Next Security Cert

markulous

So the company I just got hired onto will pay for any security certification and depending on the budget, will put me through a bootcamp if necessary. I'm really not 100% sure which way to go so I wanted to ask for some advice. It's my first pure infosec job, so I don't have a ton of experience, but I'm not a complete newb either. I'm still in my MS degree, but may have some downtime in a month (or I just start next year after I finish) Here's some of what I'm thinking:

CISSP - I want to get this regardless. I think I just meet the experience requirements for this. They may want me to get a technical cert before then but not 100% sure.

GSEC - They've mentioned this one. This wouldn't be a bad cert to get. I can even use my lead's index.

OSCP - Right now we hire a 3rd party to do the majority of our pen testing so this may be something to look at. I have almost zero pen testing experience.

CASP - Another solid cert that I'm leaning towards getting at some point.

Other - Another SANS cert or something is an option.

danny069

The OSCP is a knock-down drag out fight, that's something that will take a while. GSEC is the most expensive, so if your job is willing to pay for that I'd say go for that one. The CISSP is great to have, but that is something you can study for on your own or perhaps that is something your job will pay for after your GSEC.

soccarplayer29

Based on the information you provided I'd says GSEC then CISSP. Then see where interest/needs are and go from there. As said, OSCP is going to be a big task with no pen test experience and probably something you want to build up to...maybe look at elearnsecurity pen testing (eJPT?) as an intro into that.

Since your lead has done the GSEC he'd probably support that choice and might be able to influence and push for the sans training.

cyberguypr

I agree. Too early for OCSP. Let them pay for that GSEC and then if necessary you can self-study and foot the exam fees bill for the CISSP.

markulous

I'll run it by my boss, but yeah that sounds like a good plan: GSEC ----> CISSP ----> TBD based on where I'm at.

shochan

I would go for the CASP -> CISSP...If I am not mistaken, doesn't the CISSP exam require you to have a sponsor/recommendation or something to that matter? (maybe someone else knows??)

636-555-3226

What's your role at your work? I'd tailor the recommendation to 1) your experience and 2) your role. I wouldn't recommend OSCP for someone new in security land who is in charge of endpoint AV deployments, for example.

markulous

My role right now is an analyst but it's probably about mid-level. For all of the AV deployments, basic malware remediation, etc. we're hiring a lower level guy for that. I'll be in charge of Splunk reporting, Bit9/Carbon Black policies (moving towards a white-list environment), and configuring/monitoring Stealthwatch and all of the netflow data we get from there, as well as IR policies and vulnerability assessments. May grow to be in charge of physical security here also.

So I think in that regard GSEC to CISSP makes sense. They've thrown around GSEC quite a bit to so that'll make them happy. After those then I'm not sure, but between those and my MSISA it'll be a good year probably from now.

@shochan - Yes it requires a sponsor. My manager here would sponsor me.

BuzzSaw

Are those the only options or are those just the ones you're interested in?

If you aren't quite ready for OSCP, you could look into the eCPPT. The accompanying training material is a big hit here on this forum, and it is geared a little bit more towards guided learning than self learning. IE: PWK\eCPPT is considered (Slightly) easier to obtain due to the way the training is laid out.

So, that could be an option if you want to go the pen test route but aren't quite ready for the long haul that is OSCP

markulous

Not really my only options, just ones that I know of that I'm interested in.

TechGromit

markulous wrote: »

GSEC - They've mentioned this one. This wouldn't be a bad cert to get. I can even use my lead's index.

NEVER utilize someone else's index when taking a SANS exam. The entire point of creating an index it to help you study and the SANS books are updated several times a year, Your lead's index will point to Book 5, Page 100 for the answer to a question and in your books it will be Book 5, Page 108. You can see how he created his index to give you ideas on how to create your index, but to take the easy way out and just use his index is pretty much a guaranteed fail.

As for what certifications to take I'd start with the GSEC or GCED, then the GCIH, this gives you a good base for Security work. Than you can start to think about taking the CISSP.

After I get motivated to study and pass the CCNA, I'll be working on my CISSP. I applied for two internal positions, but didn't even get an interview, so it's looking like back to the study grind again.

markulous

Sounds like they want me to wait on the GSEC until they can put me through the boot camp (which is next year). I think I can personally do without it, but it's their $ and SANS certs aren't cheap so I have no issue with holding off if that's what they want. I've got to focus on my MSISA anyway, so may actually be really good timing when I graduate I can focus 100% on the GSEC. Then hopefully they'll be good paying for the CISSP after that.

@TechGromit - I actually didn't realize all of that. I can definitely plan on creating my own. I just figured if it was already done that it'd help save me some time.