Security Certificatioin Advice

Hello everyone,

I was wondering if the community could provide me with a bit of feedback on my chosen certification and degree path for my current profession.

Currently, I have seven (7) years of experience in the IT industry. For five of those years I worked as a Desktop Technician, Network/Server/Security Administrator, and IT Manager. Two of them were spent as a Database Administrator using MS SQL.

I have noticed a number of threads comparing the different security certifications and their value within the community and organization. I hope to continue my role within IT focusing primarily on Microsoft technologies and Security. Networking will rely mainly on HP ProCurve network rather than Cisco. After speaking to numerous IT professionals, my organization, the TE community, and an (ISC)2 representative it was concluded that I possessed the requirements for experience to complete the CISSP. I am currently pursuing this certification as it has a much higher impact and need for my current role and I am actively involved in projects that relate directly to a number of the domains covered in this exam.

Past that however, there is a question regarding the next step in security. CISM, C|EH, and a few of the certification I saw regarding security. For my long term goals and those that my organization would like me to be able to accomplish include the following: Vulnerability Assessment, Penetration Testing, Risk Analysis and Mangemant, Disaster Recovery Planning, and Business Continuity Planning. I did a number of these previously at another company.

I assume that Project+ would be a good supplement in getting these items done on time and efficiently. The CISSP would help to validate my knowledge in most of these areas.

Sorry for being wordy... So what do you think? CISSP enough? Go for C|EH and/or CISM? Find another security certification?

Completed: Network+, Security+
Current: CISSP
Future: MCITP:EDST7, MCITP:EDA7, Project+, HP:AIS, MCITP:SA, HP:ASE, MCITP:EA, HP:MASE

Find more posts tagged with

Comments

chrisone

CISSP has the best value/recognition of all those certs you listed. The CISSP will cover all the topics your company is interested in, except the penetration testing topic.

Vulnerability Assessment, Penetration Testing, Risk Analysis and Mangemant, Disaster Recovery Planning, and Business Continuity Planning are covered in CISSP.

Penetration testing is covered in other exams such as CEH, OSCP, GPEN. The latter two being more advanced, the first one "CEH" being introductory.

Certified Ethical Hacker, EC Council, CEH, Information Security, Computer Security, Network Security, Internet Security, Security Courses, Hacking
Information Security Certifications by Offensive Security
Information Security Certification - GIAC

Jinuyr

Excellent! Thank you for the information.

I haven't really done much research on the C|EH, do you happen to know what it would require? Penetration Testing is definitely something I need to expose myself to more in order to have the appropriate level of experience for such an exam.

j_griffith

Does your firm support U.S. Federal agencies? DoD? CISM and CISSP are both considered Security Management Certifications. CISM - comes from a business view, CISSP - from a DoD/IC/Gov't view perspective. They have overlapping knowledge, easy to pick up CISM after testing for CISSP. ISACA only offers CISM in June & December. CEH would be a good "penetration" beginner certification. CAP is a good cert if you are supporting Government agencies, overlaps some of the CISSP domains. Then you could follow up with OSCP or GPEN if you wish to deeper into the Pen testing domain.

R,

J.

Jinuyr

j_griffith wrote: »

Does your firm support U.S. Federal agencies? DoD? CISM and CISSP are both considered Security Management Certifications. CISM - comes from a business view, CISSP - from a DoD/IC/Gov't view perspective. They have overlapping knowledge, easy to pick up CISM after testing for CISSP. ISACA only offers CISM in June & December. CEH would be a good "penetration" beginner certification. CAP is a good cert if you are supporting Government agencies, overlaps some of the CISSP domains. Then you could follow up with OSCP or GPEN if you wish to deeper into the Pen testing domain.

R,

J.

We don't support Government agencies, most we do here is SOX and PCI compliance. PCI is a really big thing right now for our organization so they wanted somebody willing to take on a larger responsibility in the project as well as having a more well rounded understanding of information systems security.

darkladdie

Since you are doing SOX and PCI compliance jobs, I would recommend you go for the CISA from ISACA. But since this test is only given twice a year, I would say take the CISSP and then take the CISA if possible in December. If you cannot take the CISA in December, then I would recommend you consider obtaining a cert in IT controls like the ITIL v3 Foundation or Cobit (also from ISACA) as any of these will only help in you improving your jobs skills and talking shop with IT Managers in these engagements.

Hope this helps.