Certification Goals for 2018

McxRisley

cert_king wrote: »

I see a lot of people with a goal for CISSP which is worrying sounds like everyone and his dog will have it soon and it will be devalued so much it will be like the paper MCSE's in the past.

Guys if you do not have the experience please do not go for it, I know you can get associate but you still using the CISSP name and you just a support guy. Leave security to the experienced big dogs please.

There are always going to be people who aren't exactly on the same level as others, this applies to all certs. I don't see it as devaluing the cert, if they aren't quite on par with the rest but are eager to learn then who cares? If they just get the piece of paper and then don't continue to improve, then they will fall into the category of "How the **** did that guy pass the (insert any cert name here)?".

cert_king

McxRisley wrote: »

n they will fall into the category of "How the **** did that guy pass the (insert any cert name here)?".

Exactly then the next time they see someone with the certification they think last CISSP guy was useless, CISSP means nothing.

The CISSP use to mean you were a experienced security manager now it means for the last few years you re-set someones password and run a virus scan or even worse your mate just signed the forms to say you done that.

The pups need to stay with the Security+.

trojin

cert_king wrote: »

The pups need to stay with the Security+.

I hope you follow your own advice...

McxRisley

trojin wrote: »

I hope you follow your own advice...

Agreed. He totally failed to get what I was saying.

jibtech

cert_king wrote: »

Exactly then the next time they see someone with the certification they think last CISSP guy was useless, CISSP means nothing.

The CISSP use to mean you were a experienced security manager now it means for the last few years you re-set someones password and run a virus scan or even worse your mate just signed the forms to say you done that.

The pups need to stay with the Security+.

That is not even close to an accurate representation of the CISSP. I just sat for it two weeks ago. Even without the endorsement process, the test alone is not exactly a walk in the park. The endorsement process just adds to that. If someone is randomly endorsing people without regard for their actual skillset and background, then shame on that person. They are the one devaluing the certification, not the person taking the test.

Personally, I am glad that more people are pursuing it. The more people who actually learn and understand the principles covered by the CISSP, the better the industry will be for having that knowledge in the workforce.

And calling the people here "pups" is a case study in choosing the wrong audience. Unless its three wolves, with a moon. In that case, this is EXACTLY that audience.

cert_king

trojin wrote: »

I hope you follow your own advice...

I am not a pup, and I focus and get good certs not just all over the place with certs like SNIA, A+, Prince 2 pick a field and become a master don't get different certs and try and jump on the security bandwagon.

NetworkNewb

cert_king wrote: »

I am not a pup, and I focus and get good certs not just all over the place

That's great to know. Then you must also be smart enough to have realized almost everyone who put CISSP in this thread also has other security certifications or advance certifications already right? Feel like you're trying to make a generalization but not taking into account the audience you're making your argument to.

cert_king

NetworkNewb wrote: »

That's great to know. Then you must also be smart enough to have realized almost everyone who put CISSP in this thread also has other security certifications or advance certifications already right? Feel like you're trying to make a generalization but not taking into account the audience you're making your argument to.

You could not be more wrong, my last post was the complete opposite of generalization and aimed at one person.

NetworkNewb

cert_king wrote: »

I see a lot of people with a goal for CISSP which is worrying sounds like everyone and his dog will have it soon and it will be devalued so much it will be like the paper MCSE's in the past.

Guys if you do not have the experience please do not go for it, I know you can get associate but you still using the CISSP name and you just a support guy. Leave security to the experienced big dogs please.

This post confused me then. (which started the little debate) I'll be done derailing the thread further though. Hopefully get my CISSP here in the next couple months!

Iristheangel

cert_king wrote: »

I see a lot of people with a goal for CISSP which is worrying sounds like everyone and his dog will have it soon and it will be devalued so much it will be like the paper MCSE's in the past.

Guys if you do not have the experience please do not go for it, I know you can get associate but you still using the CISSP name and you just a support guy. Leave security to the experienced big dogs please.

The "paper MCSEs" of the past were because so many people were dumping the MCSE and therefore didn't have the skillset that was supposed to be associated with that certification, not because so many people had it. The CISSP and most ISC2 tests are incredibly hard to **** given the question pool size and how quickly they age out questions so it's a lot harder to be a "paper CISSP."

I wouldn't waste my time worrying about people not having experience taking the CISSP exam. If someone gets an Associate of ISC2, they aren't technically using the CISSP name unless they are lying on their resume by saying they have a CISSP and if that's the case, they could still lie even without the "Associate of ISC2" and claim they have the CISSP. At that point, it's up to the employer to confirm.

That being said, the CISSP is not a overly technical exam in nature. It's a mile wide and an inch deep. I feel like people who judge people who have a CISSP and aren't super 1337 hax0rs have no idea what the CISSP is about. It's more of a security management test than it is a practioner test.

chrisone

cert_king wrote: »

Leave security to the experienced big dogs please.

Terrible advice. Advice no one here asked for, stop criticizing other peoples goals, concentrate on commenting on your own. 5 posts? masked_king = cert_king. Stop embarrassing yourself. Humble yourself, you can learn a lot from many highly talented and experienced individuals here.

PC509

cert_king wrote: »

I am not a pup, and I focus and get good certs not just all over the place with certs like SNIA, A+, Prince 2 pick a field and become a master don't get different certs and try and jump on the security bandwagon.

Some people get certs through school, work, or over the years. I have my A+. I'm going for my CISSP. Oh, the A+ was from the 90's. So, while it's worthless now, it was a stepping stone on my journey to where I am now. I have some really shitty certs (CIW?!), but they were part of my education. Vista cert? Employer paid for it. It was a fun exam, though, as I loved Vista. Security bandwagon? For many, they've been a part of security for a long time.

jibtech

Loved Vista?!

That's just crazy talk.

blargoe

Masked_King == cert_king

trojin

cert_king wrote: »

I am not a pup, and I focus and get good certs not just all over the place with certs like SNIA, A+, Prince 2 pick a field and become a master don't get different certs and try and jump on the security bandwagon.

My certs just show my way through IT. I started few years ago as IT OPS, later worked on implementation new storage/backup solution, disaster recovery and finally info sec. What's wrong in this case to study stuff I have to work on and pass exams to proof the knowledge?

Iristheangel

chrisone wrote: »

Terrible advice. 5 posts? masked_king = cert_king.

Least obvious name change. LoL.

Cisco Inferno

Iristheangel wrote: »

Least obvious name change. LoL.

this has been an entertaining week.

blargoe

Back on topic, I'm planning to do the MCSA upgrade to 2016, because I will have just completed the MCSA on 2012 and the company is making me go to Server 2016 training. I may possibly take the 2016 Security test, as well, to complete the MCSE.

After that, I don't know. I expect I will begin studying for whatever I'm going to do for VCP renewal toward the end of the year because my deadline for passing is February 2019. I may do the VCAP Design to go with my other VCAP (or whatever they are calling it now) to upgrade my VMware credentials.

I might also do one of RHCSA or AWS:SA Associate; neither would be a HUGE stretch goal for me other than taking time away from other endeavors, professional and otherwise.

I've been more focused on "learning" rather than "certification" lately, but detoured onto MS certification this year because my credentials are so out of date. I am more interested in developing a foundation that will help me to survive in the cloud era and ideally be able to land a devops role in a couple of years, meaning broadening coding skills and becoming more proficient configuring Linux systems than I am today, and becoming more platform agnostic in general.

aderon

I think this is it for now. I'll probably add to this or subtract depending on how the year plays out.

Certification Goals:
OSCP (I think I'll be done by late Jan or beginning of February.
OSCE (Will begin work on this. Probably won't be testing until 2019 though. Really depends on how much time I have)
CEH (This is a BIG maybe)

Learning/Reading Goals:
Continue working on M.S. in Cybersecurity
The Hacker Playbook 2
Metasploit Unleashed course
Metasploit: The Penetration Tester's Guide Book
Continue improving programming skills (Especially in assembly)

Career Goals:
Land pentester position
Bug Bounty (Start participating in bug bounty programs)

TeKniques

Hoping to finish OSCE

cert_king

trojin wrote: »

My certs just show my way through IT. I started few years ago as IT OPS, later worked on implementation new storage/backup solution, disaster recovery and finally info sec. What's wrong in this case to study stuff I have to work on and pass exams to proof the knowledge?

Sorry I take it back, how many years have you been in security management?

cert_king

Iristheangel wrote: »

Least obvious name change. LoL.

Not the same person, as I said I apologize to all the people who have been working in security management and are planning on getting the CISSP.

All the support guys or techies this is not a cert for you move on, this is big dog stuff not head in a computer not able to translate tech to the business then complaining they do not know anything.

cert_king

Iristheangel wrote: »

The "paper MCSEs" blah blah

You make some good points, assuming you are a PA for a security manager?

jibtech

cert_king wrote: »

You make some good points, assuming you are a PA for a security manager?

PA = personal assistant?

Yep. Iris is a great personal assistant. Makes a great cup of coffee, too.



Jackass.

JoJoCal19

cert_king wrote: »

You make some good points, assuming you are a PA for a security manager?

PC509

edit: going to be nice...

My goals are obtainable for 2018, but they also prepare me for 2019!

TeKniques

It seems some moderators are needed as a t.roll infestation has occurred ...

Iristheangel

cert_king wrote: »

You make some good points, assuming you are a PA for a security manager?

Why would my points matter more or less if I'm a manager? Please elaborate why in your response.

Iristheangel

jibtech wrote: »

PA = personal assistant?

Yep. Iris is a great personal assistant. Makes a great cup of coffee, too.



Jackass.

Watch me make a sammich.

Iristheangel

cert_king wrote: »

Not the same person, as I said I apologize to all the people who have been working in security management and are planning on getting the CISSP.

All the support guys or techies this is not a cert for you move on, this is big dog stuff not head in a computer not able to translate tech to the business then complaining they do not know anything.

It's true that it's a higher level exam but even ISC2's own site will say the CISSP is ideal for those roles as well as for security consultants, security analysts, security auditors, security architects, network architects, etc. Screenshot below.



That being said, you don't have to wait until you're working in middle management somewhere to learn to "translate tech to the business." I would say this would be an awesome skill to have no matter what level you're on since it will help you move up in your career. Personally, I have zero interest in management and have turned down many such roles in the past but when I was a network engineer, I still had to walk into the CIOs office and communicate what was going on and why certain projects needed to be prioritized in layman's terms. I still talk to CIOs, CTOs, CISOs, IT Managers, etc daily both in my professional career and my extracurricular career - even more so now. Being able to map business needs to technology and explaining the pros and cons for each path or design to people who aren't engineers is a critical skill to have whether or not you are in management.