Training requirements

treynolds

Hi

I have been asked to produce a list security related courses for us to have a look at

My manager mentioned CISSP, however I've got my heart set on PWB/OSCP as I've wanted to do that for many years

I don't have any comptia certs, and my only security related cert is OSWP

Obviously cost is a factor to play on this as well, but in terms of CISSP, will my 10ICS2 credits go towards getting it or help me keep it?

Cheers

JDMurray

What kind of "security" is your manager interested in? Protecting the infrastructure, engineering secure software, business and management planning, or offensive stuff?

treynolds

Its more of a personal development for myself OSCP/PWB has been a dream of mine to take since about 08, my manager just wants a few more idea's than just this one course that I want to do

I can't do CISSP as I don't meet the requirements, but someone said about being an ISC Associate, which is a lead up to CISSP (I have 1 year's business IT experience)

So from a career perspective, I eventually want to work as part of a Red team (Penetration Testing), and I would like to specialse in software exploitation, and I don't know which other courseS (PWB) would help me or that I would find interesting (I love the technicality of software exploitation)

JDMurray

treynolds wrote: »

I can't do CISSP as I don't meet the requirements, but someone said about being an ISC Associate, which is a lead up to CISSP (I have 1 year's business IT experience)

Anyone can take the CISSP exam. Once you pass the exam, you are an "Associate of the (ISC)2 for CISSP". You then have six years to fulfill the remaining requirements of acquiring the experience, finding an endorser, etc. You get the keyword "CISSP" on your resume to be recognized by the resume-sifting bots, and you will discover that some employers only care about people passing the CISSP exam and not obtaining the full certification. And it's cheaper too because the Annual Maintenance Fee for an Associate is $35/year, while a full CISSP must pay $85/year.

treynolds wrote: »

So from a career perspective, I eventually want to work as part of a Red team (Penetration Testing), and I would like to specialse in software exploitation, and I don't know which other courseS (PWB) would help me or that I would find interesting (I love the technicality of software exploitation)

Do you live near a university that competes in the National Collegiate Cyber Defense Competition? You can check into enrolling as a student and try out for the Red Team, or volunteer for White or Blue team work. The CCDC is one of the few ways to get legal experience in offensive work that you can put on a resume. The Capture The Flag competitions at Defcon are another.

treynolds

Really, wow thats great

So my lists consists of
OSCP/PWB
CISSP
GPEN
CEH

OSCP first as its a dream of mine, and I like an intellectual challenge much much more than a multiple choice questionaire

Thanks for your help

Bl8ckr0uter

JDMurray wrote: »

Do you live near a university that competes in the National Collegiate Cyber Defense Competition? You can check into enrolling as a student and try out for the Red Team, or volunteer for White or Blue team work. The CCDC is one of the few ways to get legal experience in offensive work that you can put on a resume. The Capture The Flag competitions at Defcon are another.

WOW cool find on the NCCDC. I wish I had known about it before. It looks like it would be a cool thing to do. Do you know of any others JD?

JDMurray

I don't know of any other non-DoD national or regional organizations. I would guess many of the Defcon "dc" groups probably have CTF LAN parties, and the more hackish OWASP groups are a possibility for that sort of thing too.

Bl8ckr0uter

I don't think my local owasp group is like that lol.

I'd like to find a job that allows me to do red team and blue team work.

JDMurray

Bl8ckr0uter wrote: »

I don't think my local owasp group is like that lol.

My local OWASP group is, but the local ISSA and ISACA people are definitely are not.

Bl8ckr0uter wrote: »

I'd like to find a job that allows me to do red team and blue team work.

Well, there are a lots of large corporations that need people to constantly probe their network's innards to detect violations in security policies and harden their infrastructure. It's not sexy work, but it's red/blue teaming of a sort.

Bl8ckr0uter

JDMurray wrote: »

My local OWASP group is, but the local ISSA and ISACA people are definitely are not.

I went to an OWASP meeting today. Very very good information.

JDMurray wrote: »

Well, there are a lots of large corporations that need people to constantly probe their network's innards to detect violations in security policies and harden their infrastructure. It's not sexy work, but it's red/blue teaming of a sort.

Man but I want the sexy lol.

Seriously though, I just don't know what type or infosec rule I'd like to do. Firewalls and IDS stuff seems cool but I am really digging Web AppSec stuff. In larger companies, you usually have different teams for those roles.

SephStorm

Is your manager interested in training just for you?

treynolds

I recently had my manager appraisal, and obviously training was one of the things on the agenda

He was extremely supportive of my career aspirations (as you can probably tell), but I'm the only member of IT with a keen interest in security and even though my manager manages the security he is not too worried anyway