Please rank certs from easiest to most difficult.

Greetings,

Could you please rank the following certs from easiest to most difficult? BLUF: In my current career I DO NOT work in cyber security and do not have an education background of any relation to computer science.

My wife had a stroke and we have two young children. In my current job I will be able to transition in to a position where I can work from home if I get these certifications. My goal is to be more available at home so I can take care of my disabled wife and look after our two boys. Any help is appreciated. I just need a rough road map so I know where to start.

Certified Information Systems Security Professional (CISSP)

Certified Intrusion Analyst (GCIA),

Certified Information Systems Auditor (CISA),

Certified Ethical Hacker (CEH)

Certified Incident Handler (GCIH),

Web Application Penetration Tester (GWAPT),

Certified Penetration Tester (GPEN)

Exploit Researcher and Advanced Penetration Tester (GXPEN)

Offensive Security Certified Professional (OSCP)

Offensive Security Certified Professional (OSCE)

Find more posts tagged with

Comments

JDMurray

All of those are advanced InfoSec certification that are very difficult (and expensive) to achieve. People new to cybersecurity would not typically study for them. Instead, you should start by looking at the CompTIA Security+ certification to determine if cybersecurity work is something that you will find interesting.

NoobInNeedofHelp

Thank you. Can you still rank them?

yoba222

It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill

Security+ is definitely a solid first step.

PCTechLinc

Out of that list I can only speak to CEH and CISSP. In my own opinion I believe without the knowledge I gained from my Master's in IT Security I would not have been able to pass either, and I've been working in IT at some level for 20 years. Depending on where you are in your career, if you want to obtain those certifications, it is going to require many years of studying and experience.

E Double U

Every single one of those certifications could be difficult to anyone without the proper background in those areas.

Without work experience, you cannot even obtain (ISC)2 and ISACA credentials so exam difficulty is not even relevant since passing the test is only a step in the certificate process. I have known people with several years in the field that struggle with Offensive Security so based on your lack of experience this will probably be the hardest for you. GIAC exams are doable, but difficult without experience - not to mention very expensive.

I have six of the credentials you listed and I would say CEH is the easiest, but I took that exam after 13 years of overall IT experience with four of those years focused on Info Sec.

TechGromit

Certified Information Systems Security Professional (CISSP)
Certified Intrusion Analyst (GCIA),
Certified Information Systems Auditor (CISA),
Certified Ethical Hacker (CEH)
Certified Incident Handler (GCIH),
Web Application Penetration Tester (GWAPT),
Certified Penetration Tester (GPEN)
Exploit Researcher and Advanced Penetration Tester (GXPEN)
Offensive Security Certified Professional (OSCP)
Offensive Security Certified Professional (OSCE)

Your going to be hard pressed to find anyone who has first hand experience in all of these certifications. I'd say the GCIH is the easiest on this list from my experience. The CISSP one of the hardest from what I heard, due to the fact the amount of material involved and no reliable practice test for it. I've read about people who spent hundreds of dollars for 3rd party practice exams and it was nothing like the real exam. The SANS 503 is a pretty tough course, but don't know how the GCIA exam is. The OSCP can be challenging as well, it's a 24 hour exam, have lots of coffee and 5 hours available.

NoobInNeedofHelp

You guys rock, thank you so much for this insight

egrizzly

yoba222 said:

It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill

Security+ is definitely a solid first step.

I've never heard of ISC2 accepting a fee in lieu of the required experience for the CISSP. Is this some new policy that they just came out with?

stryder144

egrizzly said:

yoba222 said:

It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill

Security+ is definitely a solid first step.

I've never heard of ISC2 accepting a fee in lieu of the required experience for the CISSP. Is this some new policy that they just came out with?

ISC2 doesn't but I think EC-Council does.

yoba222

stryder144 said:

egrizzly said:

yoba222 said:

It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill

Security+ is definitely a solid first step.

I've never heard of ISC2 accepting a fee in lieu of the required experience for the CISSP. Is this some new policy that they just came out with?

ISC2 doesn't but I think EC-Council does.

Yes. Mandatory 2 years experience to take the CEH--unless you pay them for their course, in which case you're magically qualified enough. EC Council certainly has earned their reputation over the years.

egrizzly

I'll chime in on this discussion. The level of difficulty would depend on what type of learner you are (Analytical, Creative, Practical, etc). I've only taken (and passed) the CISSP so not having taken all the exams I cannot rank them from easiest to hardest but I can categorize them for you though. See below:

Penetration Testing Certs (aka Ethical Hacking)

Certified Ethical Hacker (CEH)

Web Application Penetration Tester (GWAPT),

Certified Penetration Tester (GPEN)

Exploit Researcher and Advanced Penetration Tester (GXPEN)

Offensive Security Certified Professional (OSCP)

Offensive Security Certified Professional (OSCE)

Security Assessment/Compliance
Certified Information Systems Auditor (CISA)

Incident Handling
Certified Incident Handler (GCIH)
Certified Intrusion Analyst (GCIA)

Security Management/High Level Overview
Certified Information Systems Security Professional (CISSP)

The ones under Security Management/High Level Overview and Security Assessment/Compliance are not technical so are relatively easier than the ones under Penetration Testing and Incident Handling. The most valuable is the CISSP since it's very comprehensive and takes longer to study for. Hope that helps.

LonerVamp

Could you please rank the following certs from easiest to most difficult?

Certified Ethical Hacker (CEH)
Certified Intrusion Analyst (GCIA),
Certified Incident Handler (GCIH),
Certified Information Systems Auditor (CISA),
Certified Information Systems Security Professional (CISSP)
Web Application Penetration Tester (GWAPT),
Certified Penetration Tester (GPEN)
Offensive Security Certified Professional (OSCP)
Exploit Researcher and Advanced Penetration Tester (GXPEN)
Offensive Security Certified Professional (OSCE)

I ranked them not for the order I found them to be hard, but the order at which I expect a new person to IT/security would find them.

I'll echo what others have said. With maybe the exception of the CEH, these are all pretty intensive for someone without experience. For a few, particularly anything SANS/GIAC, obtaining materials/training will be pretty expensive.

Also, who in the world would ask you to get all of these and then be allowed to move into a position and WFH? I hate to say it, but someone is flat out lying to you. You could pick up any TWO of these certs and find a WFH infosec job if you interview well and truly know the material. And with some luck.

NoobInNeedofHelp

Thank you so much I greatly appreciate all of your help.