Beyond certificates
Certificates are great to show one is willing to go the extra mile. They usually come with a structured learning path, and satisfaction when you receive that precious badge in your mailbox. It is easy to fall into the trap of grinding certificates one after the other, without applying the knowledge you have gained, keeping structured notes and practicing spaced repetition. Do yourself a favor, and invest your time into other areas such as networking (the in-person type), projects and volunteering. Organizations and vendors usually have some way of building and engaging their community for obvious reasons. Think in terms of conferences, online events, user group meetups, working groups, community projects, Slack and Discord channels.
CSP communities
Microsoft Customer Connection Programs come in a few different flavors depending on the products involved. Joining any CCP gives you access to community calls, private previews, and focus groups with Microsoft’s product teams. If you work at a place that has Copilot written all over it, I think it does make sense to have access to the roadmap of individual products. That way you can filter past the corporate sales talk and to a certain degree of transparency provided by the NDA, see for yourself which products are doomed and which ones Microsoft still invests in. These two are not mutually exclusive (like Windows 11), but you get the idea. You don’t want to be in the middle of an OKR, when you read an unwanted sales email from a Microsoft partner and you realize the very product you have adopted is declared EOS, e.g. CIEM.
As a member you can submit feedback about the products you work with, and you’ll be rewarded with points for your engagement. There’s gamification to keep doing so. The most active members are rewarded with badges, invites to join a podcast or a 1:1 with an engineer to discuss a topic of choice. Even though they are referred to as customer connection programs, you can also apply if you work for a Partner of Microsoft (many MSPs are members of the partner network).
For AWS folks, there’s the AWS Community Builders program. Applications are evaluated once per year, so this is something to plan ahead.
Cloud Security Alliance
CSA working groups are accessible and will welcome people even with limited experience. Some groups are more established in their ways of working than others, but in general you can contribute straight away by reviewing papers written by others and eventually get involved in new projects.
Local
Nothing can beat a local meet up, where you have the chance to meet other like-minded individuals and exchange ideas. Depending on the area you live in there will be different options, if there’s none - consider starting a local chapter with friends and/or colleagues. If you happen to be employed, your company should be happy to host an event once in a while, as it gives them brand exposure and results in a ton of positive PR material.
I happen to live in Warsaw at the moment, and there is a lot happening. If you’re elsewhere, look for the local equivalents of these.
- ISC2 Chapter Poland
- DC4822 - Official Warsaw DEFCON Group
- ISSA Polska
- OWASP
- Crossweb - overview of all events
- Meetup
Certificates get you the interview, but talking to people is often where the real value lies.