Seeing a bunch of people saying the CEH is outdated
So is it worth it or should I look at GIAC instead?
I'm hardcore gathering certifications trying to advance my career. I'm extremely interested in security due to it's growing prevalence and opportunities for side money like bug bounties and the like. I got my A+ recently just to have it, just passed Security+ on Tuesday after a few weeks of studying. Was looking at CEH for the next one but the comments here have me feeling like it's a bit more of a badge than actual relevant information.
I want to take the CISSP as that's more highly regarded, but I'm seeing that they require you to prove that you have 5 years experience in cyber security before you're granted the certification? I'm looking around for some more clarity regarding that before I get going on that course ware.
What's your take?
I'm hardcore gathering certifications trying to advance my career. I'm extremely interested in security due to it's growing prevalence and opportunities for side money like bug bounties and the like. I got my A+ recently just to have it, just passed Security+ on Tuesday after a few weeks of studying. Was looking at CEH for the next one but the comments here have me feeling like it's a bit more of a badge than actual relevant information.
I want to take the CISSP as that's more highly regarded, but I'm seeing that they require you to prove that you have 5 years experience in cyber security before you're granted the certification? I'm looking around for some more clarity regarding that before I get going on that course ware.
What's your take?
Comments
I do NOT have a degree in IT unfortunately as I went to college for something else. All I have is a worthless Associates that's in a field I could never find a position in. I DO have IT experience of close to 20 practical years (working on computers since I was 9), but of course, it's not on paper so no one cares. I also have about 7 years of IT work experience, but 4 of them are self employed, and none of it is in cyber security so I'm not sure if that's credible.
So I'm looking for certifications that get me in the door without me having a degree. I'm trying to go for the most recognizable ones and the most desired, so that's why I got the CompTIA ones first. I feel like the CISSP is the next best thing, but I still need to figure out that experience thing.
As far as CISSP goes, if you don't have the 5 years experience, you can still sit for the exam, but you'll be a CISSP Associate until you hit the 5 year mark. If you have a CompTIA cert (I think Sec+, and/or Net+) that counts as one of your creditable years. Your education could count if you had a B.S. or higher, but again, only 1 year. So in essence, they'll give you 6 years to get the 5 year experience, but you'll have 1 year out of the way since you have CompTIA certs.
I looked into this as I'm going to be going for CISSP after CEH (employer paying for CEH).
VV5
J.D. Candidate (2L)
In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
Next: GCIA/GCWN and/or GCUX/PMP/GSE
Next after next: Med school!!!!! Lol
This is wrong and can get you in a lot of trouble. You CANNOT claim "CISSP Associate." You can only claim "Associate of ISC2." You can't even tell anyone what test you took to get the Associate (CISSP, SSCP, CCSP, HCISPP, CAP, or CSSLP). If you get to an interview and the interviewer asks which test you took, you CANNOT say. If that person has their CISSP, they can report you.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
https://www.isc2.org/uploadedfiles/(isc)2_public_content/legal_and_policies/logoguidelines.pdf
Website gave me error for signature, check out what I've done here: https://pwningroot.com/
I could of just gone straight to Off-Sec or the likes, but I had zero pentesting experience. Using C|EH studies provides anew elementary to intermediate outline.
Now that I am schedule for SANS SEC504, I feel pretty confident going in.
just my 2 cents.
Reading: SANS SEC560
Upcoming Exam: GPEN
So here's my question. Can we still take the CISSP exam if we don't have the 5 years of experience?
VV5
J.D. Candidate (2L)
In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
Next: GCIA/GCWN and/or GCUX/PMP/GSE
Next after next: Med school!!!!! Lol
But it's on DoD 8570 and often mentioned in JDs.
Going through the cert, a lot of it was familiar from the tools I used in the early 90's when I was first getting into computer security (as a curiosity more than a career). Those tools have been updated and are still in use today for some things.
It's still a useful cert. I wasn't impressed by the difficulty and it wasn't bleeding edge, but it is still useful.
Yes
Does learning a tool that can only work against Windows XP systems make that tool outdated?
Absolutely not..........
Yes and you will then be certified as an “Associate of (ISC)²”
As mentioned before you can not use the CISSP logo, but I think you could say in a interview that you took and passed the CISSP exam (Any one see anything in the policy about that??).
To expand on this, I am currently reading Counter Hack Reloaded by Ed Skoudis (SANS fellow). he published it in 2005! well I'm here to say that the theory and techniques are still the same. That's right, a book writing in 2005 is still relevant today. TBH I think EC-COUNCIL uses the book for their exams lol.
shoot, even most of the tools mention in a book from 2005 are still being used today lol
Reading: SANS SEC560
Upcoming Exam: GPEN
The policy says: "Associates of (ISC)² are NOT certified and may not use any Logo or description other than “Associate of (ISC)²”. Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than “Associate of (ISC)²”, in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)²certification.
Please read bolded area
"I took an ISC exam but I can't tell you which one because doing so is a violation of their guidelines."
That's ridiculous. I don't think they enforce it because LinkedIn is littered with these claims.
Honestly if the interviewer was in the business of reporting those kind of violations, they would probably never bother asking the questions. Otherwise, I'd slap "associate of (ISC)²" under your certifications field on your resume.
Next: CCNP (R&S and Sec)
Follow my OSCP Thread!
http://www.techexams.net/forums/jobs-degrees/125063-poser-says-what.html
This is a good thread to read
I have found that honesty and integrity are vital in this industry.
Enforced? I'm sure there are some CISSP's that place some value with their cert. It doesn't take much to make a report.
I'm not a CISSP yet (2018 goal).
Whether or not it's enforced doesn't mean it's not a written rule that comes with the certification. Some people follow the rules, some people don't. Who do you want in charge of your IT security? Someone you can trust. Someone that can follow very simple and trivial rules.
Just my opinion, anyway.
Hit it right on the head.
This makes me curious to know why anyone would bother taking the CISSP exam if they didn't have the experience... Am I missing something? Is it just completely pointless to even attempt the exam without the years of experience?
The DoD accepts the Associate of IS2 for one of their requirements. And I've heard some employers want their employees to take it even if they don't have the experience to get the full CISSP. Other than those two reasons you are correct, there is almost zero point.
I have CEH, CISSP, CISA, SEC+