Thinking about what's next

MitMMitM Member Posts: 622 ■■■■□□□□□□
As I await my CISSP endorsement to be completed, I started to think about what's next. I'm not sure if I'll get through another certification this year, as I need a break, but always good to keep things in mind. I recently became a cybersecurity manager, which includes a lot of hands on work. I've worked on both the server and network sides of the house (more recently networking). Even though I'm on a mini certification break, I wanted to keep learning, so I decided to spend some time learning about securing windows 2016 and active directory 2016. I figured, my employer is 95% windows, so it doesn't hurt.

When I do go back to certs, I think I'll want to stay security focused. Not sure if I should go for ISC2 CCSP or maybe go left field and learn some pentesting, maybe eJPT? Incident Response?

Decisions decisions

Comments

  • tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
    I finished eJPT earlier this year. Currently working on CISSP. After that, I'm going to keep developing my penetration testing skills and push that as far as I can. I'm not going to pursue another certification any time soon. I'd rather just learn on my own without a deadline for awhile. Maybe you could just choose a skill that you want to learn and do it. And then later if you decide to get another certification, you can.
  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    tedjames wrote: »
    I finished eJPT earlier this year. Currently working on CISSP. After that, I'm going to keep developing my penetration testing skills and push that as far as I can. I'm not going to pursue another certification any time soon. I'd rather just learn on my own without a deadline for awhile. Maybe you could just choose a skill that you want to learn and do it. And then later if you decide to get another certification, you can.

    That was my original plan and is still a good idea that I am considering.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    I felt like the eJPT was more of a pleasure break from certs. Instead of slogging through a dry technical manual, it was like reading an entertaining yet educational issue of a good PC magazine. Well maybe exaggerating a little.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    Did you both buy the Elite package?
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    You can get the eJPT basic package if you register for their upcoming eWAPT webinar, however I would not recommend upgrading. The cert itself is not recognized and the course is really-really basic. If you have enough experience either go with the OSCP or skip eJPT and go straight for eCPPT.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    For the PTS I did the middle one, which I think was best. Maybe for the PTP paying extra for more lab time would be beneficial. I wouldn't do the bare bones one because the labs are practically the whole point of the training, which you wouldn't get.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
    yoba222 wrote: »
    I felt like the eJPT was more of a pleasure break from certs. Instead of slogging through a dry technical manual, it was like reading an entertaining yet educational issue of a good PC magazine. Well maybe exaggerating a little.

    I got the Elite package. As someone else stated, If you already have penetration testing experience, eJPT may be too rudimentary for you. If you have no experience, it's the perfect place to start. As Yoba said, it's a nice break from the traditional multiple choice tests. This one requires you to learn the tools and is completely hands-on. It may not be recognized the way the CEH is, but it will give you some great practical skills that you can apply right away. It's a good stepping stone.
  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    tedjames wrote: »
    I got the Elite package. As someone else stated, If you already have penetration testing experience, eJPT may be too rudimentary for you. If you have no experience, it's the perfect place to start. As Yoba said, it's a nice break from the traditional multiple choice tests. This one requires you to learn the tools and is completely hands-on. It may not be recognized the way the CEH is, but it will give you some great practical skills that you can apply right away. It's a good stepping stone.

    yup, I have no pen test experience. I don't see myself in that role, but it's always good to know things
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    eJPT will give you a nice intro to pentesting, and you get to test your knowledge and learn new cool tools (nmap, nessus, webapps pentesing), stuff that you can start immediately using in your current job

    If your employer can pay for it, SANS certs are great (GCIH for incident response), or GCFA for a more advanced cert



    Or you can read the incident response book by Eric Conrad...it's good.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    MitM wrote: »
    I don't see myself in that role, but it's always good to know things

    This is, in my opinion, the right attitude to have. Far too many of my colleagues have no desire to move forward in their knowledge and that confuses me to no end. Want to be a better defender? Learn how pentesters/hackers/crackers attack your system. Want to be a better attacker? Learn how network defenders do their jobs. Seems far too simple to me.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • Info_Sec_WannabeInfo_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□
    I was planning to take the eLS PTS/eJPT, but a colleague of mine who is a pentester suggested that I go for freely available resources first (including the training materials that our penetration team has) before going into paid ones. Cloud-related certs are also viable especially if your employer has plans of going into cloud.
    X year plan: (20XX) OSCP [ ], CCSP [ ]
Sign In or Register to comment.