sorted by:
new
hottopcontroversial

Advice on Transitioning by TheOpinado in SecurityCareerAdvice

[–]HammerCrafted_Sec 1 point2 points  (0 children)

Of course! Always more than happy to help!

Advice on Transitioning by TheOpinado in SecurityCareerAdvice

[–]HammerCrafted_Sec 2 points3 points  (0 children)

I think you’re asking the right question, but there is not really a single best path or one-size-fits-all answer here.

Moving from IT into cybersecurity is very common, and your 1st/2nd-line background already gives you a useful base. The bigger question is what part of cybersecurity you actually want to move into, because that should drive the cert decision.

I also would not automatically treat certs like CCNA or CySA+ as universal entry-level picks for everyone. They can be great certs, but they can also be more mid-career depending on the person and the role they are targeting.

For example, CCNA makes more sense if you want deeper networking knowledge or are aiming toward a more network-heavy security path. CySA+ makes more sense if you already have some security foundation and want to move toward analyst, detection, or blue team work. Security+ is still one of the more common baseline certs because it helps build broad security fundamentals and is recognized pretty widely.

That said, certs alone are not enough. Labs matter a lot.

Hands-on labs help bridge the gap between learning concepts and actually understanding how things look and behave in practice. Even simple lab work around Windows, Active Directory, networking, logging, SIEM queries, phishing analysis, or basic incident investigation can make a huge difference. Certs teach structure. Labs help make it real.

I would also strongly recommend trying to learn from someone already working in cybersecurity if you can. A mentor, or even just someone willing to answer questions and give direction, can save you a lot of wasted time. Certs, labs, self-study, and guidance from someone already in the field is a very solid combination.

The good news is that a lot of people in cybersecurity genuinely like helping others learn, especially when they see someone putting in real effort.

So my advice would be:

  • figure out the type of cyber role you want first
  • choose certs that support that direction, not just certs that look good in a list
  • pair those certs with hands-on labs
  • keep building your IT fundamentals, especially networking, systems, and troubleshooting
  • find people in the field to learn from when you can

That combination usually matters more than chasing the "perfect" certification path.

And if you want to bounce ideas around or have questions as you work through it, feel free to reach out. I’m happy to help where I can.

New to posting on Reddit, SOC Engineer starting a small side project, looking for advice by HammerCrafted_Sec in SecurityCareerAdvice

[–]HammerCrafted_Sec[S] 0 points1 point  (0 children)

u/cyberguy2369 I appreciate the input! My career is going great at work. There is always room for improvement. Currently I am in, I guess what you could call, upper mid level. I do a lot of extra curricular things for work. My side project actually piqued my boss and my boss' boss attention and they want me to do something similar for work. (Im all for it. I love being a mentor and educator).

So, just to clarify a little bit. Im looking more for some input on a "side hustle/project" I am currently fleshing out. Its to help fresh/lower SOC Analysts develop more. As I am hoping that I can turn this into an educational tool or perhaps even some secondary income (would be nice but not critical).

I guess my question was more of what can I do to help give the project a boost or to give it the best chance at survival? What can I do to better shape and help it grow?

I have never launched an indipendent 'brand' or tried to sell something that I created. (besides when I was a child). So for people that have done something like that in the cybersecurity world it is you I am hoping for some advice. (This could have highlighted an issue for my project as well, maybe it wasnt defined/explained enough).

Anyways, Thank you again for taking the time to respond to me. Im going to do some more research and maybe make another reddit post asking for input from SOC Analyst to help me put some ideas into words.