock image clipart garbage that has been churned out over the last decade, which is all that you would have used if you didn't have AI, so I don't see the practical difference in reality.
>>14902 I work in cyber security for a minor branch of the government. The qualification market is a complete mess. This guy put together a page listing 473 different flavours, that shows the problem.
The only ones we might care about are CISSP or CISM and the CREST certifications around pen-testing, when looking at someones CV - you mention wanting to be a blue-teamer, and you're exactly right about it being both about technology and how to manage risk.
I don't have any, but still earn £100k+. I would be very careful about spunking a load of money on them, when what you really want is a trainee position. There are so many facets / areas of information security to specialise in that it can be a while before you find the niche you love and thrive in, so I think experiencing it is more important.
There are companies that give you the training for free, intensively full-time, and you pay them back when you get the job. Some even help you find a job. Capslock are kosher:
>>14911 Cheers. I did consider Capslock, I've read very good things about them, but my concern was paying the same as a degree and coming out with neither a degree nor a certification... Is Capslock something that the indsutry takes notice of?
