Which of the Elite Three: CCIE, CISSP, or CEH?

yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□

Yes this thread is sarcasm. And no, I didn't write this ad. But it's not the first ad where I've seen statements like, "CEH required--GCIH/GPEN are merely nice extras." So which one of these three is the most elite to you?icon_twisted.gif
A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP

Comments

  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    yoba222 wrote: »
    Yes this thread is sarcasm. And no, I didn't write this ad. But it's not the first ad where I've seen statements like, "CEH required--GCIH/GPEN are merely nice extras." So which one of these three is the most elite to you?icon_twisted.gif

    It sounds like a Government contractor role and they're writing it based on the 8570 list of certifications. Because it's an Infosec position, I don't see anything wrong with the listing.

    CISSP would be the default.
  • ccie14023ccie14023 Member Posts: 183
    It's certainly amusing to see all of those put in the same category. The CCIE Security is a hands-on exam focused on the configuration of one vendor's equipment. It doesn't cover so many other things, like security policy. And as I've written more than once on my blog (link below), it's entirely possible the CCIE Security you are talking to passed the exam back in 2008, like I did, and is therefore an expert on the VPN 3000-series concentrator, NAC framework, PIX firewalls, and CiscoSecure ACS. Realllly useful stuff nowadays!

    As it is, it's just one data point in the overall evaluation of a given candidate. It's just amusing that they would lump certs that cover such highly disparate subject areas into one category.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    CEH... CCIE... close enough! icon_thumright.gif
  • spiderjerichospiderjericho Registered Users, Member Posts: 896 ■■■■■□□□□□
    Whoever wrote that probably meant CCNA Security or the new CCNA Cyber Ops cert. They're 8570/8140 compliant.
  • OctalDumpOctalDump Member Posts: 1,722
    The other odd thing in that listing is 3 references from the last 3 years. Which kind of suggests 3 different roles in the last 3 years, since normally they want references from your line manager ie someone who has actually worked with you closely. I guess you could have 3 references from the one employer, especially if it's project work.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Pick the cert with the word Hacker in it.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Remedymp wrote: »
    It sounds like a Government contractor role and they're writing it based on the 8570 list of certifications. Because it's an Infosec position, I don't see anything wrong with the listing.

    CISSP would be the default.
    Yep definitely geared towards 8570 and government. There might be something specific written into the contract so although you might see it as random, generally there is a reason behind it.
  • 80hr80hr Member Posts: 57 ■■□□□□□□□□
    IAM, ISSO work ...

    CISSP must have DoD will take CASP but CISSP I the one you want. Get CEH for a check in the box this way you can work wit incident handers etc..

    within the DoD CEH is somewhat of a joke... but the certification meets a current market need.
    Have: CISSP,CASP,MBA,ITILV3F,CSM,CEH

    2017- NEED PMP
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Whoever wrote that probably meant CCNA Security or the new CCNA Cyber Ops cert. They're 8570/8140 compliant.

    No, they meant what the wrote. Unfortunately when HR writes ads, they are a day late and a dollar short. They usually have no clue when writing requirements, I've applied for job postings that had nothing to do with the actual job. One job listing mentioned Datacard printers and when I told the interviewer I had experience working with them, he told me yea we don't have any of those. WTF?

    And what the hell is a IAM certification?

    With a little research I learned the "Infosec assessment methodology (IAM) certification" appears specific to the NSA, I can't imagine too many people outside of government / government contracting have one.
    Still searching for the corner in a round room.
  • 518518 Member Posts: 165 ■■■□□□□□□□
    its a poorly written ad. For one, IAM in the DOD means Information Assurance Manage/ment/r..not InfoSec Assessment Methodology...lol. This ad has got to be a joke.

    CASP are for the ones who are not responsible for the IA posture of a DoD network. CASP or SEC+ are for the ISSM/O of a contractor's network e.g. P2P, Isolated WAN, Isolated LAN.

    CISSP, on the other hand, are for the folks who are responsible for the IA posture (compliance C&A or A&A package) of a DOD theater or enclave.

    CEH is mainly for folks who we call CND (Computer Network Defense) that uses security scanners like Nessus (ACAS).
  • 518518 Member Posts: 165 ■■■□□□□□□□
    TechGromit wrote: »
    No, they meant what the wrote. Unfortunately when HR writes ads, they are a day late and a dollar short. They usually have no clue when writing requirements, I've applied for job postings that had nothing to do with the actual job. One job listing mentioned Datacard printers and when I told the interviewer I had experience working with them, he told me yea we don't have any of those. WTF?

    And what the hell is a IAM certification?

    With a little research I learned the "Infosec assessment methodology (IAM) certification" appears specific to the NSA, I can't imagine too many people outside of government / government contracting have one.

    There are two categories in the DoD, IAM AND IAT. They are not certifications per say. Rather, they are used to determine what cert you need ased on your role. Network, Systems Admin, Help Desk, and ADPE Tech belongs to IAT. They are only required a Sec+ and an OS Baseline cert like Cisco or Microsoft (depending on your role).
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    518 wrote: »
    There are two categories in the DoD, IAM AND IAT. They are not certifications per say. Rather, they are used to determine what cert you need ased on your role. Network, Systems Admin, Help Desk, and ADPE Tech belongs to IAT. They are only required a Sec+ and an OS Baseline cert like Cisco or Microsoft (depending on your role).
    Not in this case for IAM. See https://www.blackhat.com/html/bh-usa-08/train-bh-usa-08-nsa-iam.html for a little information...there is actually a certification.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    518 wrote: »
    There are two categories in the DoD, IAM AND IAT. They are not certifications per say.

    Yea I notice that too, but "Infosec assessment methodology (IAM) certification" is a actual certification as well.
    Still searching for the corner in a round room.
  • 518518 Member Posts: 165 ■■■□□□□□□□
    TechGuru80 wrote: »
    Not in this case for IAM. See https://www.blackhat.com/html/bh-usa-08/train-bh-usa-08-nsa-iam.html for a little information...there is actually a certification.

    An article that dates back 2008. Theres even a reference of that InfoSec Assessment Methodology back in the 90s. Never heard of it before, only certification we look for DoD is under 8570/8140.
  • 518518 Member Posts: 165 ■■■□□□□□□□
    The more I read about it, the more obsolete it gets. DoD and/or SAP are using RMF based on NIST 800 for A&A now. (DSS/RMF or JSIG/RMF)
Sign In or Register to comment.