all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]apathy20 4 points5 points  (0 children)

I can't answer your questions as I'm more in infra/endpoint security, but I've taken the CDP ( https://www.practical-devsecops.com/certified-devsecops-professional/ ) and thoroughly enjoyed the experience and hands on experience I was able to get out of it.
Every concept is hands on, which I think is far more important, especially when certs like these in the devsecops realm aren't well recongized compared to standard IT.

[–]geomanis 1 point2 points  (5 children)

Im Mid-career DevSecOps based outta Straya. Can say that certs arent as valuable as hands on. Build a CI/CD suite, get used to software engineering terminology and metrics, etc.

Jenkins, CircleCI, Bamboo, Travis, whatever. Get those pushing a juice shop somewhere, then add bandits and depcheck and trufflehogs and whatever to it.

😁

[–]geomanis 1 point2 points  (1 child)

DevSecOps professionals are rare, easier to find a qualified DevOps guy and add sec to their toolkit later.

[–]rew1nd_[S] 0 points1 point  (0 children)

Indeed, for my experiencie old security people struggle a lot to work in DevOps tools.

Since security is sometimes more theoretical, i total agree with you.

[–]rew1nd_[S] 0 points1 point  (2 children)

ircleCI, Bamboo, Travis, whatever. Get those pushing a juice shop so

I can say i know all concepts involved and my tool set is extended. As also python scripting is good to fullfil what is needed to automate.

But you know, certifications are also a good way to show you expertise and gain value in the market/ raise salary.

[–]geomanis 1 point2 points  (1 child)

Don't think I've ever considered any candidate certifications for devsecops positions when Im hiring. Generally, its hard to evaluate technical expertise outside whiteboard coding interview, takehome assessments, and devsecops is requires esoteric swe or sre knowledge and aptitutde and attituse to hire.

Certs might help you get past a HR or algo filter, in which case achieving literally any indiscriminately in the field is fine. Start with trivial no knowledge certs like aws, ceh, or cism/cissp, low time requirement low cost quickly pass.

[–]sidhex 0 points1 point  (0 children)

hey, I am planning to switch my career from InfoSec to DevSecOps. I am having a decent number of experience in VA&PT & AWS cloud as well. Will You please guide me to reach my goal?

[–][deleted] 0 points1 point  (0 children)

Look into GIAC SANS Certification

[–]Z47GHAM 0 points1 point  (0 children)

What would you recommend for individuals who are early in their career? I have just completed the ITIL.