Ethical hacking cert CEH, Cissp or MSC inforamtion security

ajmagic

Hi all I am trying to get into Pen testing and ethical hacking or cyber security

I can either do a masters in Information security for 10k (Pounds sterling) full time one year which will give me others modules

or certify myself for a professional exam be it Ethical hacking cert CEH or Cissp in lot shorter time

My question is which one will a prospective employer want for either pen test or cyber security roles.

Im guessing the MSc will give me better report writing skills as there is project and course work. I currently have 15 year 2nd line support experience mainly contracting and want to get out of this field.

My second question is which would you say pays a better salary on the contract market, pen tester or cyber security analyst.

Thanks

BuzzSaw

The first question off the top: How much experience do you have in security specifically?

Technically speaking, both certification's you listed require a certain amount of experience. (You could go with the whole associate of ISC thing I suppose)

My two cents: If you are really wanting to move into security, I am not sure a masters degree gets you there any faster than certification's and experience. The biggest question would be, where do you ultimately want to end up? In the modern business world, a masters degree would likely help push you into management. I have seen some people get promoted due to education. Overall, education seems to be a bigger deal in management than at the "blue collar" tech level (figuratively speaking)

Clm

Question which do you want to do? pen testing is a specific role but cyber security is a wide range of roles. CISSP is always good to have on the resume.

636-555-3226

While it is glamorous, pen testing isn't exactly an entry-level job (as long as you want to be a *good* pentester). CEH will give you a high level of information but isn't going to teach you much of real-life hacking/pentesting. Sort of like reading a 1000-slide PowerPoint Wikipedia article on hacking.

All masters programs are different, so it's hard to tell what the particular school you're looking at can offer you.

CISSP has a hard requirement for experience you probably don't already meet. It also doesn't teach you much about hacking or living in a real-life infosec role. C

CISSP is the best resume-builder in the US as it's listed on just about every infosec job from entry-level to CISO. CEH is widely asked for, too. Remember, neither will teach you how to be an infosec professional.

Contract market in the US pentester is better paying. InfoSec analysts aren't really contracted out except to MSSPs (managed security services providers), and the pay for those in my experience is pretty bad while the workload is similarly pretty bad.

If I were you hire your company to give me a pentest and you came in, you'd better be able to do more than use an automated tool to look for LLMNR requests. You'll need to tell me what LLMNR means, why it's in my network, whether or not it's safe for me to turn it off, and how I go about turning it off. You're not going to gain that knowledge from a cert course - you need to live & breath infosec & all things general in IT to be *good* at pentesting. Do you have that wide-breadth of IT knowledge already?

mbarrett

My thought is, if you have a specific goal in mind like it sounds and you just want to get in the door someplace, a cert might serve you better than the degree. You could get a job somewhere & gain experience instead of studying for the next X years. On the other hand if you are looking at a management track or similar, do the degree it will serve you better in the long run.
There are plenty of certs out there, take a look around there might be one that's a good fit. The CISSP is broader and designed for someone with experience in the field. They have an associate-CISSP for people who don't have the experience. I think the CEH asks for 2 years industry experience and it's more targeted.