I've been using and administering Splunk Enterprise since Splunk 4. I have certifications up to the current Splunk Architect level.
While I don't know that this will help any sort of transition, I'm interested in a move to cybersecurity and I'm looking at the one Splunk Enterprise Security certification that Splunk offers (Admin).
When reading the course descriptions, it seems to me that there's a lot of overlap between the "Using Splunk for Enterprise Security" course and the "Administering Splunk for Enterprise Security" courses.
Does anyone know if taking the admin course would actually cover most of what's in the Using course? That is, would being an admin mostly prepare you to be a user as well or do you really have to take both to understand anything other than being an admin?
I ask because I was unable to access SES at my previous job (just used Splunk in the regular IT sense). I find myself unemployed at the moment and while I can't show any experience on the SES side, I would like to at least show that I've done something serious with regards to SES.
Thanks very much
... View more