Verdict
Is your career plan actually realistic?
Pick your current role, your target, and any certs you're banking on. You'll get a single call on whether the plan holds up, plus a verdict on each cert against this specific move.
Written by James, a UK security architect. Twenty years from helpdesk through infrastructure to security.
How the verdict is made
Four points, no fluff.Realism call
Realistic, stretch or unrealistic, given the gap between where you are and where you're aiming.
Atlas distance
How many credible steps the move takes on the graph, and where most people pause for an intermediate role.
What to sit and what to skip
Each cert tagged useful, optional or skip for this specific move, with a one-line reason.
Tradeoff you're ignoring
The on-call, coding intensity or seniority bar your plan usually skips over.
A real verdict looks like this
Worked example · SOC Analyst → Cloud Security EngineerStretch · 12–18 months
Credible move, but not a one-jump shift.
You're two roles away on the Atlas, not one. Most people make this jump via a cloud-aware SOC role or a junior cloud engineering seat first. Going direct is possible if you've already shipped IaC in anger and own a production AWS or Azure tenant outside work. Otherwise expect a sideways step.
What to sit and what to skip
AWS Security Specialty, Useful
Directly maps to the target role. Hiring panels read this as intent, not just exam-passing.
CCSP, Optional
Vendor-neutral and respected, but slow. Worth it once you're in the role, not as the thing that gets you there.
CISSP, Skip for now
Wrong cert for this move. CISSP is a seniority signal; you need an engineering signal. Park it for two years.
Cloud security at the engineering end means writing Terraform and reviewing pull requests, not just reading alerts. If you've not been shipping code in the SOC seat, that's the gap to close first. The certs won't.
Yours will look like this. Fill the form below to generate it.