Security cert after CEH

DetectiveDavidHoffmanDetectiveDavidHoffman Member Posts: 5 ■□□□□□□□□□
I started a new job in security recently, and I'm presently working on my CEH. I'm curious what would be good to line up after that's done. I don't know yet what area of security I want to be in, but I'm fairly sure not management, so I really have no desire to go after a CISSP. As for red team/blue team, I don't know yet. So I was thinking either OSCP, or perhaps CCNA/P Security. Thoughts? Suggestions?

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    CISSP? In before beads!!

    You haven't stated what you background is and what your goal is. Are you looking to gain knowledge? Pass HR filters? Both? CISSP is without a doubt the most popular cert (at least from an HR perspective) in the Infosec arena. Like it or not, many places will not even look at you if you don't have it, regardless is you are a manager or a practitioner. I am no manager and went for the CISSP because it expanded exponentially the universe of jobs I could go for.

    Other than that and depending on where you are headed you can consider eLearnSecurity or perhaps SANS/GIAC. I always recommend people look for their ideal job in their ideal market and start working towards whatever requirements those dictate. If you are passionate about something your market is not demanding, also evaluate if it makes sense to go for it.
  • shochanshochan Member Posts: 1,004 ■■■■■■■■□□
    CompTIA has CASP...I have always referred to this PDF as a great source to figuring out which certification holds the best value or which one to go after completing one. Cheers!

    https://certification.comptia.org/docs/default-source/downloadablefiles/it-certification-roadmap.pdf?sfvrsn=2
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    I'm not a manager and went for CISSP which was highly recommended by my former CISO. CISSP is a requirement for my current SOC role.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    CISSP isn't just for management. Firstly, security is a business role, not an IT role, so it's important to understand that part of it. Secondly, type in CISSP into a job search engine and you'll see everyone and their mom asks for that cert.

    If you're totally dead set on not getting it though, then my next question is will your employer pay for the certs? If so, go SANS all the way. Those are really marketable and technical both.
  • DetectiveDavidHoffmanDetectiveDavidHoffman Member Posts: 5 ■□□□□□□□□□
    My experience is not much. My goal is to learn while enjoying the process. I enjoy technical things, solving problems, and working mostly autonomously. I'm not 100% sure I'll stay in security in the long run because there's a chance my job will dry up when our current contract ends, but since that's my role now then it makes sense to learn in that niche. Plus my employer will pay for certs.

    I wouldn't say there's no chance I'd go for a CISSP, but the policy and management aspects of it don't interest me at all. I don't ever want to be a manager or team leader or be in charge of anyone. I just want to work with tech.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    If you're looking for resume prowess, get the CISSP, regardless of anything else.

    if you're looking for technical skillset, SANS is tough to beat, but hella expensive.

    if you're paying out of pocket and want to get a bit deeper, CompTIA's non-Security+ exams are good. Many others here also recommend eLearnSecurity, but I have no experience with them (training budget is big enough for SANS icon_lol.gif)
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    markulous wrote: »
    CISSP isn't just for management. Firstly, security is a business role, not an IT role, so it's important to understand that part of it. Secondly, type in CISSP into a job search engine and you'll see everyone and their mom asks for that cert.

    That's more than a little broad. But I do agree with the people asking for the CISSP. The problem is the OP doesn't know what he wants to do in security, heck we don't even know what they do now. I think they need to figure out what they want to do in security, and then chart a path to get there.
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    Based on you saying that you enjoy technical things, and you may not stay in security, then I'd say CCNA is a good option. You'll learn a lot of technical networking concepts, and if you choose the CCNA Security, you'll even get some networking security in as well.
  • DetectiveDavidHoffmanDetectiveDavidHoffman Member Posts: 5 ■□□□□□□□□□
    Danielm7 wrote: »
    That's more than a little broad. But I do agree with the people asking for the CISSP. The problem is the OP doesn't know what he wants to do in security, heck we don't even know what they do now. I think they need to figure out what they want to do in security, and then chart a path to get there.

    The problem with this approach is that figuring things out is an active process. Avoiding all study paths just because you don't know which one suits you best is counterproductive overall.
  • DetectiveDavidHoffmanDetectiveDavidHoffman Member Posts: 5 ■□□□□□□□□□
    Based on you saying that you enjoy technical things, and you may not stay in security, then I'd say CCNA is a good option. You'll learn a lot of technical networking concepts, and if you choose the CCNA Security, you'll even get some networking security in as well.

    CCNA Security may be a good path. I was looking into SANS, which someone mentioned above, but their cert structure is less clear than Cisco.
Sign In or Register to comment.