Is GIAC GPEN a good certification to get + other advice?
CyberCop123
Member Posts: 338 ■■■■□□□□□□
Hi all,
I'm currently in a role where I conduct cyber crime investigations, often with digital forensic work. Years ago I was a web developer, doing things like some server management, as well as PHP/MySQL e-commerce website work.
I've got good knowledge of linux, networking, numerous protocols. I'm very good with command line within Linux, less so in Windows as I don't use it very often.
In around 18-24 months I'd like to move into a more penetration testing/IT Security/Cyber Analyst role. I realise these are three different areas but some of the positions I've seen have some similarities and it often depends on your knowledge as to where you can go.
In the next 12 months I have several courses booked:
Questions
I'm currently in a role where I conduct cyber crime investigations, often with digital forensic work. Years ago I was a web developer, doing things like some server management, as well as PHP/MySQL e-commerce website work.
I've got good knowledge of linux, networking, numerous protocols. I'm very good with command line within Linux, less so in Windows as I don't use it very often.
In around 18-24 months I'd like to move into a more penetration testing/IT Security/Cyber Analyst role. I realise these are three different areas but some of the positions I've seen have some similarities and it often depends on your knowledge as to where you can go.
In the next 12 months I have several courses booked:
- MCSA - ongoing with exams and learning
- ISO 27001 Practitioner (3 days)
- Certified Forensic Investigation Practitioner (5 days)
- Certified Forensic Investigation Specialist (4 days)
- Certified Security Testing Associate (4 days) - includes stuff like packet sniffing, target analysis, attacking windows/Linux, etc...
- Certified Security Testing Professional (2 days) - Injection, Cross site scripting, and other similar techniques
- Certified Malware Analysis (4 days)
- Certified Secure Coding for Software Developers (2 days)
Questions
- Is GIAC GPEN a good certification to get as I've been offered the chance to do that
- I did try to get on the CISSP course although at present this is not a possibility, but I will probably try again next year as it looks to be a lot of work and learning involved.
- Any advice for my aims at moving into pen testing/IT security roles?
- Any specific certifications I should concentrate on getting?
My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
Comments
-
UnixGuy Mod Posts: 4,570 ModI must say, I had to Google most of those training course. Can't say I heard of them.
For Pentesting, I recommend you do the OSCP, it's hard but it will get you the most gains. The other option would be eLearnSecurity eJPT then eLearnSecurity eCPPT.
GPEN is great but too expensive, you're better off with OSCP and eLearnSecurity. Practical tests that will give you the most knowledge and best bang for the buck.
CISSP will help you get an IT Sec position faster. ISO cert is great too. -
CyberCop123 Member Posts: 338 ■■■■□□□□□□I must say, I had to Google most of those training course. Can't say I heard of them.
For Pentesting, I recommend you do the OSCP, it's hard but it will get you the most gains. The other option would be eLearnSecurity eJPT then eLearnSecurity eCPPT.
GPEN is great but too expensive, you're better off with OSCP and eLearnSecurity. Practical tests that will give you the most knowledge and best bang for the buck.
CISSP will help you get an IT Sec position faster. ISO cert is great too.
Thanks for the response - I probably should have said that most of those courses are not "official certifications" - albeit they are high quality courses with hard exams, and I think are valuable to do. Particularly as my employer pays for us to do them all.
The GPEN is being paid for by work.
I've just looked at the OSCP - do you think I could do the exam after doing all the CEH, GPEN and some practicing myself? Or is it a certification that is best achieved through a course?
Thanks againMy Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
636-555-3226 Member Posts: 975 ■■■■■□□□□□Ah, another entrant to the wonderful world of pentesting! A growing field, that one. Going to be lots of hackers out there in a few years!
Skip CEH, you won't learn anything about real hacking. It's basically Security+ but focusing on hacking. You won't actually learn to hack anything.
SEC560 (GPEN) is great - do it. I'd recommend that before the OSCP.
After GPEN do OSCP then take a look at SEC542, SEC617, SEC660, SEC760. All SANS courses are great, esp. if your employer pays for them -
E Double U Member Posts: 2,240 ■■■■■■■■■■636-555-3226 wrote: »All SANS courses are great, esp. if your employer pays for them
Most definitely!Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
CyberCop123 Member Posts: 338 ■■■■□□□□□□636-555-3226 wrote: »Ah, another entrant to the wonderful world of pentesting! A growing field, that one. Going to be lots of hackers out there in a few years!
Skip CEH, you won't learn anything about real hacking. It's basically Security+ but focusing on hacking. You won't actually learn to hack anything.
SEC560 (GPEN) is great - do it. I'd recommend that before the OSCP.
After GPEN do OSCP then take a look at SEC542, SEC617, SEC660, SEC760. All SANS courses are great, esp. if your employer pays for them
Great, thanks.
Well the reason I was going to do the CEH was:
1) Most of the courses I'm signed up to do are all designed to prepare you for a CEH exam if you wish do that
2) Many jobs I've seen is asking for it or saying it's an advantage
So in short it just seems that if it's easy enough to get then I may as well.
My focus though will be on improving my own skill and knowledge. Also on trying to do the GPEN course and then an exam afterwards.
OSCP I've heard a lot about. Do you think I could do the exam after doing all the CEH, GPEN and some practicing myself? Or is it a certification that is best achieved through a course?My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
MrAgent Member Posts: 1,310 ■■■■■■■■□□CyberCop123 wrote: »OSCP I've heard a lot about. Do you think I could do the exam after doing all the CEH, GPEN and some practicing myself? Or is it a certification that is best achieved through a course?
You have to sign up for the Penetration Testing With Kali (PWK) course in order to take the OSCP exam. -
wayne_wonder Member Posts: 215 ■■■□□□□□□□Where in the world are you based?
Crest is mainly a UK thing and doing the OSCP and a crest cert will give you Crest Registered Tester which will get you many a job interview here in the uk so will the cissp -
CyberCop123 Member Posts: 338 ■■■■□□□□□□wayne_wonder wrote: »Where in the world are you based?
Crest is mainly a UK thing and doing the OSCP and a crest cert will give you Crest Registered Tester which will get you many a job interview here in the uk so will the cissp
Hi
Thanks, yea I'm in the UK and seen lots of jobs that have inspired my choices of courses.
I need to be quite tactical as I apply for funding through work and can't go over the top on asking for courses.
I've been allowed to do the GPEN course but that probably won't occur till November as I'm on loads of others.
It may get to the point where they stop funding anything else.
I'm willing to pay some costs but very limited on what I could afford. I could probably afford maybe £1000-£1500 for a course or certification if it was worth it.
I know that's not much for a course - that's why I would be willing to do exams on the back of some of the training I already have booked.My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
TechGromit Member Posts: 2,156 ■■■■■■■■■□CyberCop123 wrote: »Thanks for the response - I probably should have said that most of those courses are not "official certifications" - albeit they are high quality courses with hard exams, and I think are valuable to do.
While the knowledge they provide may be valuable, if they are not industry recognized certifications, they are NOT "valuable" to have in my opinion.Still searching for the corner in a round room. -
TechGromit Member Posts: 2,156 ■■■■■■■■■□You have to sign up for the Penetration Testing With Kali (PWK) course in order to take the OSCP exam.
Is this new? I haven't heard of this prerequisite before.Still searching for the corner in a round room. -
CyberCop123 Member Posts: 338 ■■■■□□□□□□TechGromit wrote: »While the knowledge they provide may be valuable, if they are not industry recognized certifications, they are NOT "valuable" to have in my opinion.
However, I would still be in a position to say I am a "Certified Malware Investigator", having completed the course and the subsequent exam.
Either way I'm hoping to use all the knowledge to gain some industry recognised qualifications. My only concern is the cost of the exams - I would have to fund them myself I think, so cost would have to be considered.My Aims
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully) -
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□I must say, I had to Google most of those training course. Can't say I heard of them.
For Pentesting, I recommend you do the OSCP, it's hard but it will get you the most gains. The other option would be eLearnSecurity eJPT then eLearnSecurity eCPPT.
GPEN is great but too expensive, you're better off with OSCP and eLearnSecurity. Practical tests that will give you the most knowledge and best bang for the buck.
CISSP will help you get an IT Sec position faster. ISO cert is great too.
If you can get your employer to pay for it or have funds to pay for it, the GPEN is a great option. A MAJOR benefit that most people don't realize or talk about for SANS/GIAC is you can get the updated courseware when you go for renewal for the renewal cost...stated on the website. Even though you can upgrade for OSCP, the material is barebones and probably not worth the upgrade.