Are my certs worth anything?

botnickbotnick Member Posts: 13 ■□□□□□□□□□
Hello All,

So, I posted on here previously when applying for my first IT job and found the advice immensely helpful. So here is my situation, I recently got first IT job, L1 Helpdesk for a giant well-known corp. Quite grateful to have the job.h

At the same time it requires absolutely no knowledge of IT past say, A+ at most. Anything past basic password resets and troubleshooting is dispatched higher up. And obviously it is not where I need to be. I figure you have to start somewhere in order to gain trust for more fitting roles, and am willing to pay my dues on service desk so to speak.

Have been L1 Helpdesk for around half a year.

I have an associates in Software Engineering, A+, Net+, Sec+ and OSWP.

I am very close to either getting CCNA or OSCP (almost passed both of the exams), I believe I will budget my time towards OSCP as I believe it is the more "impressive" of the two and I'd like to go into security anyways and if I want to do CISSP I will need to complete 5 years experience.

My first question is if my credentials as of now have any value themselves? I have been A/Net/Sec+ for about 2 years. Completed the degree in summer of 16. Have created multiple applications for Android, iOS etc.

My goal is to complete OSCP before a year here is up and start applying for Jr. Security Analyst roles. But would it be more realistic to go for Network Engineering or Jr Dev? Any advice is greatly appreciated. I am willing to do just about anything to make sure I get a job in which my skills are growing and not shrinking.

Comments

  • KalabasterKalabaster Member Posts: 86 ■■□□□□□□□□
    Yes.

    Either path seems realistic given the little information that you did give, if you so choose to pursue these paths.

    Your last paragraph is arguing with itself. If your goal is a junior security analyst role, why don't you pursue that now? The certifications you have are sufficient to get you into these roles with your help desk experience and the expression of a desire to learn in an interview. What you presented was 3 separate career paths. Yes, you can jump from one to the other, but each is not necessarily a necessary stepping stone to the other.
    Certifications: A+, Net+, Sec+, Project+, Linux+/LPIC-1/SUSE CLA, C|EH, eWPT, GMON, GWAPT, GCIH, eCPPT, GPEN, GXPN, OSCP, CISSP.
    WGU, BS-IT, Security: C178, C255, C100, C132, C164, C173, C172, C480, C455, ORA1, C182, C168, C394, C393, C451, C698, C697, C176, C456, C483, C170, C175, C169, C299, C246, C247, C376, C179, C278, C459, C463, C435, C436.
    Legend: Completed, In-Progress, Next
  • Node ManNode Man Member Posts: 668 ■■■□□□□□□□
    Certs may get an interview. The interview gets the job.
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    You mentioned you almost passed OSCP once already? Or did I misunderstand that.

    Personally, I think your path is about on target. My first "IT" job was L1 helpdesk at a call center for a national DSL provider (when that was a thing) it required you being able to read and fog a mirror ... but you have to start somewhere

    As for your last paragraph, the answer here isnt about "what would be best to go for" its what path do you want to take? You basically have three paths listed there

    1. Info Sec
    2. Network Admin
    3. Dev

    I would pick the one that you think would work best for you and for that route. If your asking for an opinon, then if I were starting fresh, I'd likely go for Development. Job market demand is high, salaries are high, benefits are good, and often work environment is great. I know very few developers who don't like their job (btw, I know a lot of devs)

    If you want to go with Security, then I think you could probably land a Jr level job WITHOUT OSCP being that OSCP really does lean itself more toward pen testing. There are other security certs that are "easier" to obtain and could get your foot in the door.
  • botnickbotnick Member Posts: 13 ■□□□□□□□□□
    The advice is much appreciated. As of right now, I think I would like to go towards the direction of InfoSec Pen Testing or management eventually (hence planning for a possible CISSP in the future).

    I suppose I just wanted to align myself with people who may know more of the market... I am Sec+ and OSWP, and yes I did come close to passing OSCP. So I know quite a bit, however at the same time I am not sure how I actually stack up. I've competed in CTF and people in my age range (early 20s), especially from the top universities were running circles around me. Maybe this is not an issue as I understand there is a huge variety in the various roles in InfoSec, but I don't want to have any blind spots or be too prideful as to if I will be able to secure a position in the industry with my current body of knowledge.
  • KalabasterKalabaster Member Posts: 86 ■■□□□□□□□□
    If you're really that close to passing the OSCP, double down right now and get it done. No waiting. Get it, and move into an incident response or junior pen testing role.
    Certifications: A+, Net+, Sec+, Project+, Linux+/LPIC-1/SUSE CLA, C|EH, eWPT, GMON, GWAPT, GCIH, eCPPT, GPEN, GXPN, OSCP, CISSP.
    WGU, BS-IT, Security: C178, C255, C100, C132, C164, C173, C172, C480, C455, ORA1, C182, C168, C394, C393, C451, C698, C697, C176, C456, C483, C170, C175, C169, C299, C246, C247, C376, C179, C278, C459, C463, C435, C436.
    Legend: Completed, In-Progress, Next
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    The PenTesting community is all about skill level and less about degrees and certifications. So you have that going for you there. Overall the market for pentesting is a bit overheated because of demand so follow through and see/hear what happens.

    Are certs useless? Not when combined with some experience to back them up, otherwise is it really a certification or just an exam someone past. Much like getting an MBA and expecting the corner office but lacking any business experience.
  • ivx502ivx502 Member Posts: 61 ■■■□□□□□□□
    It all depends, but your certifications should not make you. It is you who makes the certification. Frankly, a certification is just a foot in the door, and the rest is up to you. I will say this no matter which path you take, and I cannot stress this enough networking. I have been approached a couple of times early on in my career about finding people who fit could fit in a critical position.
  • DatabaseHeadDatabaseHead Member Posts: 2,754 ■■■■■■■■■■
    Associate in CS is pretty nice and the OSWP sounds cool.
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    OSCP is impressive enough to land on a Security Analyst position. I bet you'll be able to do that after you get it, provided you are in a major city or willing to move.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    botnick wrote: »
    I am very close to either getting CCNA or OSCP (almost passed both of the exams)

    Not sure how you "almost" pass a certification exam, either you passed or failed. There's no benefit to adding almost passed a certification to your resume. The retake for the OSCP is only $60, that's the one to apply your efforts to pass, also it's a far more impressive certification.
    Still searching for the corner in a round room.
  • No_NerdNo_Nerd Banned Posts: 168
    TechGromit wrote: »
    Not sure how you "almost" pass a certification exam, either you passed or failed. There's no benefit to adding almost passed a certification to your resume. The retake for the OSCP is only $60, that's the one to apply your efforts to pass, also it's a far more impressive certification.

    This is very true.

    I interviewed someone for a position once and they had on their resume " Failed CISSP with a score of XXX...." and another individual had "formally CISSPed "

    It was a nice starting point for conversation during the interview , but in both cases I feel it actually hurt each person.
  • gkcagkca Member Posts: 243 ■■■□□□□□□□
    No_Nerd wrote: »
    This is very true.

    I interviewed someone for a position once and they had on their resume " Failed CISSP with a score of XXX...." and another individual had "formally CISSPed "

    It was a nice starting point for conversation during the interview , but in both cases I feel it actually hurt each person.

    Well, that's funny and reminded me of one of my former coworkers - he claimed be an MCSE. So one day we had a discusssion on something related to AD and I've asked him about the exams and he's like "Oh, I didn't take any tests, but I feel like I would pass if I did..." icon_rolleyes.gif
    "I needed a password with eight characters so I picked Snow White and the Seven Dwarves." (c) Nick Helm
  • dmoore44dmoore44 Member Posts: 646
    I'm not sure I'd spend the time going after OSCP at this stage in your career. Most security teams want to see a few years of experience on a resume before they consider someone for a position, and for some, lacking the required experience is an immediate disqualifier (I've run in to that situation before). The preferred path for InfoSec is to spend a few years doing sys admin or net admin - not only is it a good idea to understand the way in which enterprise information systems operate, but its also a good idea to understand how they're configured and managed.

    If security is the direction you want to go, make sure to research the job postings for the area in which you want to work - see what certs are in demand for the security positions available. OSCP is impressive, but if there are no red team openings in the area you want to work, or its not an in-demand cert, it's not going to help you much. Conversely, if the majority of security positions you're researching are blue team, they usually want to see the SANS GIAC certs, and those should be the ones you target. If the security positions revolve around policy and GRC, then you're likely to see CISM, CISA, and ITIL certs listed.
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
  • DatabaseHeadDatabaseHead Member Posts: 2,754 ■■■■■■■■■■
    No one gave he/she props for the OSWP. Just curious why? Isn't that a big time certification?
  • botnickbotnick Member Posts: 13 ■□□□□□□□□□
    Ok so all the response is very much appreciated. The forum has confirmed my suspicions that the OSCP is a much better use of time than CCNA especially if I'm interested in InfoSec (as one would assume, however I once read an article that as previously stated, a lot of Pen Testers come from Network Engineering or Sys Admin roles and I can definitely understand the reasoning behind it).

    And to clarify, this has nothing to do with my resume, I wouldn't casually put 'almost passed' on a resume. This is more of a query of how I should allocate my time studying.

    So I doubt that the OSCP is going to have me doing primarily pen testing at my next role but my goal is to show a strong body of knowledge, a willingness to learn, my work ethic, etc. I have talked to people in various organizations and there's so many varying levels of responsibility and skill needed in InfoSec that having Sec+ and OSWP and OSCP will move me in the right direction. Maybe I will do some actual pen testing tasks here and there at next job, either way I'm sure the knowledge will be appreciated.

    Plus, what better way to prepare for OSCE right ;)?
    No one gave he/she props for the OSWP. Just curious why? Isn't that a big time certification?

    So I appreciate the props, I will say however that OSWP is nowhere near the difficulty of OSCP and OffSec themselves states this. OSCP is definitely the value leader of the bunch as it primes your brain to be a pen tester, not to mention that the difficulty of their exam ensures that anybody who isn't truly qualified to Pen Test is unable to pass. Which is stressful, but worth it in the end when you meet the level of competency specified.

    OSWP is very interesting, very applicable, yet if you were so motivated, you could learn those skills on your own without the exam. It's almost like a hobbyist level of knowledge. I liked it a lot but I don't think it is the best financial value.

    Overall the replies are much appreciated, my thanks to the community. Any further thoughts, feel free to keep the party going.
Sign In or Register to comment.