Thinking about what's next

As I await my CISSP endorsement to be completed, I started to think about what's next. I'm not sure if I'll get through another certification this year, as I need a break, but always good to keep things in mind. I recently became a cybersecurity manager, which includes a lot of hands on work. I've worked on both the server and network sides of the house (more recently networking). Even though I'm on a mini certification break, I wanted to keep learning, so I decided to spend some time learning about securing windows 2016 and active directory 2016. I figured, my employer is 95% windows, so it doesn't hurt.

When I do go back to certs, I think I'll want to stay security focused. Not sure if I should go for ISC2 CCSP or maybe go left field and learn some pentesting, maybe eJPT? Incident Response?

Decisions decisions

Find more posts tagged with

Comments

tedjames

I finished eJPT earlier this year. Currently working on CISSP. After that, I'm going to keep developing my penetration testing skills and push that as far as I can. I'm not going to pursue another certification any time soon. I'd rather just learn on my own without a deadline for awhile. Maybe you could just choose a skill that you want to learn and do it. And then later if you decide to get another certification, you can.

MitM

tedjames wrote: »

I finished eJPT earlier this year. Currently working on CISSP. After that, I'm going to keep developing my penetration testing skills and push that as far as I can. I'm not going to pursue another certification any time soon. I'd rather just learn on my own without a deadline for awhile. Maybe you could just choose a skill that you want to learn and do it. And then later if you decide to get another certification, you can.

That was my original plan and is still a good idea that I am considering.

yoba222

I felt like the eJPT was more of a pleasure break from certs. Instead of slogging through a dry technical manual, it was like reading an entertaining yet educational issue of a good PC magazine. Well maybe exaggerating a little.

MitM

Did you both buy the Elite package?

ottucsak

You can get the eJPT basic package if you register for their upcoming eWAPT webinar, however I would not recommend upgrading. The cert itself is not recognized and the course is really-really basic. If you have enough experience either go with the OSCP or skip eJPT and go straight for eCPPT.

yoba222

For the PTS I did the middle one, which I think was best. Maybe for the PTP paying extra for more lab time would be beneficial. I wouldn't do the bare bones one because the labs are practically the whole point of the training, which you wouldn't get.

tedjames

yoba222 wrote: »

I felt like the eJPT was more of a pleasure break from certs. Instead of slogging through a dry technical manual, it was like reading an entertaining yet educational issue of a good PC magazine. Well maybe exaggerating a little.

I got the Elite package. As someone else stated, If you already have penetration testing experience, eJPT may be too rudimentary for you. If you have no experience, it's the perfect place to start. As Yoba said, it's a nice break from the traditional multiple choice tests. This one requires you to learn the tools and is completely hands-on. It may not be recognized the way the CEH is, but it will give you some great practical skills that you can apply right away. It's a good stepping stone.

MitM

tedjames wrote: »

I got the Elite package. As someone else stated, If you already have penetration testing experience, eJPT may be too rudimentary for you. If you have no experience, it's the perfect place to start. As Yoba said, it's a nice break from the traditional multiple choice tests. This one requires you to learn the tools and is completely hands-on. It may not be recognized the way the CEH is, but it will give you some great practical skills that you can apply right away. It's a good stepping stone.

yup, I have no pen test experience. I don't see myself in that role, but it's always good to know things

UnixGuy

eJPT will give you a nice intro to pentesting, and you get to test your knowledge and learn new cool tools (nmap, nessus, webapps pentesing), stuff that you can start immediately using in your current job

If your employer can pay for it, SANS certs are great (GCIH for incident response), or GCFA for a more advanced cert

Or you can read the incident response book by Eric Conrad...it's good.

stryder144

MitM wrote: »

I don't see myself in that role, but it's always good to know things

This is, in my opinion, the right attitude to have. Far too many of my colleagues have no desire to move forward in their knowledge and that confuses me to no end. Want to be a better defender? Learn how pentesters/hackers/crackers attack your system. Want to be a better attacker? Learn how network defenders do their jobs. Seems far too simple to me.

Info_Sec_Wannabe

I was planning to take the eLS PTS/eJPT, but a colleague of mine who is a pentester suggested that I go for freely available resources first (including the training materials that our penetration team has) before going into paid ones. Cloud-related certs are also viable especially if your employer has plans of going into cloud.