Hey everyone! I've been working as a sysadmin for about a year now at an outsourcing firm, primarily handling servers in a mixed environment, although I do prefer Linux (Debian/Ubuntu). We have around 500 users and everything is on-prem. My daily tasks involve working with Active Directory, Proxmox, Zabbix, dabbling in Docker, experimenting with k3s, and managing networking with Mikrotik. Lately, I've been feeling a bit stagnant and would love to be more proactive in my learning journey. I'm interested in shifting my focus towards security, particularly in areas like SOC or cloud security, but I'm still exploring my options. Here's what I'm doing on my own: I'm subscribed to TryHackMe and still working through the initial paths, and I have a home Proxmox server set up for creating VMs. For those who have made a similar transition or have more experience: What home lab projects helped you really develop your skills? Are there any certifications that I should consider pursuing now? What should I be focusing on in my current role to gain relevant security experience? Any books or resources that have significantly influenced your approach to systems or security? I'm feeling a bit stuck and would really appreciate any guidance!
6 Answers
You’re definitely on the right track, and I echo what others have said about your Linux and networking knowledge setting you apart. Keep building that experience, and don’t hesitate to explore more projects related to security for your home lab.
Here's a thought: many IT Security Specialists lack real-world sysadmin experience. They sometimes make policies that don’t always align with the actual business needs. If you can maintain a balance between strong sysadmin skills and a solid understanding of security practices, you’ll be in a great position. Try to connect with your security team for mentorship and guidance, and incorporate security practices into your workflows for immediate impact.
With your background as a sysadmin, you have a fantastic foundation to build on. I’d definitely recommend looking into getting a CCNA certification if you haven't already. It really shows that you understand networking, which is crucial in security roles. A CCNA can really make you stand out when applying for entry-level security jobs!
You're already doing a lot with Zabbix and your open-source projects! That's a huge plus. How are you handling logging in your environment? It's crucial for security and can provide immense insights.
If you're leaning towards cloud security, I suggest checking out Azure certifications like AZ-104, SC-300, and AZ-500. Networking skills are also vital; consider the AZ-700 certification to bolster your expertise!
You should be focusing on securing the systems you manage. Look around your current environment and identify vulnerabilities or areas that need improvement—start securing those aspects. You don't need any special membership to do meaningful security work. Just take the initiative!
Thanks! I should have mentioned that I actually earned my CCNA (v7). It's reassuring to know it holds value for security roles.