Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
(ISC)²
SSCP
What to go for next?
billyr2009
After passing the CISSP, I'm wondering what to take next? I know the CISSP covers the 8570 requirement, but which cert do I attempt now? I am debating between CISM, GCIA, and someone had mentioned the ccfp? All seem valuable, how did you folks decide what to go with next? I have experience in both security auditing and intrusion detection.
Find more posts tagged with
Comments
LionelTeo
For GIAC courses, had your company to send you for them instead of studying for yourself. They cost about 5k and give poorer ROI than CISSP unless you self study for them, which is very hard. GIAC courses yields good ROI only when you do not have the 4 years of experience to be eligible of CISSP, hence that is where GIAC is the only certs organization that stands out.
After 4 years of experience, you should look into either CISA or CRISC depending on your experience. CISM would require 4 years of managing experience, you can consider for it as well if you are eligible. If company are sending you for course, then GIAC would be the better option, since all the ISACA and ISC2 certs had a great amount of self study guide while GIAC had almost none.
CyberfiSecurity
I am actually working on both PMP and GIAC's
GXPN (Exploit Researcher and Advanced Penetration Tester)
. And later I'll work on
GREM (Reverse Engineering Malware)
. I always do self study, even 2 or 3 attempts are still cheaper taking bootcamp. I took ISACA CISA once, the information is overlap with CISSP; however, you have to put yourself in the position of AUDITOR not Manager or Technical Engineer. I got 425, and 450 is the passing score based on raw scores. I don't intend to go back to take it again because I don't see myself as an auditor. Besides, auditor is not really in the security realm, even though auditing is part of detection. Later this year I'll work on CCFP when the material is available.
When I go through some of GXPN material, it is similar to CEH. However, it is in an advanced level. I do have my own home security lab, so I could practice on penetration testing, hacking, exploiting, and etc.
I went to the school with a gentleman, who taught SANS courses. He recommended to look into SANS' instructor publications for my GIAC studies without taking the course. Mostly, the material are the same, just ensure to match with GIAC certification curriculum.
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses
-
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
I read the SANS work and study program, you have to pay them ~ $1,000.00. Then you work as a facilitator at the conference, they will give you the materials for self study. Not sure if you are allowed to access on demand training course.
billyr2009
Thanks for the replies. I feel I do want to go for the GCIA, but my company will not pay for the exam. I can try to go for facilitator, but I would not have an answer immediately on that front. I actually already own the Practical Malwae Analysis book
Just need to finish reading through the whole thing. The other option I may be interested in, is the CISM or possibly CISA. However, in the techexams ISACA sub forum, I have been hearing a lot of complaints about these exams. But, I do notice that the CISM is highly marketable in terms of job opportunities which entices me.
teancum144
It depends on what you want to do. If you want to stay close to security technology, I highly recommend a Linux certification:
http://www.techexams.net/forums/ec-council-ceh-chfi/35544-so-you-want-take-ceh-read.html#post251615
LFS Project Homepage
CompTIA Linux+ Powered by LPI Certification
Linux Certifications Overview | Linux Professional Institute (LPI)
CompTIA Partnership | Linux Professional Institute (LPI)
Red Hat | Certifications
teancum144
Here's another relevant thread on this topic:
http://www.techexams.net/forums/security-certifications/112239-isacas-new-csx-cyber-security-nexus-certifications-roadmap.html#post953741
kukku
What about ISSAP or ISSMP. Globally the number of professional who posses these certs are very less. For Information Security Governance, I always recommend ISC2 and ISACA certifications.
TechGuru80
OSCP? All depends on what you want to do. There are certifications on forensics, risk management, project management, etc.
sponge2
I have more questions for you than answers billyr2009.
I am sure you are going to invest a good amount of $ and time on your next certification so ask yourself what would give you the biggest bang for your $ in your current position.
Next if you are planning to move into another area of work, what are the kind of certifications required or needed?
If none of the above questions pertain to your situation, pick a certification that is out of your comfort zone. This will get you an opportunity to learn about something different and flex your muscles in that area.
All the best.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
