Certification path advice - CISSP to C|EH / OCSP
Securecall
Posts: 1Registered Users ■□□□□□□□□□
I've recently got back on the certification track after taking and passing my CISSP yesterday, and am keen to keep the momentum as far as keeping learning and working on my certifications (getting back to the technical ones), and am looking for some advice on where to go next, ideally from the people who have both a C|EH and OSCP.
I've worked as a Firewall and Network administrator now for 10+ years and would like to learn some skills from the other side of firewall, and I have my eye on the OSCP, a cert that seems to carry a bit of respect, and offers a learning track thats really going to give you some real world skills. Ive started to take some small steps (very small steps, Cybrary course) into learning to code in Python, with an eye on the long term.
The question I have, is it worth me studying for and taking the C|EH to get the basic knowledge, or is this just a waste of time and effort because the OSCP will teach me everything I will learn in the C|EH and more? Appreciate there is the HR department being the 1st line of defence angle as far as the C|EH is concerned, so I'm guessing it should be on the list. But for now, I am keen on personal development. Any advice on this path would be appreciated.
Cheers
I've worked as a Firewall and Network administrator now for 10+ years and would like to learn some skills from the other side of firewall, and I have my eye on the OSCP, a cert that seems to carry a bit of respect, and offers a learning track thats really going to give you some real world skills. Ive started to take some small steps (very small steps, Cybrary course) into learning to code in Python, with an eye on the long term.
The question I have, is it worth me studying for and taking the C|EH to get the basic knowledge, or is this just a waste of time and effort because the OSCP will teach me everything I will learn in the C|EH and more? Appreciate there is the HR department being the 1st line of defence angle as far as the C|EH is concerned, so I'm guessing it should be on the list. But for now, I am keen on personal development. Any advice on this path would be appreciated.
Cheers
Comments
If you search through the OSCP threads on here you'll find plenty of free resources to study that will better prepare you then speding time/money on the C|EH...
If OP does not plan to work for US Gov't then no point at all to do CEH since he already has CISSP. I also suggest what UnixGuy advices. ELearnSecurity such as eJPT or eCPPT.
Once I pass the CISSP (on or before 12/31/18 ), I wish to learn pentesting as well. Will the eLearnSecurity course(s) be helpful for a total newbie like me?
for pentest i think you can take a look ejpt first
"You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
Not true... A couple of years back several of my compliance buddies switched back to the technical side (i.e. PenTesting), and the companies now mandate you get your OSCP within the first six months. Sure HR still looks for C|EH, but many of those jobs (where I live) also list OSCP... Additionally, any real PenTesting company is very aware of the OSCP (as well as how little the C|EH actually teaches).
I definitely agree with E Double U that if a cert is free, might as well knock it out...
Hmm... I'm looking at it from this perspective, CISSP will allow me to understand about how a bunch of stuff works although it is not enough for me to really know the nitty gritty (e.g., what command to use, how to interpret stuff like logs, etc.) or getting my hands dirty so to speak.
I would like to go for that route as well, but unfortunately, the SANS courses are only limited for the Red Team peeps (I'm currently in our GRC block).
The only way I could justify the CEH would be if you are looking to go into DoD/Gov contract work. Mind you, that is not for a pentesting company like Rapid7 doing DoD work but for a company that deals with the DoD and is wanting someone for a security position (Analyst @ Cisco in CNS for example). Outside of that, the OSCP is going to be your bread and butter for getting a position with a pentest firm.
TLDR; Go for OSCP.
Blog: https://hackfox.net
I'd suggest searching the (ISC)2 section for "CISSP PASSED" threads. Many people list their study plans and what they found beneficial. Best of luck!