Next security certification advice...
jmu200
Member Posts: 11 ■□□□□□□□□□
Hi!
Big fan of the TE forums... I've read pretty much every post here regarding GPEN and OSCP. I'm trying to decide what certification to take next. I currently have CISSP, GCIA, CCNP and a bunch of other random certs. I know that career-wise I want to be in the security side of IT. Ideally, I'd like to have experience in the security field (intrusion detection). At my current IT position I have the ability to "create" experience relating to security, but for the most part, security is not very present in my day to day tasks.
I'd like to be in a position where I analyze networks for intrusions, I find that to be the most interesting. Since I'm hunting for security related jobs and don't have the experience, I figure why not keep getting security related certs in the meantime, that certainly can't hurt! Plus, the amount that I learned particularly from the GCIA course material was huge. I was very impressed with that course.
I don't necessarily want to be a full time pen tester, but was thinking that the GPEN would be the best fit (for me at this stage) from a learning prospective in the security field. From what I've read, the OSCP and GPEN complement each other, but the general consensus seems to be taking the GPEN first.
Even though my ideal job wouldn't be pen testing, do you think that the GPEN would be a logical next step to aid my career path in security? Should I be considering something else? I figure that the amount of information in the GPEN would obviously help pen-testing skills, but also security related matters relating to intrusion detection and security in general.
What do you think?
Cheers!
Big fan of the TE forums... I've read pretty much every post here regarding GPEN and OSCP. I'm trying to decide what certification to take next. I currently have CISSP, GCIA, CCNP and a bunch of other random certs. I know that career-wise I want to be in the security side of IT. Ideally, I'd like to have experience in the security field (intrusion detection). At my current IT position I have the ability to "create" experience relating to security, but for the most part, security is not very present in my day to day tasks.
I'd like to be in a position where I analyze networks for intrusions, I find that to be the most interesting. Since I'm hunting for security related jobs and don't have the experience, I figure why not keep getting security related certs in the meantime, that certainly can't hurt! Plus, the amount that I learned particularly from the GCIA course material was huge. I was very impressed with that course.
I don't necessarily want to be a full time pen tester, but was thinking that the GPEN would be the best fit (for me at this stage) from a learning prospective in the security field. From what I've read, the OSCP and GPEN complement each other, but the general consensus seems to be taking the GPEN first.
Even though my ideal job wouldn't be pen testing, do you think that the GPEN would be a logical next step to aid my career path in security? Should I be considering something else? I figure that the amount of information in the GPEN would obviously help pen-testing skills, but also security related matters relating to intrusion detection and security in general.
What do you think?
Cheers!
Comments
-
docrice Member Posts: 1,706 ■■■■■■■■■■You can create additional security experiences at your current job by doing log analysis as it's in the same vein as intrusion analysis. It's something that really needs to be done in non-security environments anyway and applies to both systems and network sides. You could also make the case that log analysis can spot problems and trends in the network in order to optimize and ultimately reduce costs due to inefficiencies. A faster network or server without having to throw money for equipment upgrades can be huge benefit in the eyes of upper-management stakeholders. Reviewing log data tends to be a sorely-overlooked task, unfortunately.
The GPEN might be good if you want to see the red-team point of view, or you can do PWB instead. Cheaper and more hands-on than taking 560, but if you can afford it and the SANS instruction style fits your needs better, then go for it. The GCIH is also a good complement for a dual-view (offense, defense) look at an environment while being related to intrusion detection.
If you're going to be at Black Hat or Defcon, also consider TCP/IP Weapons School 3.0 taught by Richard Bejtlich. He takes you through a few case studies using freely-available tools (namely Security Onion with Sguil, Snort, OSSEC) and Splunk to perform defense-side analysis of events. Then he flips it around and walks you through how the attack actually happened using tools like Metasploit, etc.. The course was cheaper at Usenix, but the next one coming up is at Black Hat from what I know.
https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_TS-tcpip.htmlHopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
jmu200 Member Posts: 11 ■□□□□□□□□□Thanks docrice--your input is appreciated, as usual. I'm still torn between GPEN and PWB, but leaning towards GPEN; will probably pull the trigger today or tomorrow and get a cert in by the end of the year.
I figure that if ultimately I want to be on the defense side of security (intrusion detection in this case) that it would be worthwhile to see the offensive side of things.
Don't think I'll make it to Blackhat this year, but will definitely be keeping my eyes open for any Bejtlich training in the future for sure.
Thanks again! -
docrice Member Posts: 1,706 ■■■■■■■■■■We had a thread about OSCP vs. GPEN a while back. Maybe it might be useful for you:
http://www.techexams.net/forums/sans-institute-giac-certifications/76844-why-no-study-guides-sans-institute-giac-certifications-available.htmlHopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/