Rapid7 Insight VM certified administrator?

I'm thinking about working towards this cert. I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry. The exam is open book, i believe you can use google and the cost is 200 bucks. Anyone heard about this certification?

*Edit*

I legit have 5 years of Vulnerability Management experience from enterprise to service providers. I worked with Tenable (excluding the Security Center) and Rapid7 (Dashboards, Remediation Projects, Integration CyberArk, Asset Groups, Tags, SQL reports, and preforming administrative task backups, scheduling differentiate scanning, etc...

/Edit

Find more posts tagged with

Comments

JDMurray

Link?

yoba222

I'm assuming you haven't used InsightVM before so this isn't about validating current experience level and more about "legitimately" getting an exclusive product onto your resume.

I wouldn't do it.

Having the keywords "Rapid7" and "InsightVM" might attract the eyes of the security manager looking for a vulnerability management person for their InsightVM environment. It might be the difference that lands you an interview with them. But the problem is when they question you in the interview and it's quickly revealed that you really have zero experience on InsightVM. Because right then and there you've thrown into question the credibility of all your other certs, even if they've been earned from blood sweat and tears, so to speak. That one InsightVM "fluff" cert can ruin it for all the others.

EDIT: Just saw in your other post that you have 5 years of vuln management. Hmmm. If they think your company might switch to them around when Tenable renewal is up, they'll set you up with a test license for free for about a month IIRC. That might be an ideal time to bang this cert out while actually using the product in your environment.

trojin

I have this cert. If you have to pay for exam - it is not worth.
If your company is paying - just go and do this, it's easy enough

UsualSuspect7

yoba222 said:

I'm assuming you haven't used InsightVM before so this isn't about validating current experience level and more about "legitimately" getting an exclusive product onto your resume.

I wouldn't do it.

Having the keywords "Rapid7" and "InsightVM" might attract the eyes of the security manager looking for a vulnerability management person for their InsightVM environment. It might be the difference that lands you an interview with them. But the problem is when they question you in the interview and it's quickly revealed that you really have zero experience on InsightVM. Because right then and there you've thrown into question the credibility of all your other certs, even if they've been earned from blood sweat and tears, so to speak. That one InsightVM "fluff" cert can ruin it for all the others.

EDIT: Just saw in your other post that you have 5 years of vuln management. Hmmm. If they think your company might switch to them around when Tenable renewal is up, they'll set you up with a test license for free for about a month IIRC. That might be an ideal time to bang this cert out while actually using the product in your environment.

Yea, I worked with rapid7 and tenable in the past. Deploying the console and scan engines. Creating dashboard, differentiate discovery scans, custom scan templates, remediation projects, and etc...

I’m far from an expert, but I think this would be a great weekend certifications. I was curious giving the exam is open book can we log into prod if needed? How many questions on the exam?

UsualSuspect7

JDMurray said:

Link?

https://www.rapid7.com/services/training-certification/certification/insightvm-certified-administrator-exam/

SteveLavoie

If you have real experience with the product to back you, then it could be great.. If not.. it is worthless.

JDMurray

I agree that hiring managers would prefer candidates that have actual hands-on experience with InsightVM (or any vendor's product) rather than just the cert. However, the cert material might be an excellent way to start learning InsightVM.

SteveLavoie

of course it is the chicken and the egg problem.. you want to have exp on a product.. but no one give you the chance...

Well.. do that certification if you think you next job will require it, it will give you head up.. otherwise it is time lost.

E Double U

UsualSuspect7 said:

I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry.

The requirement is there, but so are a lot of other topics such IAM, BCM, incident response, and more. I hope this alone is not the reason you pursue this cert. I have actually seen many organizations using Nessus and Qualys so why a Rapid7 cert. I do not mean to suggest there is no value, but I simply do not see it.

Just my $0.02

UsualSuspect7

E Double U said:

UsualSuspect7 said:

I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry.

The requirement is there, but so are a lot of other topics such IAM, BCM, incident response, and more. I hope this alone is not the reason you pursue this cert. I have actually seen my organizations using Nessus and Qualys so why a Rapid7 cert. I do not mean to suggest there is no value, but I simply do not see it.

Just my $0.02

I have 5 years administrative experience in Vulnerability Management from an Enterprise (1000+) to Service Provider (35,000+) assets. I've worked with both Nessus and Rapid7; I have more hands on experience working with Rapid7 in the following areas:

Dashboards
Remediation Projects
Integration CyberArk
Dynamic Asset Groups Queries
Dynamic Tags
SQL reports
Backups
Configuring Differentiate Scanning (Excluding Assets Groups)
Configuring Custom Scanning Templates
Configuring Discovery Scanning (RFC1918 and PNIR)
Deployed Scan Engines
Deployed Agents.

I legit have on hands experience and i can attest to during any interview. I have about 10 years of Cyber Security Experience, however i never knew Rapid7 had a certification program, So i'm thinking for 200 bucks it's not a bad investment.

E Double U

UsualSuspect7 said:

I've been on this board for sometime, it's strange to see people discoursing others in pursing of knowledge based solely on assumption.

If you have been with TE longer you would not find it strange at all lol. People post questions all of the time and provide very little background info. Those of us trying to help only work with what we have been given.

Now that I see you have updated more info showing you have a decade in Info Sec which includes five years of vulnerability management hands-on, you definitely can decide on the investment value without our opinions.

So to answer your original question: No, I have never heard of this certification. And because I have never heard of it, my vote is no on the investment value unless one of the following apply to you:

1) Required for a role
2) Employer is paying
3) Collecting certs is a hobby
4) Just have money to burn

With the other credentials in your signature, I do not see the added value to obtain the cert. Especially since the experience section on your resume will clearly demonstrate you have the skills.

Oh, I forgot to mention a bias I have: I prefer vendor-agnostic certifications.

UsualSuspect7

E Double U said:

UsualSuspect7 said:

I've been on this board for sometime, it's strange to see people discoursing others in pursing of knowledge based solely on assumption.

If you have been with TE longer you would not find it strange at all lol. People post questions all of the time and provide very little background info. Those of us trying to help only work with what we have been given.

Now that I see you have updated more info showing you have a decade in Info Sec which includes five years of vulnerability management hands-on, you definitely can decide on the investment value without our opinions.

So to answer your original question: No, I have never heard of this certification. And because I have never heard of it, my vote is no on the investment value unless one of the following apply to you:

1) Required for a role
2) Employer is paying
3) Collecting certs is a hobby
4) Just have money to burn

With the other credentials in your signature, I do not see the added value to obtain the cert. Especially since the experience section on your resume with clearly demonstrate you have the skills.

Oh, I forgot to mention a bias I have: I prefer vendor-agnostic certifications.

Interesting, I don't think I have to post my resume, but I think it's strange to make an assumption regardless of the lack of a "backstory". I'm asking specifically about the thoughts on a specific certification, but you admit to never heard about this certification, but still felt the need to ramble about your assumption not of the certificate, but of me.

So let's recap:

1) You never heard about this certification.

2) You made an unfounded assumption not of the subject, but of OP.

3) You're making an excuse to support said assumption; that's it's OP fault for not providing the backstory.

I'm gonna make an assumption now:

"You seem like the kinda of person that is extremely arrogant and holds strong opinions on topics before first acquiring any information about said topic"

Perhaps you can learn something from this conversation and reduce making unfounded assumptions of individuals on this board and maybe make an inquiry. LOL

I like to collect certifications, it's my new hobby.

E Double U

I wonder if you are confusing my initial post with the feedback you received from others. Let's take a step back sir/maam. You made the following statement:

"I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry"

And my response:

I hope this alone is not the reason you pursue this cert (emphasis on the word hope because your motivation was not clearly stated thus uncertain).

You definitely do not need to post your resume (though some others do lol), but trying to understand where a question is coming from does help others provide feedback. I do not feel I made an assumption about you personally in either post though I could be mistaken. I scanned the thread again and see it was othes that questioned your experience and I was trying to provide insight on why they may be doing so. I am definitely making an assumption about you now though lol.

As someone with close to 20 years of general IT experience and a focus on Info Sec for the past nine years I like to feel that I know a lot, but definitely not all. With that experience I feel have a decent idea of what is considered "marketable" and have also seen lots of new "hot" credentials pop-up that do not add much additional value depending on what a person's aim is for getting it. Given that these companies want to bring in as much money as possible, the exam/CPE/maintenance fees machine will just keep on rolling. Not all credentials are worth the paper they are printed on, but of course that is subjective and everyone has to decide for themselves on if is worth it. You mentioned $200 is not a bad investment, but even a free exam can be a bad investment depending on what you get in return. Time is also an investment (cert junkie speaking) so combined with time and money given the experience you already have, I do wonder what you hope to get from it. But as a fellow techie that treats collecting certs as a hobby, I can totally relate. I do several certs per year for the first three of the four cert motivators I mentioned in the previous post.

So to wrap this up, I did not learn anything new from your remarks besides just reinforcing things I already have already learned over the years: written word is interpreted differently than spoken word, people are quick to jump to conclusions, and despite good intentions the help one tries to offer is not always helpful.

Just my $0.02. Good luck!

UsualSuspect7

E Double U said:

I wonder if you are confusing my initial post with the feedback you received from others. Let's take a step back sir/maam. You made the following statement:

"I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry"

And my response:

I hope this alone is not the reason you pursue this cert (emphasis on the word hope because your motivation was not clearly stated thus uncertain).

You definitely do not need to post your resume (though some others do lol), but trying to understand where a question is coming from does help others provide feedback. I do not feel I made an assumption about you personally in either post though I could be mistaken. I scanned the thread again and see it was othes that questioned your experience and I was trying to provide insight on why they may be doing so. I am definitely making an assumption about you now though lol.

As someone with close to 20 years of general IT experience and a focus on Info Sec for the past nine years I like to feel that I know a lot, but definitely not all. With that experience I feel have a decent idea of what is considered "marketable" and have also seen lots of new "hot" credentials pop-up that do not add much additional value depending on what a person's aim is for getting it. Given that these companies want to bring in as much money as possible, the exam/CPE/maintenance fees machine will just keep on rolling. Not all credentials are worth the paper they are printed on, but of course that is subjective and everyone has to decide for themselves on if is worth it. You mentioned $200 is not a bad investment, but even a free exam can be a bad investment depending on what you get in return. Time is also an investment (cert junkie speaking) so combined with time and money given the experience you already have, I do wonder what you hope to get from it. But as a fellow techie that treats collecting certs as a hobby, I can totally relate. I do several certs per year for the first three of the four cert motivators I mentioned in the previous post.

So to wrap this up, I did not learn anything new from your remarks besides just reinforcing things I already have already learned over the years: written word is interpreted differently than spoken word, people are quick to jump to conclusions, and despite good intentions the help one tries to offer is not always helpful.

Just my $0.02. Good luck!

"I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry"

Yes, this statement is simply justifying investing the time and money in pursing a certification in Vulnerability Management as I'm highlighting the demand for this skill. I think it's strange how this sentence triggers you to make assumptions of OP rather than the substance of what OP is discussing the certification itself.

I haven't confused you with anyone else lol. Just, because you preface your assumption with "hope" isn't an out nor should it be an excuse, you were wrong. I think when people use the word "feel" they're speaking from a positions that lacks facts/evidence, as they're using an emotion to justify their actions. It's strange that you're unable to take accountability for being wrong in making an incorrect baseless assumption. I'm not concern with others, giving some other TE members actual made edits and corrected their responses.

"As someone with close to 20 years of general IT experience and a focus on Info Sec for the past nine years I like to feel that I know a lot, but definitely not all. With that experience I feel have a decent idea of what is considered "marketable" and have also seen lots of new "hot" credentials pop-up that do not add much additional value depending on what a person's aim is for getting it. Given that these companies want to bring in as much money as possible, the exam/CPE/maintenance fees machine will just keep on rolling. Not all credentials are worth the paper they are printed on, but of course that is subjective and everyone has to decide for themselves on if is worth it. You mentioned $200 is not a bad investment, but even a free exam can be a bad investment depending on what you get in return. Time is also an investment (cert junkie speaking) so combined with time and money given the experience you already have, I do wonder what you hope to get from it. But as a fellow techie that treats collecting certs as a hobby, I can totally relate. I do several certs per year for the first three of the four cert motivators I mentioned in the previous post. "

I think this response ought to have been posted as it's discussing the actual substance of what i was originally inquiring about, however what you've originally wrote about OP based on how you felt interpreting one sentence is surely fascinating, how exactly can a person work in such a fact/evidence driven field for 20+ years and make wild assumptions?

So let's recap:

1) You never heard about this certification.

2) You made an unfounded assumption not of the subject, but of OP.

3) You're making an excuse to support said assumption; that it's OP fault for not providing the backstory.

4) You're attempting to leverage prefacing your assumptions with "hope".

5) You're using your emotion to justify your assumption.

Exactly, you've proven my theory, of course you haven't learned anything, it seems you're incapable to admit you're wrong. Admitting to one's mistake would be the adult thing to do and would be a learning experience, an arrogant person such as yourself, that "feels like they know a lot" would have problems owning their faults. We can continue, i'm just gonna keep expanding the recap, meticulously documenting the mental gymnastics you're jumping through to justify your assumptions. At this point it's just watching someone slowly destroy their credibility, "assuming" they had any from the start lol.

E Double U

You win the internet!