Training requirements

treynoldstreynolds Member Posts: 21 ■■■□□□□□□□
Hi

I have been asked to produce a list security related courses for us to have a look at

My manager mentioned CISSP, however I've got my heart set on PWB/OSCP as I've wanted to do that for many years

I don't have any comptia certs, and my only security related cert is OSWP

Obviously cost is a factor to play on this as well, but in terms of CISSP, will my 10ICS2 credits go towards getting it or help me keep it?

Cheers

Comments

  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    What kind of "security" is your manager interested in? Protecting the infrastructure, engineering secure software, business and management planning, or offensive stuff?
  • treynoldstreynolds Member Posts: 21 ■■■□□□□□□□
    Its more of a personal development for myself OSCP/PWB has been a dream of mine to take since about 08, my manager just wants a few more idea's than just this one course that I want to do

    I can't do CISSP as I don't meet the requirements, but someone said about being an ISC Associate, which is a lead up to CISSP (I have 1 year's business IT experience)

    So from a career perspective, I eventually want to work as part of a Red team (Penetration Testing), and I would like to specialse in software exploitation, and I don't know which other courseS (PWB) would help me or that I would find interesting (I love the technicality of software exploitation)
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    treynolds wrote: »
    I can't do CISSP as I don't meet the requirements, but someone said about being an ISC Associate, which is a lead up to CISSP (I have 1 year's business IT experience)
    Anyone can take the CISSP exam. Once you pass the exam, you are an "Associate of the (ISC)2 for CISSP". You then have six years to fulfill the remaining requirements of acquiring the experience, finding an endorser, etc. You get the keyword "CISSP" on your resume to be recognized by the resume-sifting bots, and you will discover that some employers only care about people passing the CISSP exam and not obtaining the full certification. And it's cheaper too because the Annual Maintenance Fee for an Associate is $35/year, while a full CISSP must pay $85/year.
    treynolds wrote: »
    So from a career perspective, I eventually want to work as part of a Red team (Penetration Testing), and I would like to specialse in software exploitation, and I don't know which other courseS (PWB) would help me or that I would find interesting (I love the technicality of software exploitation)
    Do you live near a university that competes in the National Collegiate Cyber Defense Competition? You can check into enrolling as a student and try out for the Red Team, or volunteer for White or Blue team work. The CCDC is one of the few ways to get legal experience in offensive work that you can put on a resume. The Capture The Flag competitions at Defcon are another.
  • treynoldstreynolds Member Posts: 21 ■■■□□□□□□□
    Really, wow thats great :)

    So my lists consists of
    OSCP/PWB
    CISSP
    GPEN
    CEH

    OSCP first as its a dream of mine, and I like an intellectual challenge much much more than a multiple choice questionaire

    Thanks for your help
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    JDMurray wrote: »
    Do you live near a university that competes in the National Collegiate Cyber Defense Competition? You can check into enrolling as a student and try out for the Red Team, or volunteer for White or Blue team work. The CCDC is one of the few ways to get legal experience in offensive work that you can put on a resume. The Capture The Flag competitions at Defcon are another.


    WOW cool find on the NCCDC. I wish I had known about it before. It looks like it would be a cool thing to do. Do you know of any others JD?
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    I don't know of any other non-DoD national or regional organizations. I would guess many of the Defcon "dc" groups probably have CTF LAN parties, and the more hackish OWASP groups are a possibility for that sort of thing too.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    I don't think my local owasp group is like that lol.

    I'd like to find a job that allows me to do red team and blue team work.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    I don't think my local owasp group is like that lol.
    My local OWASP group is, but the local ISSA and ISACA people are definitely are not. icon_lol.gif
    I'd like to find a job that allows me to do red team and blue team work.
    Well, there are a lots of large corporations that need people to constantly probe their network's innards to detect violations in security policies and harden their infrastructure. It's not sexy work, but it's red/blue teaming of a sort.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    JDMurray wrote: »
    My local OWASP group is, but the local ISSA and ISACA people are definitely are not. icon_lol.gif

    I went to an OWASP meeting today. Very very good information.


    JDMurray wrote: »
    Well, there are a lots of large corporations that need people to constantly probe their network's innards to detect violations in security policies and harden their infrastructure. It's not sexy work, but it's red/blue teaming of a sort.


    Man but I want the sexy lol.

    Seriously though, I just don't know what type or infosec rule I'd like to do. Firewalls and IDS stuff seems cool but I am really digging Web AppSec stuff. In larger companies, you usually have different teams for those roles.
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
  • treynoldstreynolds Member Posts: 21 ■■■□□□□□□□
    I recently had my manager appraisal, and obviously training was one of the things on the agenda

    He was extremely supportive of my career aspirations (as you can probably tell), but I'm the only member of IT with a keen interest in security and even though my manager manages the security he is not too worried anyway
Sign In or Register to comment.