What cert should i do next?

OmniMan

I’ve been in security for 3 years. I am doing very well career and pay wise. I have my GSEC, sec +, crisc, Isaca csx, and itil. I have no idea what cert I want to do next. The CISSP just seems so boring and like I won’t leern anything beneficial. Any recommendations? I have no idea what I want to focus on security wise at this time.

NetworkNewb

If you want to go for one that will guarantee to benefit you, go for one that has focus on the tasks at your current position.

OmniMan

Will SEC504 offer me benefits beyond the GSEC or should I jump straight from GSEC to GPEN?

E Double U

What is your current role? Do you know what direction you want to head in career wise? GCIH is great for an incident handler, but not for someone performing audits.

NetworkNewb

OmniMan wrote: »

Will SEC504 offer me benefits beyond the GSEC or should I jump straight from GSEC to GPEN?

Sure if the topics correlate to your current job functions and can see where learning more about them can benefit you.

LonerVamp

There's really just two main reasons to do certs: To get paid more and to learn more.

To get paid more, CISSP is probably the way to go. And I don't necessarily just mean it will pay you more, but if you're out looking for a job, it should get you a job and get money in your pocket faster than without. In other words, it's still a badge that gets you noticed. If you're looking at more audit stuff, CISA/CISM?

To learn more, it's about what you need to learn and/or what you want to learn.

What do you need to do your job better, or to do the job you want to be doing?

Otherwise, what do you want to learn? Are you excited about some part of it? Is there a weakness you perceive that you could improve?

LonerVamp

OmniMan wrote: »

Will SEC504 offer me benefits beyond the GSEC or should I jump straight from GSEC to GPEN?

I don't actually know GSEC or SEC504 specifically, but I do know that if you want to do pen testing or attack systems, or just know how attackers attack systems, that would be GPEN.

TechGromit

LonerVamp wrote: »

I don't actually know GSEC or SEC504 specifically, but I do know that if you want to do pen testing or attack systems, or just know how attackers attack systems, that would be GPEN.

Wouldn't the OSCP be a better choice for attacking systems. I thought the GPEN was a mix of compliance (to cover your azz) and penetration testing.

LonerVamp

TechGromit wrote: »

Wouldn't the OSCP be a better choice for attacking systems. I thought the GPEN was a mix of compliance (to cover your azz) and penetration testing.

yeah. I tend to knee-jerk a bit to GPEN (if someone has already been talking about GIAC stuff) as it is more hand-held, or even eLearn. But if someone is full on about jumping into the moreorless deep end without the guidance, I say more power to 'em.