The best order of certification for a beginner Information security Expert

YoussefCSSYoussefCSS Registered Users Posts: 3 ■□□□□□□□□□
[h=1]HI icon_lol.gif

I'am a New graduate in IT sec and i have a CCNA and a national certification in IT Sec icon_cry.gificon_cry.gif

It is the best order of certification to build a successful Carriere in IT Security ?

Comptia Sec+, CEH, CISSP, OSCP? [/h]
Thank You

Comments

  • adrenaline19adrenaline19 Member Posts: 251
    CEH to get your foot in the door.
    Sec+ once you have a job and free time to waste on a test.
    OSCP for the passion of the career path.
    CISSP last because it takes the longest to get.
  • YoussefCSSYoussefCSS Registered Users Posts: 3 ■□□□□□□□□□
    CEH to get your foot in the door.
    Sec+ once you have a job and free time to waste on a test.
    OSCP for the passion of the career path.
    CISSP last because it takes the longest to get.


    Thank you

    CEH , sec + , OSCP , CISSP ?
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    If you qualify for the endorsement (just being in IT can qualify you), then I'd do CISSP before OSCP. If your employer pays for SANS certs than I'd do those too.

    What is the reason behind you wanting the CEH? IMO, it wasn't that great of a cert, but I know it can be a little marketable in some areas.
  • Danielm7Danielm7 Member Posts: 2,286 ■■■■■■■■□□
    Instead of everyone spraying letters at you, you should figure out what you want to do in security. For example, if you wanted to specialize in forensics, just saying "get the CISSP and OSCP" isn't going to be helpful. The Sec+ is at least a 1000 foot overview of terms and such and might help you get your first job.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    YoussefCSS wrote: »

    a national certification in IT Sec

    I need to get me one of those.
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    Security + for the absolute beginner.
    But we don't know what your background is and that plays a big role. Having a CCNA shows you ha a foundation for understanding how networks work.

    But the exams youve named, like CISSP and OSCP are very different beasts and viewpoints.
    If youve never used any version of Linux, youre going struggle considerably with the OSCP.
  • hxhxhxhx Member Posts: 41 ■■□□□□□□□□
    Dr. Fluxx wrote: »
    Security + for the absolute beginner.
    But we don't know what your background is and that plays a big role. Having a CCNA shows you ha a foundation for understanding how networks work.

    But the exams youve named, like CISSP and OSCP are very different beasts and viewpoints.
    If youve never used any version of Linux, youre going struggle considerably with the OSCP.

    I'm starting to come around to your point of view on Linux...

    I'm thinking something like this...

    Security+
    Linux+
    SSCP or GSEC (or both depending on budget and point of view)
    CISSP
    CEH

    Then re-evaluate after that.

    If the goal is to just gain credentials, then sure... Sec+, SSCP, CISSP seems like it makes sense.
    If the goal is to build skills and a career, then Sec+, Linux+, SSCP/GSEC/Both, CISSP, CEH, Dev (C, Assembly), seems like a way to go.

    Daniel Messer has a great post on this topic: https://danielmiessler.com/blog/build-successful-infosec-career

    A Complete Guide to Become an Ethical Hacker has some good insight: A complete guide to become an Ethical Hacker ! | Programming : Ethical Hacker Way

    I heard Steve Gibson talk about this recently and he said you have to add on a programming language (assembly). But again, it depends on what you're trying to do.
    Hipposec said: "Would love to hear a tidbit on SN about becoming a security researcher, especially transitioning from hobby to career." And I thought about that a bit. And I thought, you know, the biggest and really only requirement is an understanding of low-level code. If you think about that, what we are, I mean, all of the things we see, everything we deal with is the assembly code, one step up from the machine language, but typically down below the source code. I mean, it is the case that open source, where you can see the problem, you can go, oh, wait a minute, they defined that as a WORD, but they used it as a DWORD, and that's not going to fit, so that's a problem. Yes. But normally the problems are found by actually looking at the machine language.

    So I would argue that what all security researchers have, what we keep seeing almost everyone doing, is understanding the code that the chip itself is reading. And so there's no hurry. It takes a while to get the hang of that. But there are so many free tools and so much information available on the Internet now to help somebody in that journey, that I think it's a cool thing to do.

    But really you can't be a security researcher, well, I mean, you can. Some of the problems that Tavis finds, for example, are his deep knowledge of JavaScript and the DOM, like recently the problem he found, for example, when he was taking a shower, with LastPass. But again, really, really deep understanding is what you need. And so that just, you know, it takes time and involvement, if somehow you can get that.

    https://www.grc.com/sn/sn-614.txt
Sign In or Register to comment.