Technical Security Certification Roadmap

I put together a list of security areas and their associated certifications to create a form of roadmap for those asking the recurring question(s): "What should I do next?" The page is a work in progress and I will try to keep it up to date.

Technical Security Certification Roadmap 2012

Comments questions, appreciated. I will add DoD 8750 to those certs that meet them and add any interesting books alongside the certs as time allows. I know I am missing a few certs, I started with the ones that either I am aware of, of have come across throughout my years in the industry. Again: WORK IN PROGRESS
"Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius

Comments

  • cknapp78cknapp78 Member Posts: 213 ■■■■□□□□□□
    Very nice work. This will come in very handy for quite a few of my guys.
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    I didn't know you were on here Sil, but thanks again for the roadmap. I would like to see more info for Reverse Engineering.
  • sexion8sexion8 Member Posts: 242
    I didn't know you were on here Sil, but thanks again for the roadmap. I would like to see more info for Reverse Engineering.

    I actually took off reverse engineering just now... There is no cert that I could find associated with it. Certifications along those lines would go more into programming than security per-se. In the security arena, its rare that you would find a "reversing" position as a standalone. Most of the times it will fork into either reversing for virus/malware analysis or exploitation (GXPN/OSCE)

    Just updated it and fixed it so its not fully treed when opened

    EDITED TO ADD: YTF ;) Question is, where AREN'T I ;)
    "Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Sil,

    Will an internship in computer forensic help with getting a malware analysis job?
  • sexion8sexion8 Member Posts: 242
    Sil,

    Will an internship in computer forensic help with getting a malware analysis job?

    So, there is overlap in forensics and malware analysis however, not that much. It won't hurt, but depending on your responsibilities, it won't necessarily help. Analyzing malware can be real tricky depending on who you are performing your analysis for. I will let that comment sink for a while.

    When analyzing malware for the corporation, as an analyst who is getting paid specifically for this, you would likely be working at a HUGE company and they would want a lot of details. This area for analysis is dominant in say the gov sector (Raytheon, SAIC, etc). Fortune 100s etc., are likely going to be using automation (Norman Sandbox, FireEye, etc). When you're tasked to perform say static and dynamic analysis, you will need a wide array of experience in networking, systems, forensics and programming. This is across the board (Windows, Unix, etc). There is no all inclusive class for it. GREM is the standard in this area, but solely possessing the GREM isn't going to automagically throw you into say SAIC.

    Now, when performing these analysis for say an AV/Anti Malware company, you're likely going to be performing baselines to make signatures and so forth. There is a lot of automation (dynamic) involved versus completely reversing something in IDA and so forth. You need to ALWAYS keep in mind, there is a cost associated with your analysis. Static analysis is very time consuming and many samples change frequently, so the time you spend one day can be completely wasted as a new iteration changed the scope of what you saw.

    Long story short... It can't hurt, but don't expect it to necessarily help.
    "Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Thanks for the response icon_thumright.gif.

    I have one more questions. What is your opinion on the career outlook for computer forensic jobs?
  • sexion8sexion8 Member Posts: 242
    Thanks for the response icon_thumright.gif.

    I have one more questions. What is your opinion on the career outlook for computer forensic jobs?

    Forensics is hot topic however, MOBILE forensics would be the way to go if you ask me. Many people are replacing computers with their mobile devices and the demand is growing. That's just me though, hence me getting more into mobile forensics over the last year.
    "Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I know you posted in the other forum, but I'll add my two cents here (mostly nitpicky spelling issues):

    • SANS provides the training, but GIAC is the one who issues the certs (unless you intended to list the training authority in parenthesis)
    • "Red Hat" is two words
    • There's a space between "OS" and "X" for Mac OS X
    • "HP-UX"
    • I'm not sure if I'd put CCNP Security under "Routing / Protocols" as it's more about security appliances; then again, the SECURE exam deals with switch and router configs, so...
    • "Palo Alto Networks"
    • "Check Point"
    • "WatchGuard"
    • You could probably include Sourcefire's various certs (including the one for Snort) under Vendor Specific
    • Don't forget about CWSP, OSWP, eLearnSecurity, Heorot.net, SecurityTube, Mile2, and some other new ones that have recently come out.

    Quite an impressive list otherwise. I wanted to make something like this, but in a flow-chart style (although the overlaps and decision trees for that would prove to be a nightmare). I never realized how many security-focused certs there are out there. We live in good times.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • sexion8sexion8 Member Posts: 242
    Doc, appreciate the feedback. I listed them as SANS versus GIAC simply because SANS is more visible than GIAC. Notice I mention ISS verus IACRB for CPT, CEPT. As for Mile2, I won't get into politics on that. If you're on EH's forums, I explained why I won't add them. I intend on trying to update at least 5-10 items per day though, so still working on it. Nuances like Redhat versus Red Hat are because I wrote a perl script to update a framework I started using Mindmap and I'm too lazy update the spacing ;)

    One thing to bear in mind though with little tidbits like that is that although its meant for peers, someone pointed out the fact that her HR department would love to use that as a gauge for candidates as well. So it can be used by others outside of the technical realm
    "Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    Pretty cool list
  • onesaintonesaint Member Posts: 801
    Great work!
    Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
    Next up: eventually the RHCE and to start blogging again.

    Control Protocol; my blog of exam notes and IT randomness
  • whatthehellwhatthehell Member Posts: 920
    Nice list and good starting point/guideline
    2017 Goals:
    [ ] Security + [ ] 74-409 [ ] CEH
    Future Goals:
    TBD
  • cgrimaldocgrimaldo Member Posts: 439 ■■■■□□□□□□
    Thank you so much!
  • gabyprgabypr Member Posts: 136 ■■■□□□□□□□
    Very nice list to be honest. In the general security section you can add a new EC-Council certification called Secure Computer User Specialist (SCUS) http://www.eccouncil.org/courses/entry_level_certifications/secure_computer_user_specialist.aspx. Its a entry level certification that has more practical content than lets say Security+. Other EC-Council entry certifications are Security5, Network5 and Wireless5 EC-Council | Entry Level Certifications

    Other certifications considered in the "security" field are disaster recovery certifications which also EC-Council has one EC-Council | EC-Council Disaster Recovery Professional. Also EC-Council has another certification towards e-business security risks EC-Council | E-Business Security.

    Hope this helps. Good luck and keep up the good job :D
    EC-Council Master in Security Science M.S.S [Done]

    Reading Project Management Professional (PMP) Certification Exam prep by Sohel Akhter
  • PlantwizPlantwiz Mod Posts: 5,057 Mod
    Merged the two threads.

    PW
    Plantwiz
    _____
    "Grammar and spelling aren't everything, but this is a forum, not a chat room. You have plenty of time to spell out the word "you", and look just a little bit smarter." by Phaideaux

    ***I'll add you can Capitalize the word 'I' to show a little respect for yourself too.

    'i' before 'e' except after 'c'.... weird?
Sign In or Register to comment.