Cert Guidance - Info Security

wtrwlkrwtrwlkr Member Posts: 138 ■■■□□□□□□□
hello everyone,

I'm a network admin looking to branch out into the information security sector. I have Sec+ cert courtesy of the military, which is about to expire. Rather than retake the Sec+ exam, i'm looking at "higher level" certifications which will renew my Sec+ and put me ahead once I decide to look for a information security gig.


I considered the CISSP, CEH and SSCP, and perhaps one of the GIAC certs. I decided against the CISSP due to the fact that I don't meet the experience requirements, and the CEH due to the outrageous cost and the opinions of many on the CEH forum that the return on investment isn't very high. I would like a GIAC cert, perhaps the GCIH, but i'd like to get in a job where the company will pay for the $1000+ exam fee. So this leaves me with the SSCP, which is only $250, and will set me up for CISSP once I've met the experience requirements.


Does this seem like sound reasoning? I'm interested in the opinions of people already in the security field. I didn't find Sec+ challenging at all, and i'm looking for a cert that will set me apart from those who have Sec+ thanks to 8570. Thanks for your opinions everyone.

Comments

  • SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    My honest opinion? Save your money and get a GIAC cert, the ROI is much higher than the SSCP. Alternatively there are a number of other vendors providing offensive IT sec certs. They won't have the bang of a known cert, but when you discuss their ROI with an employer, it will work in your favor.

    As for the CEH, I disagree with many, the ROI on my CEH has been very high. When I walked into a shop where the highest cert for my position was a Sec+, guess who is the rockstar? People can say whatever they like about the exam, and the company, but if you study the material, if you practice, you'll have a good base of knowledge from which to grow.

    Finally you need to decide what you want to specialize in and go for those certs. Do you want to work in offensive security? Information Assurance and Compliance? Network Defense? Security Engineering? Those will all determine what certs will provide the most value.

    And I don't know why people are scared of the Assoc. of ISC2 - CISSP designation... I wouldn't do it personally because I detest the CISSP machine and the CE requirements but that is just me.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    SaSkiller wrote: »
    And I don't know why people are scared of the Assoc. of ISC2 - CISSP designation... I wouldn't do it personally because I detest the CISSP machine and the CE requirements but that is just me.

    Probably because you can't list the acronym "CISSP" on your resume at all and no one else knows what Assoc of ISC2 even means. I'd agree with your points in the CEH, you might not learn a lot and if you actually want to go into pen testing it won't hold a lot of legit cred, but for some reason HR people like to see it.

    Also, as SaSkiller pointed out, security is a HUGE field, figure out what you want to do in it and then point your training towards that. You wouldn't get a CEH hoping to become a researcher, you wouldn't get your CCNA security hoping to become a pen tester, etc.
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    So here's the problem I've seen with CEH, it sounds cool so everyone who doesn't know infosec expects you to be a super l33t hax0r, it really is a simple test and most don't learn a lot of new stuff when taking it, so they don't try. If you're not familiar with attacks, it can be a good learning experience if you put the effort in to it.

    As far as getting a job goes though, it's a requirement for the CND positions on the 8570 chart, so if you plan to do gov work either directly or as a contractor it will get you phone calls faster than anything other than CISSP. Keep in mind the CND section is it's own area and doesn't fall under IAT/IAM levels and CEH covers all of those positions, so you need it if you're going to work as an analyst, incident response, pentester, etc in the government. Basically all of the pure security roles require CEH.

    That being said, for Gov 8570 requirements again, Associate of CISSP is equivalent to having the CISSP certification and allows you to work in all 3 IAT/IAM levels. CISSP + CEH = you have the minimum requirements for every position covered. Some will require more, but that combo will give you the best start you can get.
  • soccarplayer29soccarplayer29 Member Posts: 230 ■■■□□□□□□□
    What about taking CompTIA CASP instead? It checks many of the same DoD requirements as CISSP and will upgrade your Sec+ to CE (I'm 90% sure I'm correct in that...but correct me if i'm wrong).

    CASP isn't as recognized as CISSP but I think it would be a good option in your situation.
    Certs: CISSP, CISA, PMP
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    What about taking CompTIA CASP instead? It checks many of the same DoD requirements as CISSP and will upgrade your Sec+ to CE (I'm 90% sure I'm correct in that...but correct me if i'm wrong).

    CASP isn't as recognized as CISSP but I think it would be a good option in your situation.

    I agree with this. But, I would also throw in the CISA exam as well as become a member of ISACA. It will be well worth it for you in the long run.
Sign In or Register to comment.