Little confused with qualifications would make a difference in UK

twe

Hi there,

I am trying to slowly move into a Security Analyst role or Pen Testing role and want to know what would be a good choice to go with for the next certification.

I currently have CompTIA Network+, EC Council CEH & EC Council ECSA. The last 2 have unfortunately not provided a great job opportunity in the UK and so am thinking should I start to increase my applications or look into studying for another certificate that is widely recognised in the UK.

I was thinking of a CREST approved course.

Any thoughts at all?

I am making slow progress at the company I am working for in terms of them sending me for 'Cyber Essentials' training and I was hoping to externally Pen Test them but provide something more relevant to what they want, I.e. A CREST certification.

OctalDump

CREST is where it's at. If you are interested in pen testing, though, it's not really about certifications - it's about actual skills. The eLearnSecurity PTS course is relatively cheap, and is hands on. Others have recommended eLearnSecurity's two courses as good prep before taking on OSCP. OSCP can get you part way to CREST (there's a written exam, but they waive the practical).

For an analyst role, they often want experience with SIEM tools. There are certifications for things like Splunk, HPE ESM, RSA etc. and training. There's quite a few vendors out there, and I'm not sure who are the most common in the UK. But that is a good start.

The other things that might help with analyst roles are CSA+ and CCNA Cyber Ops. GIAC/SANS certs/training are also a great option if you have the money (I think about £3-4,000 each).

wayne_wonder

Where in the UK are you? in regards to certs even though it's not a technical cert you'll find most jobs want cissp

But for pen testing if thats what you want to do get the crest CPSA followed by the OSCP which will in turn grant you the Crest CRT(registered tester) so you'll be sought after if you have the skills.

The CPSA is the CEH but written better and more in depth i believe

twe

Thanks for the replies guys.

I am in Milton Keynes.

In terms of what you wrote OctalDump is there a way directly through CREST without getting the OSCP? I think that bit is a little confusing. I think the main issue last time was the lack of personal home time to do the OSCP whereas going into training and on a course worked out better.

Will look into the eLearnSecurity PTS course, it does look interesting.

OctalDump

Yes, you can get CREST certifications without OSCP. The OSCP route has the advantage of getting you 2 for 1, but you can take the pure CREST route, which is then a matter of passing their practical exam. Both routes require you to pass the CPSA exam first.

There are also accredited training programs (under Courses on that page), but they are naturally not cheap - eg £2100 + VAT, for the entry level CSTA course.

Maximlocke

Which Crest certified training are you going to do? I am booked on with 7Safe later this year, i believe it requires a a couple of their courses do have a chance of passing the CREST exam.

aniz

OctalDump said:

CREST is where it's at. If you are interested in pen testing, though, it's not really about certifications - it's about actual skills. The eLearnSecurity PTS course is relatively cheap, and is hands on. Others have recommended eLearnSecurity's two courses as good prep before taking on OSCP. OSCP can get you part way to CREST (there's a written exam, but they waive the practical).

For an analyst role, they often want experience with SIEM tools. There are certifications for things like Splunk, HPE ESM, RSA etc. and training. There's quite a few vendors out there, and I'm not sure who are the most common in the UK. But that is a good start.

The other things that might help with analyst roles are CSA+ and CCNA Cyber Ops. GIAC/SANS certs/training are also a great option if you have the money (I think about £3-4,000 each).

Currently I’m pursuing a masters in Cybersecurity in UK. I’m interested in blue team side like SOC analysts or Security analysts roles, but couldn’t find a good certification for it. I practice stuffs from online labs for SIEMs tools, trainings, etc. And I was thinking of doing a CREST CPSA or CEH for these roles, which one will be good? As applying without a cert is better than with a cert? 

aniz

wayne_wonder said:

Where in the UK are you? in regards to certs even though it's not a technical cert you'll find most jobs want cissp

But for pen testing if thats what you want to do get the crest CPSA followed by the OSCP which will in turn grant you the Crest CRT(registered tester) so you'll be sought after if you have the skills.

The CPSA is the CEH but written better and more in depth i believe

For entry level soc analysts positions what will you suggest? 

JDMurray

This discussion thread is six years old and is not likely to have accurate information for getting a SOC job in the UK in 2023.