Certifications that CAN'T be brain-dumped?

N7ValiantN7Valiant Senior MemberMember Posts: 363 ■■■■□□□□□□
edited September 2019 in General Certification
So as I overheard my 2 coworkers exchange tips over which brain dumping resources they used to get their Security+, it makes me realize that maybe the reason why my MCSA/E doesn't seem to mean much is because the exam format does allow for brain dumping despite the comparative difficulty compared to the CompTIA exams.

So I'm kind of wondering what practical certification is harder if not impossible to brain-dumpd simply because it's more involved than memorizing answers?

I've had my eye on OSCP for a while now, although I feel that the level is much higher than what I'm capable of based on the material (SQL injection, XSS).  I get the impression that having at least a little experience as a Sysadmin might be a good prereq to it, but I'm open to being corrected on that impression if anyone ever did it.

RHCSA is another one, but given that I'm in Hawaii, I'd have to fly stateside to sit for the exam.  Not really an unreasonable cost, but it would be a good chunk of time and money depending on whether I want to give myself a window for at least 2 attempts.
OSCP
MCSE: Core Infrastructure
MCSA: Windows Server 2016
CompTIA A+ | Network+ | Security+ CE

Comments

  • cyberguyprcyberguypr Senior Member Mod Posts: 6,927 Mod
    edited September 2019
    I personally don't care about how dumpable a cert is. Each one of the has made me grow as an IT/IS professional, even my stupid CEH and CHFI. 
  • lucky0977lucky0977 Senior Member Member Posts: 218 ■■■■□□□□□□
    edited September 2019
    I would say the exams offered by ISC2 and ISACA are still un-compromised. I have little regard for CompTIA stuff when all you have to do is google Security+ Braind**ps and you shall find countless resources.


    I thought companies like Cisco and Microsoft were actively monitoring and suing d**ping sites and trying to shut them down.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • SweenMachineSweenMachine MCSA: Office 365, MCSA: Windows 7 (I am old), ITIL Foundations V3 Chicago areaMember Posts: 300 ■■■■□□□□□□
    N7Valiant said:
    So as I overheard my 2 coworkers exchange tips over which brain dumping resources they used to get their Security+, it makes me realize that maybe the reason why my MCSA/E doesn't seem to mean much is because the exam format does allow for brain dumping despite the comparative difficulty compared to the CompTIA exams.

    So I'm kind of wondering what practical certification is harder if not impossible to brain-dumpd simply because it's more involved than memorizing answers?

    I've had my eye on OSCP for a while now, although I feel that the level is much higher than what I'm capable of based on the material (SQL injection, XSS).  I get the impression that having at least a little experience as a Sysadmin might be a good prereq to it, but I'm open to being corrected on that impression if anyone ever did it.

    RHCSA is another one, but given that I'm in Hawaii, I'd have to fly stateside to sit for the exam.  Not really an unreasonable cost, but it would be a good chunk of time and money depending on whether I want to give myself a window for at least 2 attempts.
    To be honest, I have never once looked at, or cared about, how 'dumpable' a certification is. I usually have a reason for pursuing any certification I go after (whether that's personal, professional, or both) - And as an executive and hiring manager of an IT consulting firm NOW, I haven't once considered that in the hiring process.  We gauge technical aptitude based on position, and while the certification might spur some initial interest it has never once been a large determining factor in any hire I have done, and I have directly hired 15+ people in the last 4 years.

    I understand where you are coming from, but focusing on how your certifications look to outsiders as potentially dumpable is a cynical way to look at certification.

    -scott
  • mikey88mikey88 CISSP, CySA+, Security+, Network+ and others Member Posts: 495 ■■■■■■□□□□
    Agree with @SweenMachine. Focus on gaining the knowledge a certification provides. During the interview it will become obvious if you have the knowledge or not. 


    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • SweenMachineSweenMachine MCSA: Office 365, MCSA: Windows 7 (I am old), ITIL Foundations V3 Chicago areaMember Posts: 300 ■■■■□□□□□□
    mikey88 said:
    Agree with @SweenMachine. Focus on gaining the knowledge a certification provides. During the interview it will become obvious if you have the knowledge or not. 


    exactly this. Let the others **** if they want, but worrying about the perception of a certification rather than the knowledge gained helps no one; certainly not you.

    Also, in the grand scale of IT; being on this forum and actively pursuing certifications brings more intimate knowledge of how dumping works, what it is, etc - MOST people in IT could care less about even knowing what 'dumping' is. If you asked the 80+ employees in my company about dumping, aside from the engineering team and some techy wonks, most wouldn't know what you were talking about. And we're an IT company haha

    -scott
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,927 Mod
    edited September 2019
    Yeah, two jobs ago I worked for a SaaS company. The devs had no idea what domps where. All they new was that they were "guides" that helped them pass exams. It always laughed when I found them in the shared drive audits.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    At the end of the day, people who truly learn/know the material and can put it into practice after their exam will succeed and be obvious. Those that fake their way through are usually painfully obvious when you work around or with them.

    I have never looked for **** or cheats (I've on accident found one for Linux+ first exam, but it was *after* I had just taken the exam and realized I'd see those questions on what I thought was a practice test on YouTube). For me, the cert is rarely a gateway stepping stone, and more about learning something and being able to walk that talk. I'd personally say, don't sweat it too much, and pursue what you want to pursue and what will get you closer to your goals.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • N7ValiantN7Valiant Senior Member Member Posts: 363 ■■■■□□□□□□
    edited September 2019
    I suppose my frustration is that I am in fact at the bottom of the IT ladder (was help desk, now a PC Technician after a year), and the fact that I'm at the bottom of that ladder means that technical ability isn't valued at all.  My team lead doesn't know CLI in the least and can't do it even if you go step by step on which commands to run.  It's also why my 2 other coworkers can brag all day about dumping (which is something they can lose their certifications over, which they need for DoD 8570 compliance) and my supervisor doesn't know or doesn't care.

    As I only have about 1 yr 5 mo experience in IT, I generally get something along the lines of "well, we're looking for someone with more experience" whenever I apply to a more skilled position like Sysadmin.  It wasn't great to hear people explain to you that they didn't think you would amount to much, because the story would go that they knew people who had all the certifications but could do none of the work.

    Wondering if exams like OSCP or Red Hat had enough name recognition that anyone who had a passing interest would know what it entails and that you couldn't scam your way past them?

    I mean, once I've rewritten a VBScript tool at work to Powershell, used WPF for a GUI, and runspaces to multithread it, I think I've pretty much hit the bedrock of boredom, along with a neurological "need" to do brainy work.
    OSCP
    MCSE: Core Infrastructure
    MCSA: Windows Server 2016
    CompTIA A+ | Network+ | Security+ CE
  • mizterkewlmizterkewl Member AgrabahMember Posts: 122 ■■■■□□□□□□
    similar work situation...no one knows anything. there's not going to be some secret cert that is going to distinguish you from anyone else. just work on you and know your stuff, so that when you're ready you have the opportunity to leave for something better whereas they will probably be stuck at that job because they can't go anywhere.
  • SweenMachineSweenMachine MCSA: Office 365, MCSA: Windows 7 (I am old), ITIL Foundations V3 Chicago areaMember Posts: 300 ■■■■□□□□□□
    N7Valiant said:


    As I only have about 1 yr 5 mo experience in IT, I generally get something along the lines of "well, we're looking for someone with more experience" whenever I apply to a more skilled position like Sysadmin.  It wasn't great to hear people explain to you that they didn't think you would amount to much, because the story would go that they knew people who had all the certifications but could do none of the work.

    If I am hiring for a position that needs more than 1.5 years of experience, there is no certification in the world you could get that would bypass that requirement. The experience isn't always about the singular technical part, it's also about knowing you have the ability to stick with a career. And also, like it or not, paying dues is also about growing in your chosen field of occupation. Rarely do you not pay your dues in any field.

    Our sysadmins all have well over 10 years of IT experience, and over 3 years of sysadmin specifically - there are no shortcuts really; work hard. Learn the skills you want. Put in your dues, watch your career grow. I started in IT in 1999 and while I am in a management role now, at 1.5 years experience I was still at the helpdesk. As with 5 years. And 7 years... . 
  • iBrokeITiBrokeIT GDSA, GRID, GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, Pen+, CySA+, Sec+, N+, A+, eJPT Member Posts: 1,315 ■■■■■■■■■□
    N7Valiant said:
    I suppose my frustration is that I am in fact at the bottom of the IT ladder (was help desk, now a PC Technician after a year), and the fact that I'm at the bottom of that ladder means that technical ability isn't valued at all.  My team lead doesn't know CLI in the least and can't do it even if you go step by step on which commands to run.  It's also why my 2 other coworkers can brag all day about dumping (which is something they can lose their certifications over, which they need for DoD 8570 compliance) and my supervisor doesn't know or doesn't care.
    Grow up, stop mentally burdening yourself with the poor choices of others and you will be much happier.  Put that energy into your own professional development and then move on to a new employer.  
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON GCWN Linux+

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops
  • N7ValiantN7Valiant Senior Member Member Posts: 363 ■■■■□□□□□□
    If I am hiring for a position that needs more than 1.5 years of experience, there is no certification in the world you could get that would bypass that requirement. The experience isn't always about the singular technical part, it's also about knowing you have the ability to stick with a career. And also, like it or not, paying dues is also about growing in your chosen field of occupation. Rarely do you not pay your dues in any field.

    Our sysadmins all have well over 10 years of IT experience, and over 3 years of sysadmin specifically - there are no shortcuts really; work hard. Learn the skills you want. Put in your dues, watch your career grow. I started in IT in 1999 and while I am in a management role now, at 1.5 years experience I was still at the helpdesk. As with 5 years. And 7 years... . 
    But... do people have to pay the same dues?  There are people out there who attend college before they've ever hit 18, rare as it is.  I think the ability to stick with a career is something you could fairly gauge based on a willingness on a person's part to delve into the deeper parts of it even beyond what their job requires of them.

    If you hire someone with 5 years of experience over the one with 10 years, why would you do that?
    OSCP
    MCSE: Core Infrastructure
    MCSA: Windows Server 2016
    CompTIA A+ | Network+ | Security+ CE
  • Jon_CiscoJon_Cisco Member Posts: 1,772 ■■■■■■■■□□
    With under two years experience you are certainly over thinking this. We all do it so don't be to hard on yourself. When we start a career it seems impossible to surmount the years of experience required for every job posting. But every job that is filled today is filled by someone who was not born with that experience.

    Just keep studying the things that either directly impact your current job or interest you for your future job.
  • MrsWilliamsMrsWilliams Junior Member Member Posts: 192 ■■■■□□□□□□
    edited September 2019
    Jon_Cisco said:
    With under two years experience you are certainly over thinking this. 
    Agree. Worry about the things you can change and less about the things you can't. 
  • N7ValiantN7Valiant Senior Member Member Posts: 363 ■■■■□□□□□□
    Jon_Cisco said:
    With under two years experience you are certainly over thinking this. We all do it so don't be to hard on yourself. When we start a career it seems impossible to surmount the years of experience required for every job posting. But every job that is filled today is filled by someone who was not born with that experience.

    Just keep studying the things that either directly impact your current job or interest you for your future job.
    I'm not so sure I actually want to go down the Cybersecurity route, but I figured I'd want some familiarity with Linux under my belt.  So I think I'll give the OCSP a shot.  Figure if I can root a few boxes in 3 months, I'll be ready to start the training.
    OSCP
    MCSE: Core Infrastructure
    MCSA: Windows Server 2016
    CompTIA A+ | Network+ | Security+ CE
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I think you're overthinking the dumping thing. Sure, you have a few coworkers who do it, but it doesn't mean that no one will respect what you do just because you passed exams that might have some answers somewhere. Know what you do, know your worth, give it some time and move on. The idea of trying to do the PWK/OSCP just because it can't be dumped, if you don't even plan on being a pentester, is silly and a waste of time. 

    I had an old coworker who would insist it wasn't cheating he was just looking for some backup questions to reinforce what he's doing. He did it all the way up to the CCIE written, and of course couldn't pass the lab. He tried for the CISSP too and bombed it, then claimed the test was stupid. The sad part is, he was a good manager, and moved on to another mega corp as a director, where his certs didn't even matter, he just wanted the bragging rights of high level certs. 
  • NetworkingStudentNetworkingStudent Member Posts: 1,407 ■■■■■■■■□□
    edited September 2019
    I'm not so sure I actually want to go down the Cybersecurity route, but I figured I'd want some familiarity with Linux under my belt.  So I think I'll give the OCSP a shot.  Figure if I can root a few boxes in 3 months, I'll be ready to start the training.
    If you want to learn to learn Linux, then look into Linux+, and the tested listed below:

    https://www.edx.org/course/introduction-to-linux

    This is a free Linux course---->Introduction to Linux

    Never learned Linux? Want a refresh? Develop a good working knowledge of Linux using both the graphical interface and command line across the major Linux distribution families.


    https://certification.comptia.org/certifications/linux


    This a a good website to learn hacking:  You have to hack just to get a login

    https://www.hackthebox.eu/


    N7Valiant said:
    So as I overheard my 2 coworkers exchange tips over which brain dumping resources they used to get their Security+, it makes me realize that maybe the reason why my MCSA/E doesn't seem to mean much is because the exam format does allow for brain dumping despite the comparative difficulty compared to the CompTIA exams.

    So I'm kind of wondering what practical certification is harder if not impossible to brain-dumpd simply because it's more involved than memorizing answers?

    I've had my eye on OSCP for a while now, although I feel that the level is much higher than what I'm capable of based on the material (SQL injection, XSS).  I get the impression that having at least a little experience as a Sysadmin might be a good prereq to it, but I'm open to being corrected on that impression if anyone ever did it.

    RHCSA is another one, but given that I'm in Hawaii, I'd have to fly stateside to sit for the exam.  Not really an unreasonable cost, but it would be a good chunk of time and money depending on whether I want to give myself a window for at least 2 attempts.

    I have the big three Comptia certs A+, Network+ ,and Sec+  I never really impressed a hiring manager with these certs.  Heck, I'm a Microsoft Certified Professional, and no one got excited.  I only had one hiring manager ask for the copies of the certs, I image this was for verification purposes.   

    If you want to impress a hiring manager, then find your passion and build a lab.  One time I was talking about parent and child folder relations in Windows Server, and the hiring manger thought I had a lab at home.  Hi s eyes lite up.  Unfortunately, I do not have a lab at home.

    Beating a dead horse here:

    1) Find ways to help your boss, yourself, and team become better.  If you make your boss's job easier, than he will help you down the road when you need help.

    2) Network with everyone, and build relationships.

    3) Have you looked at a 4 year degree?  I'm not sure were your degree level is at.  Taking a year degree, will  definitely keep you occupied


    When one door closes, another opens; but we often look so long and so regretfully upon the closed door that we do not see the one which has opened."

    --Alexander Graham Bell,
    American inventor
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    In regards to RHCSA and OSCP and a desire to learn some linux, I find that commendable.

    Just to put things into perspective a bit, I don't think many people get as far as RHCSA unless they are looking to actually have "linux" in their job title. In other words Linux Administrator" or something equivalent. The reason is the expense/pain of the practical assessment. I have known some admins who can struggle in that test environment.

    OSCP is the certification for the PWK course. You don't necessarily need to take and pass the exam to gain knowledge from the course materials and experiences in the labs. The exam is useful for those who want to stand out, challenge/test themselves, have proof of the effort, or it applies directly to their job duties (usually pen testing or offense of some sort).

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • yoba222yoba222 Senior Member Member Posts: 1,237 ■■■■■■■■□□
    After getting CCNA R&S, I realized that pursuing CCNP was a bit deeper into the Cisco rabbit hole than was appropriate for me, considering I rarely logged into Cisco devices.

    Similarly, based on my experience obtaining LFCS (similar to RHCSA), this was also a bit deeper down into the Linux rabbit hole than was appropriate for me. This coming from a person that uses Linux daily, but not as a Linux administrator.

    I would not pursue RHCSA for the reason you are considering. Same for OSCP.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • N7ValiantN7Valiant Senior Member Member Posts: 363 ■■■■□□□□□□
    Danielm7 said:
    I think you're overthinking the dumping thing. Sure, you have a few coworkers who do it, but it doesn't mean that no one will respect what you do just because you passed exams that might have some answers somewhere. Know what you do, know your worth, give it some time and move on. The idea of trying to do the PWK/OSCP just because it can't be dumped, if you don't even plan on being a pentester, is silly and a waste of time. 

    I had an old coworker who would insist it wasn't cheating he was just looking for some backup questions to reinforce what he's doing. He did it all the way up to the CCIE written, and of course couldn't pass the lab. He tried for the CISSP too and bombed it, then claimed the test was stupid. The sad part is, he was a good manager, and moved on to another mega corp as a director, where his certs didn't even matter, he just wanted the bragging rights of high level certs. 
    Would it really be a waste?  I can't take the Red Hat exam in Hawaii because there are no testing centers here, so I'd have to fly to the mainland to sit for an exam.  So the cost ends up being roughly the same to take the OSCP.

    What I'm interested in is the Cloud/DevOps path, but my independent research points to Linux & Python being desired skills if one goes down that path.  I'd also think the OSCP by nature teaches you to think outside the box and be adaptable to whatever gets thrown your way.

    I'd say more than bragging rights, my main struggle with finding a job away from tech support is actually getting my resume in front of someone with technical knowledge.  I figure one other aspect of brain dumping even beyond the coworkers (one of whom was having a full volume phone interview while at work, so I don't expect they'll be bugging us for long) is that everyone and their grandmother might have the certifications, and so the hiring manager gets a bit jaded and rolls their eyes upon seeing one, thinking back on the incompetent new hire they had previously who had the certs but couldn't do anything.  Might be worth it in my mind if they recognize a certification and what it entails, and help me stand out among more "experienced" people.
    OSCP
    MCSE: Core Infrastructure
    MCSA: Windows Server 2016
    CompTIA A+ | Network+ | Security+ CE
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    N7Valiant said:
    Would it really be a waste?  I can't take the Red Hat exam in Hawaii because there are no testing centers here, so I'd have to fly to the mainland to sit for an exam.  So the cost ends up being roughly the same to take the OSCP.

    What I'm interested in is the Cloud/DevOps path, but my independent research points to Linux & Python being desired skills if one goes down that path.  I'd also think the OSCP by nature teaches you to think outside the box and be adaptable to whatever gets thrown your way.

    I'd say more than bragging rights, 
    Yes. The OSCP is not a linux cert, and you're not working towards being a pentester, so yes, the plan makes no sense. There are a million ways to learn linux, you said yourself you want to go towards cloud/devops, so the OSCP isn't what you're looking for. Your looking at all this through the lens of insecurity with your coworkers and perception that you're not valued or not experienced enough so what you're looking for a big bragging point that tons of people outside of the pentesting space will have never even heard of. Go read the many threads here on the OSCP, go read the many prep guides out there. Without any experience in that area you could spend the next year of your life just preparing and still fail, just so you can go for a cloud job and try to explain that this thing taught you to think outside the box. 

    People in the thread have already pointed you towards free linux resources, there are probably literally hundreds of good and free linux courses out there. Same thing with Python. If you want to learn cloud and devops, then learn cloud and devops. Get a subscription on acloud.guru or linuxacadamy and learn what you actually want to do. Maybe pick up some AWS certs, go for your actual goal, not some frustrating bragging right that doesn't really help your career. 

    I'm not trying to discourage you from learning, but learn with a goal and a purpose. Sounds like you've already accomplished a lot in sub 1.5 years of working, don't undersell that. But, at the same time you sound like you're falling into the same trap I see a lot at the service desk / desktop support layer which is "everyone else is stupid, I could do the job of all the Sr people and they all suck".
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 518 ■■■■■■■■□□
    N7Valiant said:

    What I'm interested in is the Cloud/DevOps path, but my independent research points to Linux & Python being desired skills if one goes down that path.  I'd also think the OSCP by nature teaches you to think outside the box and be adaptable to whatever gets thrown your way.

    I'd say more than bragging rights, my main struggle with finding a job away from tech support is actually getting my resume in front of someone with technical knowledge.  I figure one other aspect of brain dumping even beyond the coworkers (one of whom was having a full volume phone interview while at work, so I don't expect they'll be bugging us for long) is that everyone and their grandmother might have the certifications, and so the hiring manager gets a bit jaded and rolls their eyes upon seeing one, thinking back on the incompetent new hire they had previously who had the certs but couldn't do anything.  Might be worth it in my mind if they recognize a certification and what it entails, and help me stand out among more "experienced" people.
    You typically take the OSCP for one of two reasons. First, because you want to get into pentesting. Second, you want to expand your offensive security skills as this may help you improve your defensive skills or forensics capabilities or testing or new security tools for the blue team. The latter doesn't even necessarily need to take or pass the exam.

    That would be it. If you want to be more adaptable or learn Linux, the OSCP seems inappropriate for what you want to do. It might get you some interest from other security hiring managers, but only enough to get in the door. Does it teach you to be adaptable? I guess, but only for offensive security skills.

    First of all, I think you need to get over whatever internal problem you have with certifications that are practical vs otherwise. This seems to be holding you back and closing doors that should otherwise be left open. I also see you're using this as a way to read into hiring managers, which is a little insulting as your underlying assumption is they can't think for themselves.

    If you want to go down Cloud/DevOps paths, you need to go down Cloud/DevOps paths. Python will help, if the environment you work in uses it. Linux will almost always help, but you don't need to be a full blown Linux administrator. For something like AWS, Linux familiarity just helps in being able to understand and work with their setup.

    Honestly, you should look into AWS certs? For DevOps, you could look into whatever stacks you'll work in.

    Based on how you describe your coworker behavior, which probably reflects on your work environment as a whole, you're not in a positive environment with quality employees...

    I also think you should work on networking, having a blog or github that you can show off your work and interests, and being pushy when it comes to job applications. If you can, follow up with an email to HR or the hiring manager if you know them. Also, talk to recruiters local to your area who may be able to advise you or even hook you up.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Sign In or Register to comment.