Vendor Neutral or Specific

Bl8ckr0uter · December 2010

Note: I am not actively looking for a job now. Also sorry in advance for this long cuss post.

Ok folks, I have a question for you all. I am trying to decided between a few things specifically things that I want to do to boast my resume and help round me out as an infosec guy. I am trying to decided between MCTS/MCITP:EA, GWAPT/GPEN/GCIA/GSEC and C|EH and WCNA. Here is my logic:

MCTS/MCITP:EA:

Why?:
Most people have some MS in their shop. My current place has some 2k, 2k3 and 2k8 servers and I am going to try to get us all to 2k3 and 2k8 boxes soon. I am not a big MS fan but I have been tasked with rolling out a secure image of 2k8 for our web servers, redoing gpos and upgrading us to windows 7 so I would get to use much of the material covered under the MCITP:EA. I could also pick an individual MCTS to sort of fill the gap in my MS knowledge. I have seen several interesting security jobs that want folks with PKI, GPO, AD and DNS knowledge for them.

Why not?:

I don't want to be an MS admin. I feel like the time I spend learning what it takes to be a great MS admin could be better spent learning linux and web security. Also if I choose to do the MCITP:EA path, that would knock out all of the other things I would want to do for 2011 since I would have to balance school (16 credits plus) and a full time job. I also feel like I could study the material and learn most of what I feel l need to know while doing the GSEC.

GWAPT/GPEN/GCIA/GSEC

Why?:
Sans certs are very respected by the infosec community and the government (which is where I want to go, either as a contractor or an employee). While GPEN and GWAPT are sort of specialist certs both of them match up with my job is starting to turn into (especially GWAPT). They are very expensive, and most likely I would only get to do two of them between now and the end of year 2011. GSEC to me represents a baseline of security knowledge every infosec person should have and as I have looked at the objectives, there are some things I do not know. As I stated before I feel like I could learn the parts of windows that interest me by doing GSEC. I am just not sure if GSEC has as much weight in general as the MCITP.

C|EH:

Why?
Purely because it matches up with a few DOD 8570 CND jobs and such. The why not is because I don't think it is as popular in general as some of the other certs.

WCNA

This one would be purely for the knowledge and because it is more oriented with the types of jobs I want to do. It isn't very popular but it could take off. $300 is a bit steep for a cert that no one knows about yet

So many people go from Entry level (vendor neutral) like comptia to vendor like cisco and ms then finally back to vendor neutral for "specialty exams" like SANS and ISC2. I am just wondering at what point do you decided that you want to go from vendor to vendor neutral. Basically I am looking for the most bang for my buck. I will have a limited amount of time in 2011 to do certs and I want to get the ones with the most career impact as I will probably start looking again sometime in 2010 (which is why I moved SSCP up instead of LPIC-1). What do you guys think?

I've been thinking of a path like (after SSCP) LPIC-1 (required for school) WCNA, C|EH, GSEC Another SANS cert.

apena7 · December 2010

If you don't want to be a system admin, I don't see much ROI if you pursue the MCITP:EA. That path requires several bookshelves, practice exams, lab environments, and vouchers. I think you would be better served studying the material necessary to complete your job assignments and then certify in technologies you enjoy working with.

Bl8ckr0uter · December 2010

apena7 wrote: »

If you don't want to be a system admin, I don't see much ROI if you pursue the MCITP:EA. That path requires several bookshelves, practice exams, lab environments, and vouchers. I think you would be better served studying the material necessary to complete your job assignments and then certify in technologies you enjoy working with.

You are probably right. I just have basically no sysadmin experience and I don't know if that is going to hold me back when I try to go for higher level network security jobs.

demonfurbie · December 2010

then get the mcitp:sa

Bl8ckr0uter · December 2010

demonfurbie wrote: »

then get the mcitp:sa

:

What do you mean?

veritas_libertas · December 2010

I would do the MCITP:EA as well. In security (from what I'm told

) it's best to know both the Network and System side. I'm eventually going to do both the CCNA and the MCITP:EA.

You can't secure what you don't know, right?

From there I'm going to move into the SSCP and then C|EH, etc.

rogue2shadow · December 2010

I agree with apena7. I think as the duties unfold certify in the ones you actually work with. Naturally you and I have had our talks but I still feel like neither of us know "exactly" what we want to do job wise. Wanting to do X and "having done X" are two different things. I would go vendor neutral when you have determined how far you are actually going to go in your vendor path. For example, I remember our talk about associate vs pro level Cisco certs. The consensus was to stop at associate because I wasn't working with PIX or ASA and the like.

Just because you don't have a cert in the subject area does not mean you aren't reputable or "unable" to perform duties asked of a job posting; experience always comes first. I think worst case scenario I would study for the DoD certs (if you have the material available to you) and have the DoD job pay to certify you. Essentially you have to be 8570 compliant so if the next company truly wants you, they'll do everything they can to keep you.

demonfurbie · December 2010

Well an mcitp:ea is a lot more entailed on the total microsoft world (more tests)

A mcitp:sa (server administratoin) is mostly ms server work (less tests)

Bl8ckr0uter · December 2010

demonfurbie wrote: »

Well an mcitp:ea is a lot more entailed on the total microsoft world (more tests)

A mcitp:sa (server administratoin) is mostly ms server work (less tests)

The MCITP:EA covers more security topics and is the better cert

eansdad · December 2010

If your going to look for a security related job why not take the CISSP instead of the SSCP? Also with a CCNA and CCNA:Security why not go for the CCSP or CCIE:Security? If DoD is your goal then I would go SANS certs. Most of the security people had them (8 years ago) when I was working desktop support for the Navy. Whichever you get (CCSP/CCIE, SANS, SSCP/CISSP) is a major step and will not let you down in your future job hunt.

RobertKaucher · December 2010

Bl8ckr0uter wrote: »

You are probably right. I just have basically no sysadmin experience and I don't know if that is going to hold me back when I try to go for higher level network security jobs.

Déjà vu...

Any way, I'm going to weigh in on this again.

1. Focus on certifiacations within your chosen career path.
2. Do not focus on certifications not within your chosen career path.

I know you may not be currently working *exactly* in the area you want to be, but one sure way to continue to be pushed in a direction you do not wish to go is to actually take steps down the path yourself.

Over the last two years I was working as an IT generalist. I had some experience in the area I wanted to work in, but I did not have very much at all. I wanted SQL Server+SharePoint. While I worked with these things at the job I was in then I also worked with Exchange, Citrix, SonicWall, and was responsible for server hardware maintenance.

What I did not do was dedicate more time than was required by my job to be a good, responsible admin on those topics not related to my career path. You did not see me studying for Exchange exams. You did not see me studying for Citrix exams. You did not see me studying for the Server+ exam (except for objectives that related to disk IO and other performance issues related to SQL Server). By staying focused on my objectives I kept a certain amount of control over my destiny.

While it might be possible that the MCITP: EA would help you to become a better InfoSec pro, what is more likely is that you will dedicate much time and effort into something that will help you very little.

If you do not keep focus you will reduce the chances of opportunities arrising from that focus. If you take the time to study for MS exams, you do not have time to participate in local groups like Hive13 (hackers in the pure sense and hosts of the Cinci 2600 group - I can get you contact info of some of the guys who run it) or Linux users groups. BTW - you would have met one of the Hive13 guys who's involved in the 2600 group at D&B HAD YOU COME THAT NIGHT!!!! So

Take the time to do things related to your career path so that you increase the chances of someone giving you a chance. Basically, I am saying you can waste time on MS exams or you can do things to build contacts and gain knowledge in your career path and increase the chances of something unexpected happening that will help you.

EDIT: Meeting a few weeks ago was about using BackTrack to reverse engineer software... Does not sound like anything you have been posting about, though....

Bl8ckr0uter · December 2010

I see your point Rob and I sent you something on facebook. It is just hard to focus when you look at positions and for their security techs and they want everything.

RobertKaucher · December 2010

Bl8ckr0uter wrote: »

I see your point Rob and I sent you something on facebook. It is just hard to focus when you look at positions and for their security techs and they want everything.

Practical, not perfect. Once you start getting into the field more substantially you can afford to branch out. But until then keep your focus on the core of what you want to do.

rwmidl · December 2010

apena7 wrote: »

If you don't want to be a system admin, I don't see much ROI if you pursue the MCITP:EA. That path requires several bookshelves, practice exams, lab environments, and vouchers. I think you would be better served studying the material necessary to complete your job assignments and then certify in technologies you enjoy working with.

+1 on this. However there is a chance once you get started learning the Microsoft material you might find yourself really enjoying it. When I got started, I wanted to be a Network admin. I got my CCNA and tried landing a gig where I could use it, but to no avail. However, the job I had at that time paid for me to go and get my MCSA, so I did that. Once I started the classes, I decided to finish it and get my MCSE. I let my CCNA expire (wasn't using it) and now I'm pretty much in the Microsoft world.

Bl8ckr0uter · December 2010

eansdad wrote: »

If your going to look for a security related job why not take the CISSP instead of the SSCP? Also with a CCNA and CCNA:Security why not go for the CCSP or CCIE:Security? If DoD is your goal then I would go SANS certs. Most of the security people had them (8 years ago) when I was working desktop support for the Navy. Whichever you get (CCSP/CCIE, SANS, SSCP/CISSP) is a major step and will not let you down in your future job hunt.

To answer your question, I don't have enough experience to get the "full" CISSP yet so I figured I'd use this as a stepping stone.

powerfool · December 2010

As far as DOD requirements, you don't need to worry about having the "full" CISSP, just the Associate of ISC2. CISSP essentially covers just about everything you could be required to have, and if you have it and the CEH, you do have everything covered.

As far as MCITP goes, it shouldn't be too tough for you... you work with the products some and you have a good foundation in networking. I would imagine that if you take some Ritalin before you hit the exam, you would be able to pass.

RobertKaucher · December 2010

powerfool wrote: »

As far as DOD requirements, you don't need to worry about having the "full" CISSP, just the Associate of ISC2. CISSP essentially covers just about everything you could be required to have, and if you have it and the CEH, you do have everything covered.

As far as MCITP goes, it shouldn't be too tough for you... you work with the products some and you have a good foundation in networking. I would imagine that if you take some Ritalin before you hit the exam, you would be able to pass.

If KNWM took ritalin, he'd take over the world with that much unleashed potential. Do NOT give him any ideas!

veritas_libertas · December 2010

RobertKaucher wrote: »

If KNWM took ritalin, he'd take over the world with that much unleashed potential. Do NOT give him any ideas!

LOL!

rogue2shadow · December 2010

RobertKaucher wrote: »

If KNWM took ritalin, he'd take over the world with that much unleashed potential. Do NOT give him any ideas!

True story hahaha.

Bl8ckr0uter · December 2010

Thanks for the support guys

Bl8ckr0uter wrote: »

. (after SSCP) LPIC-1 (required for school) WCNA, C|EH, GSEC Another SANS cert.

I modified my path a bit (after spitballing with rogue). I think that because I am going to carry an 18+ credit load (possibly ballooning up to 20

) I need to dial back and be a bit more realistic with my goals while I am finishing up school.

So now I am at this SSCP, LPIC-1, C|EH.

My logic:

I don't want to do any MS ( takes out MCTS/ITP) but I will be open if my current or a future employer wants some

WCNA looks awesome but 300 bucks is a bit much for a "no name" cert

SANS cost too much.

That's pretty much it. I'd like to take the CASP beta whenever it comes out and if I get the full SSCP squared away I'd like to take the elearnsecurity course but other than that, nothing else until I have both my degrees done.

demonfurbie · December 2010

Bl8ckr0uter wrote: »

Thanks for the support guys

I modified my path a bit (after spitballing with rogue). I think that because I am going to carry an 18+ credit load (possibly ballooning up to 20 ) I need to dial back and be a bit more realistic with my goals while I am finishing up school.

So now I am at this SSCP, LPIC-1, C|EH.

My logic:

I don't want to do any MS ( takes out MCTS/ITP) but I will be open if my current or a future employer wants some

WCNA looks awesome but 300 bucks is a bit much for a "no name" cert

SANS cost too much.

That's pretty much it. I'd like to take the CASP beta whenever it comes out and if I get the full SSCP squared away I'd like to take the elearnsecurity course but other than that, nothing else until I have both my degrees done.

imo i would at least get a mcp in windows 7, i agree not the entire mcitp but some thing showing that you can use windows if not just for workstation.

edit: microsoft changed the name around but basically its a windows 7 test nothing more than a workstation type test

N2IT · December 2010

rogue2shadow wrote: »

I agree with apena7. I think as the duties unfold certify in the ones you actually work with. Naturally you and I have had our talks but I still feel like neither of us know "exactly" what we want to do job wise. Wanting to do X and "having done X" are two different things. I would go vendor neutral when you have determined how far you are actually going to go in your vendor path. For example, I remember our talk about associate vs pro level Cisco certs. The consensus was to stop at associate because I wasn't working with PIX or ASA and the like.

Just because you don't have a cert in the subject area does not mean you aren't reputable or "unable" to perform duties asked of a job posting; experience always comes first. I think worst case scenario I would study for the DoD certs (if you have the material available to you) and have the DoD job pay to certify you. Essentially you have to be 8570 compliant so if the next company truly wants you, they'll do everything they can to keep you.

Personally I don't see the point in certing in something you don't touch. I know some people disagree, but that's just my opinion.

I think if I had to make a move I would stick to something vendor neutral.

N2IT · December 2010

Bl8ckr0uter wrote: »

Thanks for the support guys

I modified my path a bit (after spitballing with rogue). I think that because I am going to carry an 18+ credit load (possibly ballooning up to 20 ) I need to dial back and be a bit more realistic with my goals while I am finishing up school.

So now I am at this SSCP, LPIC-1, C|EH.

My logic:

I don't want to do any MS ( takes out MCTS/ITP) but I will be open if my current or a future employer wants some

WCNA looks awesome but 300 bucks is a bit much for a "no name" cert

SANS cost too much.

That's pretty much it. I'd like to take the CASP beta whenever it comes out and if I get the full SSCP squared away I'd like to take the elearnsecurity course but other than that, nothing else until I have both my degrees done.

I like your decision. It looks very solid to me!

RobertKaucher · December 2010

Bl8ckr0uter wrote: »

Thanks for the support guys

I modified my path a bit (after spitballing with rogue). I think that because I am going to carry an 18+ credit load (possibly ballooning up to 20 ) I need to dial back and be a bit more realistic with my goals while I am finishing up school.

So now I am at this SSCP, LPIC-1, C|EH.

My logic:

I don't want to do any MS ( takes out MCTS/ITP) but I will be open if my current or a future employer wants some

WCNA looks awesome but 300 bucks is a bit much for a "no name" cert

SANS cost too much.

That's pretty much it. I'd like to take the CASP beta whenever it comes out and if I get the full SSCP squared away I'd like to take the elearnsecurity course but other than that, nothing else until I have both my degrees done.

Balanced AND realistic. I think this is a good plan.

Bl8ckr0uter · December 2010

demonfurbie wrote: »

imo i would at least get a mcp in windows 7, i agree not the entire mcitp but some thing showing that you can use windows if not just for workstation.

edit: microsoft changed the name around but basically its a windows 7 test nothing more than a workstation type test

It is somewhat likely that I might pick up an MCTS (specifically 642 or 640 or Win 7) since 642/640 matches exactly what I am doing with 2k8 and I will be upgrading a few folks (probably about 20-25 people) to Win 7. BUT I don't want to write it down just yet since I don't know which one I will pick up. You know what, I just looked at 640 and I would be foolish not to pick it up (considering what I am doing) so consider it a part of the path now.

I do also want to say that this is only for between now and July/August or so. I will still have plenty of year left so I could still pick up another cert or two. I just don't want to screw myself by making this huge cert goal and try to maintain a 3.5 GPA and go to a few of these meetings* and try to lose 60 lbs and try to be the best at work (not in that order).

I am not that good at load balancing multiple task. It isn't a time management thing, it is a focus thing. When I am doing one thing, my mind gets so crazy about the other thing that I have to go do it. I can focus but it is hard because I want everything done, yesterday. I get discouraged when I make a task and then it is delayed or failed. I was honestly depressed for about a week about taking so long with security plus. When I write my goals, I want them done, yesterday. In fact most of my goals are qualities I wish I had 2 years ago. I wish 2 years ago I did MCSE Security, Linux+ and a few others. Who knows the level of "security" I could be working on now. But that is in the past. At any rate I just have to balance my desires with reality and come with a happy medium and cost wise and time wise my path from my first post was not it.

* Robert:

I didn't know the 2600 meetings were at hive13. So far, I'm probably going to go to the OWASP meetings, an ISSA meeting or two, 2600 meetings and hive13 meetings. CLUG is on there as well lol. There is a lot of great things out there for getting this type of information. I wonder if it is basically the same people at all of these things. Have you heard of the Black Hat Clubs or meetings?

veritas_libertas · December 2010

RobertKaucher wrote: »

Balanced AND realistic. I think this is a good plan.

Agreed.

If your employer decides to lead you down the MS path than you can always change with them. I'm having the same problem with getting anxious about what certifications to invest in.

rogue2shadow · December 2010

N2IT wrote: »

Personally I don't see the point in certing in something you don't touch. I know some people disagree, but that's just my opinion.

I think if I had to make a move I would stick to something vendor neutral.

I agree and that's what my post essentially was about :P. What I should have written was go as far as your duties go in respect to a specific cert path.

Cliché but knowledge is power! I know some may say its a waste of time to look at x and y (assuming they are unrelated to your current career) but every word read, every new subject learned is something you didn't know yesterday

(but in reference to what Robert said just don't spend too much time on it).

RobertKaucher · December 2010

rogue2shadow wrote: »

I agree and that's what my post essentially was about :P. What I should have written was go as far as your duties go in respect to a specific cert path.

Cliché but knowledge is power! I know some may say its a waste of time to look at x and y (assuming they are unrelated to your current career) but every word read, every new subject learned is something you didn't know yesterday (but in reference to what Robert said just don't spend too much time on it).

And I only say this because the man is in school, working full time, and trying not to be divorced by his wife. If you have the time, go get all the certs you want. Everyone needs a hobby. But when you have very limited time and budget - FOCUS is required.

N2IT · December 2010

rogue2shadow wrote: »

I agree and that's what my post essentially was about :P. What I should have written was go as far as your duties go in respect to a specific cert path.

Cliché but knowledge is power! I know some may say its a waste of time to look at x and y (assuming they are unrelated to your current career) but every word read, every new subject learned is something you didn't know yesterday (but in reference to what Robert said just don't spend too much time on it).

LOL

We've had this agreement before in other post. Glad to see that I've joined good company.

Vendor Neutral or Specific

Comments