Next Security Cert
markulous
Member Posts: 2,394 ■■■■■■■■□□
So the company I just got hired onto will pay for any security certification and depending on the budget, will put me through a bootcamp if necessary. I'm really not 100% sure which way to go so I wanted to ask for some advice. It's my first pure infosec job, so I don't have a ton of experience, but I'm not a complete newb either. I'm still in my MS degree, but may have some downtime in a month (or I just start next year after I finish) Here's some of what I'm thinking:
CISSP - I want to get this regardless. I think I just meet the experience requirements for this. They may want me to get a technical cert before then but not 100% sure.
GSEC - They've mentioned this one. This wouldn't be a bad cert to get. I can even use my lead's index.
OSCP - Right now we hire a 3rd party to do the majority of our pen testing so this may be something to look at. I have almost zero pen testing experience.
CASP - Another solid cert that I'm leaning towards getting at some point.
Other - Another SANS cert or something is an option.
CISSP - I want to get this regardless. I think I just meet the experience requirements for this. They may want me to get a technical cert before then but not 100% sure.
GSEC - They've mentioned this one. This wouldn't be a bad cert to get. I can even use my lead's index.
OSCP - Right now we hire a 3rd party to do the majority of our pen testing so this may be something to look at. I have almost zero pen testing experience.
CASP - Another solid cert that I'm leaning towards getting at some point.
Other - Another SANS cert or something is an option.
Comments
Since your lead has done the GSEC he'd probably support that choice and might be able to influence and push for the sans training.
So I think in that regard GSEC to CISSP makes sense. They've thrown around GSEC quite a bit to so that'll make them happy. After those then I'm not sure, but between those and my MSISA it'll be a good year probably from now.
@shochan - Yes it requires a sponsor. My manager here would sponsor me.
If you aren't quite ready for OSCP, you could look into the eCPPT. The accompanying training material is a big hit here on this forum, and it is geared a little bit more towards guided learning than self learning. IE: PWK\eCPPT is considered (Slightly) easier to obtain due to the way the training is laid out.
So, that could be an option if you want to go the pen test route but aren't quite ready for the long haul that is OSCP
NEVER utilize someone else's index when taking a SANS exam. The entire point of creating an index it to help you study and the SANS books are updated several times a year, Your lead's index will point to Book 5, Page 100 for the answer to a question and in your books it will be Book 5, Page 108. You can see how he created his index to give you ideas on how to create your index, but to take the easy way out and just use his index is pretty much a guaranteed fail.
As for what certifications to take I'd start with the GSEC or GCED, then the GCIH, this gives you a good base for Security work. Than you can start to think about taking the CISSP.
After I get motivated to study and pass the CCNA, I'll be working on my CISSP. I applied for two internal positions, but didn't even get an interview, so it's looking like back to the study grind again.
@TechGromit - I actually didn't realize all of that. I can definitely plan on creating my own. I just figured if it was already done that it'd help save me some time.