Options
Security+ and SSCP - what next?
jonemac
Member Posts: 11 ■□□□□□□□□□
Hi,
I'm about to sit for both the Security+ and SSCP exams. I did the CBT Nuggets for both and thought the Security+ by Keith Barker really interesting and the SSCP incredibly boring and dated (it's 10 years old!). I also read the books for both by Darill Gibson and have to say, the man does a better job of explaining difficult subjects than just about anyone I've ever read. The only thing that was unfamiliar to me was the actual security frameworks based on the various NIST docs.
I'm now trying to chart a course going forward.
I've been writing software off/on for over 20 years using various languages (BASIC, assembly, Object Pascal, C#, HTML, XML, etc.) and can read and follow the logic on just about any of them without issue. I have, or have had, the following certifications: A+, MCP, MCSA & CCNA (expired). I've worked as the Director of Technology for a couple of different companies and have consulted off/on for many years for many, many other small businesses trying to keep them from exposing themselves (security and network issues) and/or shooting themselves in the foot (licensing issues).
I'm completely comfortable with most Windows command line tools, most Linux tools and various other utilities like Wireshark, nmap (Zenmap), TCPView and many more..what I can't find decent utilities for, I tend to write myself.
I'm torn between jumping to the CISSP or tackling the CEH?
Considering my history, which do you think would be best and why?
I'm about to sit for both the Security+ and SSCP exams. I did the CBT Nuggets for both and thought the Security+ by Keith Barker really interesting and the SSCP incredibly boring and dated (it's 10 years old!). I also read the books for both by Darill Gibson and have to say, the man does a better job of explaining difficult subjects than just about anyone I've ever read. The only thing that was unfamiliar to me was the actual security frameworks based on the various NIST docs.
I'm now trying to chart a course going forward.
I've been writing software off/on for over 20 years using various languages (BASIC, assembly, Object Pascal, C#, HTML, XML, etc.) and can read and follow the logic on just about any of them without issue. I have, or have had, the following certifications: A+, MCP, MCSA & CCNA (expired). I've worked as the Director of Technology for a couple of different companies and have consulted off/on for many years for many, many other small businesses trying to keep them from exposing themselves (security and network issues) and/or shooting themselves in the foot (licensing issues).
I'm completely comfortable with most Windows command line tools, most Linux tools and various other utilities like Wireshark, nmap (Zenmap), TCPView and many more..what I can't find decent utilities for, I tend to write myself.
I'm torn between jumping to the CISSP or tackling the CEH?
Considering my history, which do you think would be best and why?
Comments
-
Options
danny069
Member Posts: 1,025 ■■■■□□□□□□
Considering you know many tools and their command line options, you should do the CEH (you have the experience), then do the CISSP. I'm doing both, because why not?I am a Jack of all trades, Master of None -
Options
gncsmith
Member Posts: 459 ■■■□□□□□□□
I agree with danny069, and would recommend the CEH, and then move to the CISSP.
Coincidentally, I was speaking with my IT Recruiter yesterday (STL area), and he said the largest portion of positions he sees regularly and with the most ROI are currently CEH, CISSP, and just about anything Red Hat or Cisco. Yes, there are others but, like he said, "most ROI". He said in the last year there's been a lot of virtualization listed in positions but it's a mix as to what the employers are looking for.