Whats next?

After completion of Net+ and Sec+ this year i need my next target. Im mostly intersted in which security certification i need to obtain next. Basically here is what ive been thinking:

CISSP - My ultimate goal, i dont meet the requirements, and all the studying for other security related materials will help me get there.

CEH - I would have a very hard time listing anything on a resume that had the word Hacker in it. I know the differences between a hacker and a cracker and skiddie but how many HR people do?

SCNP - Ive never heard about it, and basically do not know if its respected or not.

CCSP - i may look into getting the CCNA this year, but currently im looking into something more vender neutral.

CIW Security - Another cert that i know little about, sounds somewhat interesting, but after viewing the forums here there isnt much info about it.

Checkpoint certs - im looking for a foot in the door not a specialization at this point in my life.....it could be something i look into next year.

Another major factor in this decision is income. Attending/paying for college, rent, all bills on a part time job doesnt leave much room for extra spending on study materials.

My next cert needs to be respectible, within my price range to study for (couple of books) and the exam costs.

Any help from any of you security and cert junkies would be appreciated.

Find more posts tagged with

Comments

Webmaster

Instead of the CISSP, you might have a look at SSCP. Although not as well known as CISSP, it 'is' from ISC2.

I would have a very hard time listing anything on a resume that had the word Hacker in it. I know the differences between a hacker and a cracker and skiddie but how many HR people do?

Surely they will understand the word 'ethical' in front of hacker. I don't think that's an issue, but I could be wrong. Hackers are amonst the best paid security pro's, which is something that's failry well known. The material itself will be useful in virtually any infosec job.

CIW Security may be another resume enhancer, but I doubt it will hold much value.

I posted a link/quote of a report once in this forum that shows Checkpoint skills are very much in demand. However, I'm not sure how how much value a Checkpoint cert without MCSE holds. The CCSA won't make you a specialist, the knowledge applies to other firewall products and security in general as well (even though it is mainly checkpoint-specific). If you do consider this one, make sure you read about the recertification policy.

I think CCNA is a good choice. It will give you a better foundation in networking than Network+, and you can combine it with individual CCSP exams (ie. firewall exam) to earn a Cisco specialization cert (i.e. Cisco firewall specialist). Have you considered MCSA/MCSE:Security? These more practical certs probably lead to a job sooner than Sec+, SSCP, SCNP, and similar 'theoretic' certs.

Good luck with your decision!

seuss_ssues

Strangely enough i had overlooked the SSCP when i was trying to list certs and 5 minutes after i made my posting i bid (ebay) on a book for that exam. The near $400 price tag is a little much, so i may only study the book helping prep for the CISSP which i will only take once i meet all the requirements.

You mentioned the MCSE Sec certification, i have often thought about it and it may become a reality after next semester i have an ADV LAN class that helps prep for some of the microsoft exams and a fair amount of experience in a 500 or so desktop environment using mostly windows. My only hesitation has been talking to some of the IT people in my area "everyones got an MCSE" and knowing full well the number of braindumpers out there. But nevertheless i may begin studying.

I definately agree with the CCNA > net+. I basically took the Net+ because it got me college credit for a class. Cert costs + a $60 fee was still less than tuition, one less class to take gets me out sooner, and it is still a bullet on a resume.

Webmaster

Which SSCP book did you get?

The near $400 price tag is a little much

I agree, but on a positive note, there is a huge amount of overlap between Security+ and SSCP so the amount of time and money that goes into preparing for it could be less than usual.

milliamp

I agree with your position on the name of the CEH.

I had some comp-sec backround before starting work at my current employer. I never listed any of it on my resume but just knowing a few things got me some pretty strange looks from people. I guess I would equate the experience to working for the DEA and describing what it feels like to smoke crack. It even got me a meeting with "the bobs" for something I (clearly) didn't do.

I was up for a job interview for a new position and the managers friend was one of the people bidding against me. I did great in the interview but the hiring manager used my knowledge of computer security as a reason not to hire me. (his friend got it, I got in a few months later).

I think the stuff the CEH covers is really useful to know, but I would still be more than a little scared to put the H word on my resume anywhere.

In short many people still read "Cirtified Ethical Hacker" as "Certified Criminal".

seuss_ssues

Here is the description:

Title: SSCP: Systems Security Certification Practitioner Study Guide & DVD Training System
Brand New, Unread, Hardcover, DVD Included
Authors: Jeffrey Posluns, Robert J. Shimonski, Jeremy Faircloth
Publisher: Syngress ISBN: 1931836809
Copyright: 2003 Retail: US$59.95

I didnt really do much research on the book, but since i got it and shipping for around $15 i cant be too upset about it. There really arent alot of decent security reading material on ebay.

Do you have any experience with that author or this book?

Munck

Normally, I would recommend SANS tracks in your situation, but since cost is an issue, I guess it's not an option.

About which cert. is "valueable" or not, it depends a lot about where you live. Look at jobs ads in your area - what certs are listed?

SSCP, CIW, Comptia and CEH are never listed in my area.
CISSP, CISM, CISA, CCSP, Checkpoint and SANS are. That narrows my choices down.

As ones primary goal by studying for cert is "more soup for the cv", if the cert is not in demand, it's not worth doing IMHO.