New guy here, and would like some advice from the more seasoned security practioners out there.
First a little info about my situation. I'm currently on active duty in the US Military and recently changed my occupational speciality to Computer Defense Specialist. Its been amazing so far. While I won't say I have a 'carte blanche' for training...its about as close as I can get to it. They're throwing certs down my throat. A+, Net+, MCP, Sec+. If I want to attend a course or training event, all I have to do is ask, and more than likely the funds will be allocated...however I've come to a decision point.
Eventually, I plan on leaving the military, and I want to continue to pursue a career in infosec in the civilian job market. So I'm the point now, where I can just take what certs I think sound cool, but I need to think about what is going to make me marketable. Obviously the first thing that comes to mind is CISSP. First off, I dont see myself as a CIO, or CISO, ect ect. I don't mind managing, but the 'executive type' just isn't me. I prefer hands on, technical work, in the trenches, using my skills to combat the bad guys everyday. I don't really see any of that in the CISSP, but it feels like to be taken seriously in the civilian job market, you need the CISSP, or your resume won't make it past HR. Is this true in your experience? Regardless I imagine I will eventually obtain the CISSP, especially since we send people to the course every other month, damn the cost.
On the other hand, I can see the CISSP being valuable to a general security professional, sort of a jack of all trades. At least thats how I envision the positions that I see on the job boards and websites. People advertising for 'Network Security Engineers', or 'Security Analysts', ect ect. I see these positions as vary similar to what I'm doing right now in the military: conducting vulnerability assessment, secure network device configuration, remediation management, policy compliancy, firewall managment, ect ect. Thats what I do....does the job correlate in the civilian world? As far as technical certs....there are some really amazing specialties in this career field, and they all fascinate me. And as easy as it would be to shoot my supervisor an email asking to take the GPEN or CEH, or go for an LPT, my work experience in the military will never really be curtailed towards pentesting. Most of my work is the general security stuff, so should not my cert path reflect that, in order to make myself hireable? And what about the GIAC certs? GCIA fascinates me. Everything about Intrusion Analysis appears wonderful to me. Senior Intrusion Analyst...sounds sexy right? Is it? In the military it might be, but in the civilian world does it really boil down to graveyard shift log parsing and staring at Wireshark captures? GCIH? Same same?
In summary, I'm just looking for some kind of incite into how what I do everyday can translate to civilian work. I know it does, but will my cert path be better off mirroring my work experience, or is it possible to have some general security experince, grab a specialized cert like the GPEN, or the GREM, or the GAWN, and leap into the fire? Thanks in advance.