Options
Seeking Certification Advice
ibcritn
Member Posts: 340
I am currently pursuing my CISSP (associate) scheduled in Jan. 2011
After CISSP I was planning on doing E|CSA/LPT based really on interest...really don't see much demand for it in the industry just enjoy learning.
I am seeking advice on what I should tackle next. I currently work as a DoD contractor doing Vulnerability assessments. I really want to move into Penetration testing, or more advanced lead Security assessments. End career goal is more in security management, but that's down the road.
I was wondering what certifications you think are valuable to earn for someone who has my career goals.
I was thinking of the following:
C|HFI - Based really on interest and might want to study to see if I want to move in that direction.
E|CSA/LPT - Based on interest
GIAC - Maybe?
After CISSP I was planning on doing E|CSA/LPT based really on interest...really don't see much demand for it in the industry just enjoy learning.
I am seeking advice on what I should tackle next. I currently work as a DoD contractor doing Vulnerability assessments. I really want to move into Penetration testing, or more advanced lead Security assessments. End career goal is more in security management, but that's down the road.
I was wondering what certifications you think are valuable to earn for someone who has my career goals.
I was thinking of the following:
C|HFI - Based really on interest and might want to study to see if I want to move in that direction.
E|CSA/LPT - Based on interest
GIAC - Maybe?
CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+
Next Up: Linux+/RHCSA, GCIA
Next Up: Linux+/RHCSA, GCIA
Comments
-
Options
wastedtime
Member Posts: 586 ■■■■□□□□□□
In my opinion, I would study what you are interested in (provided that it doesn't break the piggy bank). Also I would say the GIAC are more recognized then the EC-Council ones.
That is just my opinion though. -
Optionsibcritn
Member Posts: 340
Thanks Wastedtime, a simple answer, but makes a lot of sense. I concur I do see more demand for GIAC, but the tests are rather expensive and unless I know there is ROI it might be hard to justify.
I appreciate any feedback.
If GIAC is the way to go any recommendations on path or certs to get within this organization?CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+
Next Up: Linux+/RHCSA, GCIA -
Optionswastedtime
Member Posts: 586 ■■■■□□□□□□
You could go the DoD 8570 route or pick a subject area and go with one of sans recommended paths. You also could just do what interest you the most. I find it hard to study something that is not interesting to me.
DoDD 8570
Certification Roadmap -
Optionsaprillove20
Registered Users Posts: 6 ■□□□□□□□□□
as you want to take the next step of your goals, make sure you really wanted to they it, because if you don't like what your studying you might not gave more attention.
-
Options
earweed
Member Posts: 5,192 ■■■■■■■■■□
How far are you from having the required experience for the full CISSP?
I'd probably say at this point study what interests you and that you enjoy learning. You also need to look at what your current work experience is with and try to document it with certs. Also look into where you want to be 5 years down the road. That's when the expensive certs may have an ROI.No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives. -
Optionsibcritn
Member Posts: 340
How far are you from having the required experience for the full CISSP?
I'd probably say at this point study what interests you and that you enjoy learning. You also need to look at what your current work experience is with and try to document it with certs. Also look into where you want to be 5 years down the road. That's when the expensive certs may have an ROI.
Earweed, I agree your logic is sound. I have 1 year experience as a Systems/Security Engineer (small consulting company and wore many a hat) and now I work more directly in IA doing Security Auditing from a vulnerability stand point, but for 7 years I worked for Best Buy for Business as a Business Consultant (not sure ISC2 will count my experience here....so I am assuming the worst)
My goals in 5 years are to achieve the level of more advanced security assessments/Pen testing.
I think GPEN after CISSP might be a good goal...I should have mentioned I am also going to finish up CCNA after CISSP because I have a voucher to do so (on question 40/50 the test crashed) I didn't complete it right after as my job put the pressure to get CEH.
Thanks for advice!CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+
Next Up: Linux+/RHCSA, GCIA
