Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

  • 𝔻𝕒𝕧𝕖@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    3 months ago

    Yes, I have been eyeing a soft switch into cybersecurity. Maybe not head-over-heels and maybe not entirely, but I do plan to have a significant part of my work to be in infosec.

    For context, I am currently working as Tech Lead/Software Architect for a company that has a security-focused product (with an, as of today, 0 incident track record), but I work on design and scalability most days. When involved in security-related tasks, I mostly coordinate and sometimes implement security critical code under the guidance of our (small) security team.

    I do have enough insight to have a positive impact on security related discussions on higher levels (think “lol, this proposed change opens up the endpoint to being exploited by x or y”) but not enough to discuss our cryptographic primitives.

    In order to get my feet wet, I started doing THM (quite actively, yet I’ve hit a rut with the Windows-focused buffer overflow rooms), and I can say I enjoy it more than I expected.

    However, I am unsure what concrete steps I should take after THM.

    I’ve been thinking of working towards the OSCP exam, but honestly the certification landscape is quite confusing.

    • solrize@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      3 months ago

      I’ve worked in security for decades and nobody has ever asked me about certifications. I know a guy with CISSP and he said it has been useful sometimes, but basically I wouldn’t worry too much. Getting more involved with the security stuff where you work will give real experience which is likely more valuable.