career "next step" recommendation - CISSP-ISSAP or CEH or CCN? Security?

rickberr

Due to work schedules, I finally had the "I passed the CISSP" conversation with my manager today and one of the questions he asked me was where did I want to go from here. My area of focus is business to business infrastructure & design so we discussed the merits of obtaining the ISSAP designation. I personally am interested in the CEH and Cisco security certifications but as I am researching the ISSAP designation, it seems like a natural fit based off what I do now and since the CISSP studies are still fresh in my head. Anyone willing to give me their opinion/suggestions? It would be especially beneficial if you have already gone the ISSAP route. I am just trying to do some proactive career mapping. Thank you in advance. Rick

kalkan999

CEH is a cakewalk compared to CISSP. ISSAP is a great way to go if you work for the US or Western European Defense Departments.

rickberr

That is good information, thanks for the reply.

jonwinterburn

kalkan999 wrote: »

CEH is a cakewalk compared to CISSP. ISSAP is a great way to go if you work for the US or Western European Defense Departments.

As a UK private sector employee, do you think ISSAP or ISSEP are of any value to me? I've toyed with the idea of them both, as they look interesting, but I'm not sure if they'd add any value to my career or my CV. Are these concentrations mainly in demand in US DoD or civil service? I don't see much demand for them in private sector roles, but maybe I'm not looking at the right jobs.

beads

The CISSP-ISSAP may be of some benefit as its civilian orientated. I cannot for the life of me understand why anyone would want to pursue the -ISSEP unless they were seriously thinking about working for the US Government. Even then I would recommend CAP as a start as this is the basis of the -ISSEP exam.

Full disclosure I am basing this on my understanding of the exam from 'Redz' who is no longer active on this board but please read all his quotes in the last couple of InfoSec magazine. Sheesh, bro. Boss hookin' you up or what? LOL!

- b/eads

beads

@kalkan999;

Have to agree there. The CEH has gotten much easier over time and now a cake walk. The 'tour of tools' is quite apt, I believe.

- b/eads

dou2ble

I agree with Beads. The ISSEP is a beast of a test and only useful if you're working for the US gov. Sure there are sec engineering principles that can be used in the commercial world but the time it'll take you to study and pass it will be wasted because there are more applicable ones out there. And if you really want just that sec engineering knowledge take CAP.

rickberr

All, thank you for the feedback, it is greatly appreciated. In regards to my boss; yes, he definitely believes in upward mobility and personal growth.

Spin Lock

I've been considering the CEH as well, but my biggest concern is the cert's declining reputation. At least on TE, folks don't think that highly of it.

Did you look at any of the SANS certs?

jonwinterburn

Spin Lock wrote: »

I've been considering the CEH as well, but my biggest concern is the cert's declining reputation. At least on TE, folks don't think that highly of it.

Did you look at any of the SANS certs?

I too am thinking about CEH. Fact is, I'm not sure which way to take my career post-CISSP, so am looking in all directions. From a pen-testing perspective, the OSCP appeals to me, so CEH would be a good first step in the right direction. Sure, it's lost its credibility somewhat amongst us in the know, but it still appears to be in demand and well respected by recruiters. SANS is way too expensive if you're funding yourself, which is a shame as they look really good.

gespenstern

Pretty sure that you can pass CEH immediately after CISSP if you studied well. But don't bother, this cert is a joke, I would suggest to skip it.

gespenstern

As for SANS certs, my view is they are okay as long as your employer is willing to pay for them. If it isn't I wouldn't bother also. Cons are: too expensive (AFAIR >$1000 per "challenge" exam attempt), bootcamps are several thousand dollars for a week, you are allowed to use **** sheets on exams (at least some of them), there are a ton of similar exams (just try to find out which one should you take for, say, computer forensics) so I start to think why would they want to roll out that many certs, maybe they are trying to yield more money by doing that, plus, there aren't many study materials you could use for studying on your own, so I start to think why is that, isn't it because they want me to buy their overpriced numerous bootcamps, etc.

While CISSP-ISSAP is reliable and trusted and looks like a way to go.

Vendor's certs like ones on EnCase are okay if you use their products...

Cyberscum

I would say a good masters program. Maybe MBA... Certs after CISSP are hit and miss.

jonwinterburn

Cyberscum wrote: »

I would say a good masters program. Maybe MBA... Certs after CISSP are hit and miss.

Too expensive, not enough ROI

Cyberscum

jonwinterburn wrote: »

Too expensive, not enough ROI

Agree, but those are the only two regular requirements I see in job listings. (INFOSEC world)

rickberr

Yeah, I checked SANS but the prices are so high that it's a hard sell for my boss. Also, after seeing that a lot of their tests are open book it's a little bit of a letdown. I guess if you pay that much for a class passing should be guaranteed. Overall, I'm not interested in becoming a pen tester but I think it would help me to be a more well rounded security professional so I may just go through the free Cybrary.it "hacking" courses.

I am leaning towards pursuing the ISSAP and maybe a security certification from Cisco then just working on as many projects as the wife and kids will allow. Also, due to the environment I work in PMP will probably get "suggested" at some point.

GForce75

I would knock out CEH. I did it including CHFI. I felt as though it would help me start the process with SANS courses in the future. PMP is my next focus also and the IASSP is a future goal of mine (work for the govt).