Which certification now?

I'm currently a senior working towards my bachelor's in Cyber Security Engineering. Because I'll be applying to full-time jobs soon, I need some advice on what certification I should get next.

My major is more geared toward systems engineering, so I haven't gotten much cyber knowledge aside from a class here and there. I currently intern at a government contractor where I work on cloud security solutioning, but thats mostly high level stuff. I would say my interest lies in network security.

Everyone I talk to about jobs tells me I need to get my CISSP, even if it's just the associate, if I want a really high paying job. It took me about two weeks to get my Security+, but I feel that it's somewhat unrealistic for me to get my CISSP within two months or so. I'm kind of worried about being able to handle it with school and work. However, I'm a fast learner and if I find that this cert is really worth it (right now, at least), I'll go all in and try my best.

So what do you guys think? Would it be realistic and if so would it even be helpful? Are there any other certs that would help me stick out? I've been looking at the CSA+, but that doesn't have much recognition yet and I'm not sure if I'm looking for an analyst role. CEH seems good but from what I can tell I need two years of experience, which I don't have.

Thanks for reading. Any input is welcome.

Find more posts tagged with

Comments

yoba222

I'd wait and take other certs in the mean time. In fact, I am waiting. Probably in two more years. I'd do it next year but I'll be working pen test certs then.

Expert-level certs like the CISSP (or CCIE) help to land senior-level jobs. If you have an expert-level cert but no work experience you won't be taken seriously. There are plenty entry and mid-range certs to take while you gain the work exp appropriate to an expert-level cert.

I've read some people state that in taking the CISSP, they didn't benefit much from study guides and instead relied on their work experience to pass.

stryder144

If you are interested in Network Security, consider getting the CCNA: R&S and Security. They will provide you with a foundation on networks and firewalls that, if understood well, will help you conceptualize how to prevent end point attacks since you will understand the pathway that attacks use. Maybe even consider looking into the Wireshark Certified Network Analyst (WCNA) certification, since that certification will show you how to determine what is wrong on the network at the packet level. Next, I would consider getting the CCNA: Cyber Ops certification, instead of the CSA+, based purely on name recognition alone. As for CEH, you need either two years experience or take the class through an Authorized Training Organization, where the experience requirement will then be waived. Since you are in the cloud space right now, leverage the experience with the Cloud+ exam or get the MCSA: Linux on Azure certification (one of the two certs required for that is the one that yoba222 is working on: LFCS. Attaining that Linux cert will be a challenge but will set you up well with a system level certification).

beniisan

Hi!

It depends what kind of job you have in mind.
If you want management and high level work, then you should go after CISSP and the ISACA certifications (CISA, CISM, etc)

If you are more interested in technical-level jobs. Then I suggest to take at least one pentest cert. My favourite is OSCP, but it's a little hard for first time. Full practical exam, no quizes, just a 24 hour duration exam to hack 5 servers. To certify you don't need work experience.
If this course to hardcore for you, you could start with one of elearnsecurity's pentest courses such as eCCPT or eJPT. To certify you don't need work experience. I haven't taken them, but many people take eCCPT -> OSCP.

ITSec14

It's not unrealistic to pass the CISSP in two months, however I wouldn't take it without some experience. If you like network security then why not get some Cisco certs?

Honestly, you're already on a good path as it is. You're getting a nice degree and have intern experience. You should have no problem getting a decent job which could possibly help offset costs for training and certs.

Build some labs at home and learn some cool stuff from that. It's going to benefit you much more right now than trying to load up on certs without much experience.

agentcapskins

I've heard some similar things about the CISSP. I'll definitely look into a mid-level cert instead for this Fall. Thanks for the advice.

agentcapskins

ITSec14 wrote: »

Build some labs at home and learn some cool stuff from that. It's going to benefit you much more right now than trying to load up on certs without much experience.

This is what I'll try to focus on. Probably one mid-level cert (maybe cisco like you mentioned) and then learning at home while doing some CTFs. Thanks.

Hawk321

The problem with CISSP is, that you do not get taught HOW to implement firewalls, IDS Systems etc. .

Doing sec stuff on linux or windows is not hard but just MUCH...and all that stuff makes only sense when you work with it.
For instance, my thesis was about implementing a 2FA into a heterogeneous environment. Tutorials are ALL wrong and even the vendor of the token wrote bs in the email discussions. I found many many many mistakes and wrong statements and figured out that obviously most tutorials copy stuff from other tutorials incl. errors.

Before, I knew what a 2FA is but never implemented nor worked with it. It cost nerves and some weeks to finally get a system running...I had to learn about pam, freeradius, multiple protocols and so on. PAM as an example is mostly mentioned by 3-6 pages in most books and also pluralsight videos run 10 minutes with this topic. However, no one told me or wrote something how to find a solution to my problems that I encountered. Soooo a little topic grow up to something really complex and the partner company believed that a 2 page online how to from the vendors page should be enough...I remember as the "boss" said that youtube is full with tuts....again...all bs!

He wanted later that I try to write a script in perl...as I told him that I never had perl at college he was pissed (but this guy himself has not graduated *so he shouldn't point his stinky finger to others*).
Finally I did all was needed and wrote a implementations and troubleshooting guide which got A graded.

Another example, yesterday I played around with tigerVNC on centOS and ubuntu...had my redhat manual and manpages, but it run not perfect in the first time, the manual for redhat is not 1:1 applicable to ubuntu etc. TigerVNC's documentation is also not pretty user friendly. And again...a small topic took a weekend.

What I want to say, stick with entry level certs and carry on step by step. And in case a HR person wants the perfect guy...well...you can argue that this will not gonna happen. Studying a 1000 pages tech books needs time...and you need more time to mature on its topics with real hand on experience

In Germany we have a common phrase "Rome is not built in a single day".

Nik 99

stryder144 wrote: »

If you are interested in Network Security, consider getting the CCNA: R&S and Security. They will provide you with a foundation on networks and firewalls that, if understood well, will help you conceptualize how to prevent end point attacks since you will understand the pathway that attacks use. Maybe even consider looking into the Wireshark Certified Network Analyst (WCNA) certification, since that certification will show you how to determine what is wrong on the network at the packet level.

First I've heard of WCNA. I'm not looking to go into security (I'm aiming for networking), but this cert and the knowledge gained seem really interesting. Is this cert well known / valued by employers? Or is it better to just study the subject, gain the knowledge and skip doing the exam?

trojin

Nik 99 wrote: »

study the subject, gain the knowledge and skip doing the exam?

Why to skip exam if you have enough knowledge to pass?

Nik 99

@Trojin Well for instance, If the exam / cert is mostly unknown to anyone how would it benefit you to have a cert on your resume that no one knows? How can you justify spending money that will give you no return towards your career?

trojin

@Nik 99
I prefer to sit exam even if is not widely recognized just to proof myself I can do this. From other side: you have few years experience in McAffee ePO. You like to move to another company using same software. Why not sit an exam and ensure your future employer that you have experience and knowledge? Even if ma0-104 is not the most known exam around.