What to go for next?

billyr2009billyr2009 Member Posts: 120
After passing the CISSP, I'm wondering what to take next? I know the CISSP covers the 8570 requirement, but which cert do I attempt now? I am debating between CISM, GCIA, and someone had mentioned the ccfp? All seem valuable, how did you folks decide what to go with next? I have experience in both security auditing and intrusion detection.

Comments

  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    For GIAC courses, had your company to send you for them instead of studying for yourself. They cost about 5k and give poorer ROI than CISSP unless you self study for them, which is very hard. GIAC courses yields good ROI only when you do not have the 4 years of experience to be eligible of CISSP, hence that is where GIAC is the only certs organization that stands out.

    After 4 years of experience, you should look into either CISA or CRISC depending on your experience. CISM would require 4 years of managing experience, you can consider for it as well if you are eligible. If company are sending you for course, then GIAC would be the better option, since all the ISACA and ISC2 certs had a great amount of self study guide while GIAC had almost none.
  • CyberfiSecurityCyberfiSecurity Member Posts: 184
    I am actually working on both PMP and GIAC's GXPN (Exploit Researcher and Advanced Penetration Tester). And later I'll work on GREM (Reverse Engineering Malware). I always do self study, even 2 or 3 attempts are still cheaper taking bootcamp. I took ISACA CISA once, the information is overlap with CISSP; however, you have to put yourself in the position of AUDITOR not Manager or Technical Engineer. I got 425, and 450 is the passing score based on raw scores. I don't intend to go back to take it again because I don't see myself as an auditor. Besides, auditor is not really in the security realm, even though auditing is part of detection. Later this year I'll work on CCFP when the material is available.

    When I go through some of GXPN material, it is similar to CEH. However, it is in an advanced level. I do have my own home security lab, so I could practice on penetration testing, hacking, exploiting, and etc.

    I went to the school with a gentleman, who taught SANS courses. He recommended to look into SANS' instructor publications for my GIAC studies without taking the course. Mostly, the material are the same, just ensure to match with GIAC certification curriculum.

    Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses

    - Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software


    I read the SANS work and study program, you have to pay them ~ $1,000.00. Then you work as a facilitator at the conference, they will give you the materials for self study. Not sure if you are allowed to access on demand training course.
    [SIGPIC][/SIGPIC]
    Vice President | Citigroup, Inc.
    President/CEO | Agility Fidelis, Inc.
  • billyr2009billyr2009 Member Posts: 120
    Thanks for the replies. I feel I do want to go for the GCIA, but my company will not pay for the exam. I can try to go for facilitator, but I would not have an answer immediately on that front. I actually already own the Practical Malwae Analysis book :) Just need to finish reading through the whole thing. The other option I may be interested in, is the CISM or possibly CISA. However, in the techexams ISACA sub forum, I have been hearing a lot of complaints about these exams. But, I do notice that the CISM is highly marketable in terms of job opportunities which entices me.
  • teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
    If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D
  • teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
    If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D
  • kukkukukku Member Posts: 130 ■■□□□□□□□□
    What about ISSAP or ISSMP. Globally the number of professional who posses these certs are very less. For Information Security Governance, I always recommend ISC2 and ISACA certifications.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    OSCP? All depends on what you want to do. There are certifications on forensics, risk management, project management, etc.
  • sponge2sponge2 Member Posts: 38 ■■□□□□□□□□
    I have more questions for you than answers billyr2009.
    I am sure you are going to invest a good amount of $ and time on your next certification so ask yourself what would give you the biggest bang for your $ in your current position.
    Next if you are planning to move into another area of work, what are the kind of certifications required or needed?
    If none of the above questions pertain to your situation, pick a certification that is out of your comfort zone. This will get you an opportunity to learn about something different and flex your muscles in that area.
    All the best.
Sign In or Register to comment.