Torrey Naylor
Certification Track
A deliberate path from Microsoft fundamentals through (ISC)² senior security credentials.
The roadmap below reflects an intentional progression: Microsoft fundamentals first to anchor cloud and security vocabulary, then the Azure Security Engineer Associate for hands-on cloud security depth, then the (ISC)² track (SSCP and CISSP) to round out vendor-neutral senior security credentials. Each cert is dated against my current schedule, including a B.S. in Cybersecurity from CSU Global expected March 2027.
  1. 1

    AZ-900

    In Progress target Summer 2026

    Microsoft Azure Fundamentals

    Foundation cert covering core Azure services, governance, identity, pricing, and SLAs. Establishes the common vocabulary for the rest of the Microsoft cloud and security track.

  2. 2

    SC-900

    Planned target Fall 2026

    Microsoft Security, Compliance, and Identity Fundamentals

    Cross-cutting overview of Microsoft Entra, Defender, Purview, and Sentinel. Direct overlap with current Purview lab work on sensitivity labels, DLP, and audit log analysis.

  3. 3

    AZ-500

    Planned target Winter 2026/27

    Microsoft Azure Security Engineer Associate

    Role-based associate cert focused on identity and access, platform protection, security operations, and data and application security in Azure. The first credential that signals hands-on security engineering depth on the Microsoft stack.

  4. 4

    SSCP

    Planned target Spring 2027

    (ISC)² Systems Security Certified Practitioner

    Vendor-neutral practitioner cert across access controls, security operations, risk identification, incident response, cryptography, and network security. Paired directly with ITS415 (Principles of Cybersecurity) at CSU Global, which is framed as SSCP preparation.

  5. 5

    CISSP

    Planned target Late 2027

    (ISC)² Certified Information Systems Security Professional

    Capstone of this track. Eight CBK domains including security and risk management, asset security, security architecture, communication and network security, identity and access management, security assessment and testing, security operations, and software development security.