Training requirements
treynolds
Member Posts: 21 ■■■□□□□□□□
Hi
I have been asked to produce a list security related courses for us to have a look at
My manager mentioned CISSP, however I've got my heart set on PWB/OSCP as I've wanted to do that for many years
I don't have any comptia certs, and my only security related cert is OSWP
Obviously cost is a factor to play on this as well, but in terms of CISSP, will my 10ICS2 credits go towards getting it or help me keep it?
Cheers
I have been asked to produce a list security related courses for us to have a look at
My manager mentioned CISSP, however I've got my heart set on PWB/OSCP as I've wanted to do that for many years
I don't have any comptia certs, and my only security related cert is OSWP
Obviously cost is a factor to play on this as well, but in terms of CISSP, will my 10ICS2 credits go towards getting it or help me keep it?
Cheers
Comments
-
JDMurray Admin Posts: 13,101 AdminWhat kind of "security" is your manager interested in? Protecting the infrastructure, engineering secure software, business and management planning, or offensive stuff?
-
treynolds Member Posts: 21 ■■■□□□□□□□Its more of a personal development for myself OSCP/PWB has been a dream of mine to take since about 08, my manager just wants a few more idea's than just this one course that I want to do
I can't do CISSP as I don't meet the requirements, but someone said about being an ISC Associate, which is a lead up to CISSP (I have 1 year's business IT experience)
So from a career perspective, I eventually want to work as part of a Red team (Penetration Testing), and I would like to specialse in software exploitation, and I don't know which other courseS (PWB) would help me or that I would find interesting (I love the technicality of software exploitation) -
JDMurray Admin Posts: 13,101 AdminI can't do CISSP as I don't meet the requirements, but someone said about being an ISC Associate, which is a lead up to CISSP (I have 1 year's business IT experience)So from a career perspective, I eventually want to work as part of a Red team (Penetration Testing), and I would like to specialse in software exploitation, and I don't know which other courseS (PWB) would help me or that I would find interesting (I love the technicality of software exploitation)
-
treynolds Member Posts: 21 ■■■□□□□□□□Really, wow thats great
So my lists consists of
OSCP/PWB
CISSP
GPEN
CEH
OSCP first as its a dream of mine, and I like an intellectual challenge much much more than a multiple choice questionaire
Thanks for your help -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□Do you live near a university that competes in the National Collegiate Cyber Defense Competition? You can check into enrolling as a student and try out for the Red Team, or volunteer for White or Blue team work. The CCDC is one of the few ways to get legal experience in offensive work that you can put on a resume. The Capture The Flag competitions at Defcon are another.
WOW cool find on the NCCDC. I wish I had known about it before. It looks like it would be a cool thing to do. Do you know of any others JD? -
JDMurray Admin Posts: 13,101 AdminI don't know of any other non-DoD national or regional organizations. I would guess many of the Defcon "dc" groups probably have CTF LAN parties, and the more hackish OWASP groups are a possibility for that sort of thing too.
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□I don't think my local owasp group is like that lol.
I'd like to find a job that allows me to do red team and blue team work. -
JDMurray Admin Posts: 13,101 AdminBl8ckr0uter wrote: »I don't think my local owasp group is like that lol.Bl8ckr0uter wrote: »I'd like to find a job that allows me to do red team and blue team work.
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□My local OWASP group is, but the local ISSA and ISACA people are definitely are not.
I went to an OWASP meeting today. Very very good information.Well, there are a lots of large corporations that need people to constantly probe their network's innards to detect violations in security policies and harden their infrastructure. It's not sexy work, but it's red/blue teaming of a sort.
Man but I want the sexy lol.
Seriously though, I just don't know what type or infosec rule I'd like to do. Firewalls and IDS stuff seems cool but I am really digging Web AppSec stuff. In larger companies, you usually have different teams for those roles. -
treynolds Member Posts: 21 ■■■□□□□□□□I recently had my manager appraisal, and obviously training was one of the things on the agenda
He was extremely supportive of my career aspirations (as you can probably tell), but I'm the only member of IT with a keen interest in security and even though my manager manages the security he is not too worried anyway