What would be the best Security cert to pursue after Security+?
IT69
Member Posts: 38 ■■□□□□□□□□
Comments
-
jsnchrry33 Member Posts: 12 ■□□□□□□□□□A lot of folks where I work go after CEH then CISSP. Both are great certs if you work in Cyber Security.
-
Valsacar Member Posts: 336I asked the same question a year ago, the answer I got was CISSP. Regardless of what, other, certification you get people will only ask when you're getting CISSP (if you're working security, of course).
IMO CEH is worthless, besides the fact that the US Government likes it. Their material is crap, the test is far too easy for the level that people think it is, and the organization (EC-Council) is unprofessional at best.WGU MS:ISA Progress:
Required: NOTHING!!!!!
Current Course: NONE
Completed: COV2, LKT2, LOT2, FNV2, VUT2, JFT2, TFT2, JIT2, FYT2, FMV2, FXT2, FYV2, LQT2
Started 01 May 2012, Degree awarded 29 Oct 2013 -
powerfool Member Posts: 1,666 ■■■■■■■■□□I have to agree with the CEH being worthless. I went to a class for it because I thought the labs would be fun and interesting, but I was sadly disappointed when we were running attacks against unpatched Windows 2000 systems.
The one thing that I think folks should consider when trying to be rounded in security is how well they understand, and can validate with certifications, the components for which they are securing. For instance, if you are working to secure a Windows network, you need a solid foundations in Windows... you need to know Active Directory, Group Policy, NTFS permissions, etc. If you are securing a network infrastructure, you need to understand routing and switching fundamentals.
A lot of folks are pushing security as a separate field and I just perceive that as naive. To be more thoughtful of security and to have it as a part of enterprise culture, it has to be integrated. Security, as a career focus, should be a progression. Become a network or systems admin, move into engineering work. Centripetally focus on security along the way. Gain maturity and respect and make sure you understand business requirements and processes. I can't imagine someone thinking, when they develop an infrastructure, that security shouldn't be a consideration.
Is there an area of focus you have in mind for your security endeavors? If so, get down to the fundamentals of it.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro -
IT69 Member Posts: 38 ■■□□□□□□□□I have to agree with the CEH being worthless. I went to a class for it because I thought the labs would be fun and interesting, but I was sadly disappointed when we were running attacks against unpatched Windows 2000 systems.The one thing that I think folks should consider when trying to be rounded in security is how well they understand, and can validate with certifications, the components for which they are securing. For instance, if you are working to secure a Windows network, you need a solid foundations in Windows... you need to know Active Directory, Group Policy, NTFS permissions, etc. If you are securing a network infrastructure, you need to understand routing and switching fundamentals.A lot of folks are pushing security as a separate field and I just perceive that as naive. To be more thoughtful of security and to have it as a part of enterprise culture, it has to be integrated. Security, as a career focus, should be a progression. Become a network or systems admin, move into engineering work. Centripetally focus on security along the way. Gain maturity and respect and make sure you understand business requirements and processes. I can't imagine someone thinking, when they develop an infrastructure, that security shouldn't be a consideration.Is there an area of focus you have in mind for your security endeavors? If so, get down to the fundamentals of it.
-
klhatchett Member Posts: 29 ■□□□□□□□□□I am actually currently a Information Security and Assurance student and I know that the Security+ certification is helpful, and I was actually thinking about trying to receive the CEH certification but based on the information you all have given I wont waste my money or time on it, unless I plan on working for the government or find a company that will pay for the testLook me up on LinkedIn, Lets Connect! http://www.linkedin.com/in/klhatchett92
-
GarudaMin Member Posts: 204klhatchett wrote: »I am actually currently a Information Security and Assurance student and I know that the Security+ certification is helpful, and I was actually thinking about trying to receive the CEH certification but based on the information you all have given I wont waste my money or time on it, unless I plan on working for the government or find a company that will pay for the test
IMHO, CEH is not totally worthless. The same goes for any certification. When you are trying for a cert, you are also getting the knowledge in pursuit of the cert. Of course, it's better when the cert holds more value. I say if you can afford time and money, go for it. Or at least, go for OSCP (OSCE and OSEE if you have resources). So you can understand attack methodologies and get familiar with the tools. It depends on how much effort you put into it. If you put in time and actually use the tools, it will up your offensive game. But at the least, you will have an understanding of how red team works. If your goal is to become a pentester, it will broaden your horizon, imo.
I share the same view as powerfool. Security is not a separate field. The more you know the better it is for you.