Recommendations on technical security certifications

Hi all,

I'm working towards transitioning from my desktop support/infrastructure role to specializing more in security. I currently hold CompTIA A+, Net+, and Security+ as well as GIAC's GISF certification.

I was hoping to work on an intermediate-level certification that was more technical - I'm still trying to decide between a more technical or management track in security and thought getting a cert that was more technical might be a good starting point.

In reading through the forums here, and some other sites, I was considering going after the CEH certification. CEH seemed to have good market value and be a good introduction to the more technical side of information security. I was also looking at SSCP, but that seemed to hold less weight (at least after doing some searches on various job boards) - but perhaps I'm off-base on that?

I just wanted to see if there were any thoughts or other recommendations to be considered?

Longer-term, I'd like to get a few more certs under my belt to get a broad base of knowledge and then go after my CISSP to tie it all together.

As always, I sincerely appreciate any feedback or suggestions. Thank you!

Find more posts tagged with

Comments

IronmanX

GLaDOS wrote: »

I was hoping to work on an intermediate-level certification that was more technical - I'm still trying to decide between a more technical or management track in security and thought getting a cert that was more technical might be a good starting point.

In reading through the forums here, and some other sites, I was considering going after the CEH certification. CEH seemed to have good market value and be a good introduction to the more technical side of information security. I was also looking at SSCP, but that seemed to hold less weight (at least after doing some searches on various job boards) - but perhaps I'm off-base on that?

I think SSCP doesn't hold much weight because it is over shadowed by its bigger brother CISSP. It seems most people would prefer to be a Associate CISSP then a SSCP.

As far as "an intermediate-level certification that was more technical" yeah CEH is probably your best choice. OSCP would be another choice but I would say not intermediate level. GSEC and GPEN if you have the funds would be good too.

You seem to like Comp Tia what about Linux+? Not really security related but you need to have a good understanding of linux to work in the techincal security world. Just a thought.

GLaDOS

Thanks IronmanX - I appreciate the recommendations!

I don't necessarily have any preference towards CompTIA - it was just recommended to me when I first started to try and break into IT. I was considering something like Linux+ at some point, just to get some real exposure to the Linux OS and diversify a bit from Windows.

636-555-3226

If you can afford it GIAC is the best way to go for technical stuff. Otherwise many of the security tools used by companies have freeware versions - Splunk, Nessus, Snort, OWASP ZAP, etc etc.
CEH is OK but I wouldn't necessarily recommend if it you can afford GIAC. Many many many people here recommend eLearnSecurity's suite, but I've never reviewed them myself.

tedjames

I started eLearnSecurity's Penetration Testing Student program last week. I finished the first module and lab a few days ago. So far, I'm very impressed with the combination of theoretical and hands-on training. If you just want to gain theoretical knowledge and add some extra letters to your resume, the CEH might be the way to go. But if you actually want to do the work, I would recommend augmenting your training with some hands-on, practical experience. That's what I like about eLearnSecurity. OSCP uses a similar method.

Regarding GIAC or any other SANS certification, yeah, if you (or your company) can afford it, that's the way to go. However, from what I understand, you have to take their training in order to take the associated exam. You can't self study. And they are not cheap. I think their courses cost around $5000 each. It's high quality training, but it's out of reach for many of us.

Fadakartel

CEH is the way to go for us poor people, Iv`e heard GIAC is one of the best along with OSCP.

UnixGuy

PS: you can self-study and challenge GIAC exams.

I wouldn't waste time on CEH....go eLearnSecurity it's cheaper and you will learn a lot

tedjames

eLearnSecurity's Penetration Testing Student training and eJPT certification is a good way to go (working on it now). You can get their Elite training with 60 hours of lab time and three free exam retakes for $399. Check it out:

https://www.elearnsecurity.com/course/penetration_testing_student/

Some of the material so far is review to me, but then there's so much more.

To be fair, the CEH All-in-One covers a great deal of theoretical knowledge. I'm going to use that as a supplement to what I'm learning through eLearnSecurity, but I won't be sitting for the CEH exam.