Self-study certificate to aim for

SDee

I passed my CISSP, already had a CEH and have decent amount of Cisco certifications and ITIL Foundation.

Thinking about the next step, as I am currently Information Security holding both the managerial and compliance issues in addition to the technical part, so am looking to study for something that would fulfill the following:
- Not purely technical, yet net purely managerial
- Ability to sit for the exam without attending any official training
- Would add value to someone who is CISSP and CEH and has a decent market value


Suggestions?

UnixGuy

SDee wrote: »

..
- Not purely technical, yet net purely managerial
- Ability to sit for the exam without attending any official training
- Would add value to someone who is CISSP and CEH and has a decent market value


Suggestions?

That's really difficult mate, 'not technical yet not managerial', my answer is nothing meet that - you have to choose. CISSP is managerial, CCNA is technical, I don't know what a cert in between is.

I would've suggested SANS GCIH, but you don't want to pay for a training course.

I would suggest CompTIA CASP, but you already have CISSP and I'm not sure what value it'll hold. I would also suggest eLearnsecurity certs but they're all technical


you need to be a lot more specific, what do you want to learn? Your question is too broad.

SteveLavoie

CISA, ISC2 CCSP, CySA+

Techand$$

Cissp has about 80%managerial content and 20% technical, not many security certifications out there has a good mix of both. So instead of finding one, why not do a purely technical certification to balance out the managerial ones. Example: CCSK/CCSP for a managerial cert in cloud security and pair it up with AWS cloud security for the technical aspect.

Almost all the well known vendor certifications like AWS, Microsoft, Cisco, Juniper, PaloAlto etc can be self taught and do not require an official training requirement and each has their own security certification. Also, all the content for self learning is available online, sometimes for free, one just have to figure out if it’s relevant and up to par.

I think we are both similar in terms of career path, I started off with Cisco certs then wanted some managerial certs for my job as a security consultant so I did CISSP etc. When I felt I needed more depth to my technical knowledge I did the OSCP, which I feel is the CISSP equivalent when it comes to hands-on technical training, mile wide and inch deep

SDee

How would OSCP compare to LPT? I don't want to get certs from several bodies to avoid renewal complications later on..

Anyway, I think I have a shortlist now:
- LPT / OSCP
- CCSP

SDee

With OSCP is there any alternative to purchasing their PWK course ?!

airzero

No the course is a pre-requisite to taking the exam.

Techand$$

SDee wrote: »

How would OSCP compare to LPT? I don't want to get certs from several bodies to avoid renewal complications later on..

Anyway, I think I have a shortlist now:
- LPT / OSCP
- CCSP

OSCP does not expire and is the better known cert , I don’t know much about LPT. Also I have read the CCSP book by Adam Gordon and IMO there is a lot of overlap with the CISSP content. I would personally do the CCSK certicate from which CCSP was actually derived and is more concise, relevant, affordable and never expires.

SDee

Well, been playing around with HackTheBox since starting this thread and I like it, but the thing is I am not at a career level to learn penetration testing from scratch, and I am pretty sure that there will be others who have better programming skills who surpass me in that field. I am good with PT and I know all the concepts and what can be done, but I feel that I won't be the best person in knowing how it is done.

I think I will check the CCSP, Any materials to start with? getting the official guide soon.. 350ish pages doesn't seem to be a lot!