1

Hello,

If this isn’t the right place to post this I’m sorry. I’ll cut right down to it: I currently work at a decent-sized church as an entry-level IT support specialist. We have around 150 employees so we use Active Directory, and JAMF. I’m struggling through my BS in Computer Networks and Cybersecurity online through University of Maryland University College. I have managed to pass the CompTIA 901 for the A+ and I have failed the 902 twice now. That has been the only cert I have gone for. I have the GI Bill/VOCREHAB program to pay for school right now. I have noticed that some people get lucky with certifications and no degree, while some others just have experience and no certifications with the same success. I’m going to be honest - I’ve been working on my degree since 2014 and I still have 2 years left to graduate. I have failed my Cisco class 3 times and my Security class about 3 times as well. This was due to not having enough time to fit school into a work schedule with 2 jobs and a family. I’m making entry-level pay but learning a ton of great things (I set up a deployment script for Office365, installed an IP security system, IP phone system, and my boss is trying to teach me Active Directory). I’m also not sure if this counts, but I did Signals Intelligence in the Marines for a while. That’s my background. Here’s my question:

Should I keep my nose to the grindstone and focus harder on my BS and complete it first, or should I try to spend a lot of energy getting a certification? And if neither of these are good - what would you recommend? I would like to get into penetration testing or something similar to that in Cybersecurity.

8 Spice ups
2

I would say since you’re half way through your degree, finish that. While there is quite a debate of how “useful” a degree is, it’s still a barrier of entry for higher end jobs. Yes, experience is a big thing, but unless you have a good connection on the inside for a new job, you’re going to have a tough time getting through the HR barrier without a degree.

As for security, focus on that once you have your degree and at a job that will help with expenses for education. That’s so you can focus just on certs and training and get some financial assistance for it too.

Also, go to some local security conferences and network a bit. BSides is a great place to start and find local events. Risky Business is a great podcast for security. There is also the Many Hats club with tons of security people in there.

2 Spice ups
3

I’d say one thing at a time… If you are still working on your BS then work on other certs/skills to augment that. You will burn yourself out trying to learn too many things at once (which it sounds like you have already experienced)

2 Spice ups
4

Probably not the right category, but a nice SW Moderator might move it for us.

The BS degree will help you later with moving up past middle management, and moving to new companies. The certifications will also help, but at a lower level.

I have an AA, but I found that not having the BS to be a hindrance when going for the bigger jobs above the Director level. My +35 years as an actual systems engineer makes a huge difference at the lower level, but nowadays hiring managers have to look past the lack of a BS to see it. BS candidates are a dime a dozen these days, but arcane HR organizations still cling to the idea that they’re still special enough to matter, and that may at least get you past the initial screening.

My opinion is that you should concentrate on the BS degree and your work/family life. The certs can wait. By the time you have that BS in your fist, the certification landscape will have changed again, and you can pick those up when you have the breathing room to focus on them.

Best of luck. Remember your family. They’re the reason you’re doing this.

4 Spice ups
5

I have had the pleasure of not being considered for positions that I had the experience for simply because I didn’t have my degree. Finishing up your degree will open a lot more doors in the long run.

1 Spice up
6

Like the others said, focus on the degree, I have obtained three degrees balancing work/family/house management. I was looking at getting a few certs under my belt but decided to obtain a masters in security instead. I had the opportunity to work with a state/government security team daily to keep things PCI DSS compliant, had plenty of meetings with a QSA and CISO. I only have 5 courses left and I am hoping to make the shift to security after that and most likely obtaining CompTia Secuity+

1 Spice up
7

Depending on whose figures you believe, it is estimated that by 2020 there will be 1.5 million jobs (based on 2009) figures or 3 million (based on 2013 figures) in cybersecurity that are going unfilled because of a lack of qualified applicants. Whether you agree with the math or not common sense tells you that cybersecurity is an exploding industry thanks to technology, lack of interest by American manufacturing which leads to a very lucrative occupation for cybercriminals.

The short answer is that I couldn’t encourage you more to keep at it. Also, thank you for your service.

1 Spice up
8

I was going to say build a pentest home lab like mine but it looks like you barely have time. Finish the degree if possible.

9

Agreed! A lot of threats out there these days, after all! In terms of some certifications to look into for the future, (ISC)2’s list of certifications are potential options. To get you started, the SSCP might be a good point of entry for a cyber career: https://certmag.com/sscp-certification-solid-point-entry-aspiring-security-professionals/

If interested, here’s our SSCP guide: https://www.isc2.org/Certifications/Ultimate-Guides/SSCP?utm_campaign=H-2018-HQ-SSCPultimateguide&am

Hope that helps! Good luck on your career path! :slight_smile:

10

Hey RadBner, I know how confusing this time can be when you feel stuck at a fork in the road. However, I wanted to give you an option to look into. Skillsoft’s cyber (IT) security training resources give IT professionals the skills and knowledge they need to protect your organization’s critical data and systems. Skillsoft provides books, courses, and hands-on exercises that give you the skills to keep pace with evolving cyber threats and defense measures, control access to systems, protect the integrity of data and PI, and ensure you have the IT talent to meet current and future security needs. If you have any questions or would like to chat further about any of the courses, please don’t hesitate to reach out to me!

@evanmendes2

11

I actually tried building my own network. I took an old desktop PC and installed Server 2008 on it. Then I had to learn about basic networking, and Active Directory. I have an old Toshiba Satellite laptop that I installed Kali on and then tried learning form the null byte website on how to hack wifi using Aircrack ng (I didn’t have the right wireless adapter to transmit apparently), and I also tried to understand how to use Metasploit, either the Armitage GUI or the command line interface. I was also trying to teach myself hashcat, orphcrack, and Jack or John the ripper to crack passwords. I had to learn some basic linux command line, and I was trying to learn some basic python language. It was all pretty slow and exciting but then other priorities won out. Besides, I was a jack of all trades; master of none.

12

Thank you for the advice guys and gals! It was just good to bounce some ideas off people who are further along in the IT community than me for some perspective.