Best cert for vulnerability management/evaluation/related risk assessment ?

Seab

Hi!

I would like to know if some of you have any experience in vulnerability assessment/mngt/eval/risk, etc. and if there is a training or a cert that really make sense to go through with that direction ?

Not looking for deep pentest skills, but a specific training for vulnerability assessment that would include all required skills.

Thank you

ottucsak

Qualys has free trainings/certs for their vulnerability related stuff. That won't teach you the basics, but hey, it's free.

Seab

Thanks for the reply ottucsak.

I've been through that training. Pretty interresting for free stuff especially if you are managing Qualys. But it is a tool oriented training....

At the moment I am looking at CEH. It is not really what I am looking for, but would answer to 50% of my needs probably.

scada

the New CEH might be ok. I have v9 and I wasn't to impressed with it.

yoba222

I don't think such a thing exists. If it did, I'd be interested, particularly in example best practices of how to run a vuln management program properly. The CySA+ might be useful to you. I doubt the CEH v10 or whatever is any good. If the curriculum is still kind of a mess after 9 versions, well . . . you can't get fooled again. . .

cshkuru

SANS puts out a NICE framework to GIAC mapping https://www.sans.org/courses/niceframework/ - Vulnerability Assessment is listed in the PR category (PR-VAM-001) and the map GPEN, GXPEN and GWAPT to the position. The Navy also does some mappings https://www.cool.navy.mil/usn/cswf/index.htm and EC Council recommends ECSA/LPT https://ciso.eccouncil.org/wp-content/uploads/2013/09/NICE-IA-Framework-and-EC-Council-Certs-Ecosystem-Mapping-CCISO.pdf

TL/DR: There isn't a single recommendation and everyone recommends their own solution.

Danielm7

SANS has a new class that might fit the bill. It's not remotely cheap, and doesn't have a cert exam yet, but here is the info.

https://www.sans.org/course/enterprise-threat-vulnerability-assessment