Maximimizing international employability for pentester through certs

0b3lix

Good morning everyone,

due to my girlfriend's job in academia, we will be living in 4 different countries in the next 5 to 6 years: two Western European ones, the US, and one Middle Eastern one.

From people moving internationally I know how tough it can be to find a job in IT, even if highly qualified, if you don't speak the local language (which I don't). To reduce the financial strains heading our way I want to increase my attractiveness to potential employers in these countries, hoping to maximize the chances of finding a sufficiently paying job quickly enough.

I work as a penetration tester (5 years experience) and want to keep it that way if possible. At the moment I'm certified as CISSP, OSCP and OSCE. I also hold a Master's in CS.

Any ideas which certificates might increase my attractiveness as a penetration tester to future employers the most? I was thinking CISA but maybe someone has a better idea?

In general, it needs to be affordable out of my own pocket, so SANS and OffSec's AWE/AWAE are out.

0b3lix

(tl;dr: Searching for the next step for a pentester after CISSP, OSCE and OSCP that I can afford out of my own pocket)

ottucsak

If one of those Western European countries is the UK, then I would get CREST as having that cert is a requirement for doing penetration tests for the government/financial sector. Other than that you should be good with whatever you have and I would invest in learning languages instead.

For team lead roles you could take PMP, but almost all places will have it as optional.

soccarplayer29

^^ This

PMP would be a good one to tack onto your technical experience and demonstrate your project/time management skills to employers.

Crest for UK.

I'm going to say it and don't bash me: ECC CEH and LPT. Obviously won't expand your knowledge but hits those HR filters

NetworkNewb

Ever tried doing bug bounties?? I'm genuinely curious if anyone on here has made decent money doing that as a full or part time job. I keep hearing people can make decent money but feel that is a lot market hype for people to try and sell their books and courses.

Seems like it would be a decent thing to try if you know you are going to be moving around a lot though.

paul78

@OP - to your earlier post - I don't really think that CISA would be a cert that would be helpful given your situation. The good news is that penetration testing is role where you can do it from pretty much anywhere (except for physical and wireless testing). From what I can tell, security consulting companies that do penetration testing are willing to hire remote workers. You may just want to try that route.

As for relevant certs - other than CREST, the only other one that you may want to consider as a remote pent tester may be PCI QSA. Even if are you not able/willing to travel to a customer site or if you are not interested in doing PCI assessments, the PCI cert may possibly help you stand out since penetration testing can be an important requirement for PCI compliance.

Is there a reason why you can't stay at your current job? Maybe your current employer will let you work remotely.

McxRisley

You have the OSCP, from my experience most reuptable pentesting firms don't care about much else than that as far as certs go. Other than that, just be good at your job and interviews.

JasminLandry

NetworkNewb wrote: »

Ever tried doing bug bounties?? I'm genuinely curious if anyone on here has made decent money doing that as a full or part time job. I keep hearing people can make decent money but feel that is a lot market hype for people to try and sell their books and courses.

Seems like it would be a decent thing to try if you know you are going to be moving around a lot though.

I do bug bounties as a hobby when I have time (~5 to 10 hours a week) and it is an excellent way to make money. I know people who do it part time (~20 hours/week) as well as people who do it full time. There's definitely money to be made in bug bounties so if you have the skills, I strongly suggest it.

0b3lix

Thanks for all the replies so far!

Working remotely for my current employer is unfortunately not an option due to the labour laws in two of the countries. Both my employer and me would've preferred that but unfortunately it wouldn't work legally.

CREST/CHECK won't be beneficiary as none of the countries is the UK.

Bug bounties would be an option as a side gig for a while to save a bit of money for the transition periods. Thing is that they're not a steady source of income. Sometimes an effort of digging deeper pay off, sometimes it doesn't and I don't want to rely on that.

I read up on PCI QSA cause it seemed like a really good idea as there's demand for PCI audits and accompanying pentests everywhere. Turns out though that there are multiple steps in the process of getting and remaining certified that require a primary point of contact in a PCI QSA accredited company. The process does not seem to allow for individuals that want to acquire and maintain their certification independently. Also the obligatory training is 3k USD (VAT not included)... If there was a way for an independent individual to acquire and maintain that status, though, I would actually go for it.

Re. PMP: I'm too much of a techie, not intending on picking up a role with too much responsibility for projects (other than the ones I'm deployed on myself) for the time being.
I had been contemplating the CEH and LPT shortly, but only very shortly. I know it helps with a few HR filters but fortunately wherever a CEH is required usually a CISSP is also accepted. And, though you may call me stupid for that, I simply refuse to do business with the scammers from EC-Council. People are blowing way too much money up EC-Council's b*tts for shitty training and shitty exams which prove no skills and no useable knowledge whatsoever.

Several posters mentioned that CISA wouldn't exactly help in my situation. Why do you guys think so?

Again, thanks for the input so far!

paul78

0b3lix wrote: »

Working remotely for my current employer is unfortunately not an option due to the labour laws in two of the countries. Both my employer and me would've preferred that but unfortunately it wouldn't work legally.

Are you certain about that? I am guessing that you are in an EU country so you would be able to work in 2 of the countries in western Europe. Is your employer currently a multi-national with a nexus in the US? If they are not a US company, and you are going to be in the US under a B-2 tourist visa or similar - I would not expect any issue if you continued working for your current employer. Especially if you intent to retain residency status and an address in your home country. It's akin to someone going on vacation but spending part of that time catching up on work and doing some work. I'm not familiar with labor laws in any middle east countries but you may want to check if the same type of logic applies.

Also - depending on what country you are coming from - finding a job in the US for a US based company may be tougher than trying to find a job that will let you work from anywhere in the world.

0b3lix wrote: »

CREST/CHECK won't be beneficiary as none of the countries is the UK.

Some people in the US do know what it is - but as a pentester with OSCP and OSCE - it probably won't matter unless you want to do it for fun.

0b3lix wrote: »

I read up on PCI QSA cause it seemed like a really good idea as there's demand for PCI audits and accompanying pentests everywhere. Turns out though that there are multiple steps in the process of getting and remaining certified that require a primary point of contact in a PCI QSA accredited company. The process does not seem to allow for individuals that want to acquire and maintain their certification independently. Also the obligatory training is 3k USD (VAT not included)... If there was a way for an independent individual to acquire and maintain that status, though, I would actually go for it.

Yes - I probably should have mentioned that part. Also - you don't have to be a QSA to do the pent-test portion. A QSA is really an assessor of compliance to PCI standard.

0b3lix wrote: »

I had been contemplating the CEH and LPT shortly, but only very shortly. I know it helps with a few HR filters but fortunately wherever a CEH is required usually a CISSP is also accepted. And, though you may call me stupid for that....

Not at all - your OSCP is generally going to be much better received. Your opinion about CEH isn't uncommon among pen testers (at least among the folks that I know).

0b3lix wrote: »

Several posters mentioned that CISA wouldn't exactly help in my situation. Why do you guys think so?

Yah - I was one of them. The CISA is a non-technical cert. It's typically held by auditors who have a risk, governance, and/or compliance background. These are folks generally doing audits like SSAE16/18 which are non-technical audits. ISACA has a version for security professionals called the CISM. But given your interest in pent testing and the fact that you already have a CISSP, I doubt that the CISA or CISM is probably not worthwhile. Unless you just want to do it for fun or you suffer from insomnia. Their material is a great cure for insomnia.

UnixGuy

I thought u can get CREST once you have OSCP... CREST is useful in Australia and New Zealand as well. There is a shortage of good pentesters here, and OSCP is well respected (WHEN it's coupled with experience).


Echoing what others have said, I think you have enough certs. Build up experience, perhaps work on bug releases...or diversify your experience and add some consulting/risk assessment blue-team stuff?

English speaking countries, i don't think you'll have a problem landing a job

0b3lix

paul78 wrote: »

Yah - I was one of them. The CISA is a non-technical cert. It's typically held by auditors who have a risk, governance, and/or compliance background. These are folks generally doing audits like SSAE16/18 which are non-technical audits. ISACA has a version for security professionals called the CISM. But given your interest in pent testing and the fact that you already have a CISSP, I doubt that the CISA or CISM is probably not worthwhile. Unless you just want to do it for fun or you suffer from insomnia. Their material is a great cure for insomnia.

Yeah, I'm fully aware that it's going to be boring as hell. At my current employer we sometimes get requests for audits and our customers often want the auditor to be a CISA - something we can't provide at the moment. That's where the whole idea of getting CISA certified started.

Maybe I'll really just ditch the idea of getting another cert for the time being. There are so many beautiful, interesting areas one can deep dive into that I still have on my "bucket list" languages are definitely worthwhile to learn when living in another country for some time, but I won't be business fluent in any of them in such a short time so they won't help me in the job hunt.
As I said though the motivation for this thread was employability, hence the thought of getting something "in demand" internationally.