Getting Started with Certs; Open to advice

MideMide Member Posts: 61 ■■□□□□□□□□
So even though I've been working in IT for around 15 years, I don't have one cert to my name since I took the formal education route with regards to career:


My work experience didn't really change with each additional degree/job, so I'm looking to see if the cert route is a better way to go. I'm currently a NAS/Server admin, but I'd like to wander over to the Security side of things. I've done some research and I guess there are some issues here and there, so any advice would be nice.

SSCP - Looks like a good stepping stone, but there is 1 year of infosec experience required. I don't know if my sys admin experience will cover for the infosec requirement. Additionally, searching on Dice for SSCP, I don't see many hits around where I live. This makes me wonder if this cert is worth the time/effort vs payout.

CISSP - Looks like the gold standard for certs in this arena, but I am far from the 5 years of experience needed. A few years can be knocked off with my degrees, but the content is of concern. Is the content of the exam, for someone who works in IT, but is not directly responsible for IT Security doable? I read that the route some people take is to pass the exam, then get a job in the field, but is that a common approach?

C|EH - Looks interesting and more technically hands-on. 2 years of infosec experience. It looks like they encourage candidates to pay for specialized classes (Around $3K) though.

Security + - Very entry-level. Not sure how useful it would look to a hiring manager vs the rest of my resume.

Just looking at what route is the best bang for the buck vs time.


  • techfiendtechfiend Member Posts: 1,481 ■■■■□□□□□□
    After following these forums for a few months, it appears that Security+ is a very reputable cert in the security field and required for some security clearances. I'd get Sec+ for sure and maybe Linux+ then if you can get SSCP go for that otherwise there is CCNA Security that doesn't require experience.
    2018 AWS Solutions Architect - Associate (Apr) 2017 VCAP6-DCV Deploy (Oct) 2016 Storage+ (Jan)
    2015 Start WGU (Feb) Net+ (Feb) Sec+ (Mar) Project+ (Apr) Other WGU (Jun) CCENT (Jul) CCNA (Aug) CCNA Security (Aug) MCP 2012 (Sep) MCSA 2012 (Oct) Linux+ (Nov) Capstone/BS (Nov) VCP6-DCV (Dec) ITILF (Dec)
  • ramrunner800ramrunner800 Member Posts: 238
    Having taken both, I'd give Security+ a bit more credit, and C|EH a bit less.

    C|EH is pretty much a cash cow for EC Council because it is so important if you work in the government sector. You either need to pay for their class or have 2 years of experience. If you have 2 years of experience, you still have to pay them $100 to verify it. I found it to be very similar to Security+. The depth of material is pretty much the same, but the focus is strictly on attack methodology, whereas Security+ tries to cover the larger security field. C|EH is only minimally hands on, though if you're motivated you can take the material much further than is required for the exam. You can pretty much just read the book and pass though. All of that said, it was a tremendous boost in my job search, because I work in the contracting field where it is valued, and HR people think C|EH is really great. I would definitely recommend getting it, I just want to make sure you know what to expect from the course.

    For both of the ISC2 certs, you can take the test even if you don't have the experience, which gives you the title 'Associate of X.' You then have a number of years to earn the certification before you are considered to hold the full cert. I believe that for Govt purposes having the 'associate' is considered the same as being fully certified, though perhaps a more knowledgeable member can confirm/correct that. I would imagine that your previous experience has touched the requisite security domains in some way, so it's very possible it may not even be something you need to worry about. I personally haven't seen much demand for SSCP, but demand for CISSP's is very high, and it is definitely the gold standard.

    Some other things I'd consider are:

    SANS - Certs from SANS are very expensive, but so is C|EH training. These certs are well known in the security industry, and the skills you learn in them are very valuable. My impression of them is that they're more than just a bit of paper you can claim on a resume.

    If you're particularly interested in the attacking side of things, check out eLearn Security and Offensive Security. Both offer very hands on courses. I don't know that they'll boost your resume the same way as the certs you've mentioned, but security is a 'do-ocracy', and those courses will certainly teach you to do stuff.

    Good luck!
    Currently Studying For: GXPN
  • MideMide Member Posts: 61 ■■□□□□□□□□
    Thanks for the advice gentlemen. I think I'll start with the SSCP then see where that lands me.
  • si20si20 Member Posts: 543 ■■■■■□□□□□
    I would tend to agree with the other posters. Although I don't have those certs, I know people who hold them and from what they've told me, combined with my own research, the CISSP is more for security managers/policy writers, the CEH is for people wanting to do pen-testing, but it's mostly theory which is OK but it's not going to make you a hacker. I actually think the term 'Certified Ethical Hacker' is decieving. CEH looks great when applying for a job though. As for the SSCP - you have to renew it every few years (same with CEH and SANS I think) but I keep asking myself: is it worth it? SSCP isn't the most well recognised cert and I don't think it'd do me that many favours.

    Security+ seems a decent enough one to take. I don't know how much practical is involved with it though - probably not much. If you want a completely hands on approach, the OSCP is the one to go for - but - you can read threads on here about it. It's probably harder than the CISSP. I'm doing the OSCP now so check out my thread for more info.
  • broli720broli720 Member Posts: 394 ■■■■□□□□□□
    Here! Make sure you pay attention to the years of experience you need in each particular role as you progress. Take a long on the forums as well; this question has been asked so many times in a variety of ways.

    CompTIA Career Pathways
  • overthetopoverthetop Banned Posts: 61 ■■□□□□□□□□
    1.I am not going to guide you left or right. But I will say that if you put each one of those certs in indeed if you get a feel for what is more sought after than others. I just searched one and it gave me 1000 hits, worldwide. I searched another and received 9,598.
    2. I know people who only have one certification, and that cert is CISSP. Yes the only cert they have. The CISSP Associate gives you 6 years to get the 5 years of experience -years of deduction for your degree=you'll be just fine.
Sign In or Register to comment.