Reputation of a Few Certifications

Spinal33Spinal33 Member Posts: 7 ■□□□□□□□□□
Good morning (or evening/night depending on what time zone you may be in!)

A bit of background on me first as it's my first post. I'm a security consultant, and have been in the field for around 7 years. I've got a few certs, running a few off the top of my head CISSP, CEH ITILv3, Security+, and TigerScheme. From a vendor/product perspective, my employment history is a little more apparent as I've been certificated by TripWire (2), Qualys (2), Symantec (>10), and Apple (>10).

I recently ended a long contract with a client, and found myself with a few days of time to look at my development over the next year or so. I'm booking in for CISM in June; but need something to do until then.

I've looked at BSi's ISO27001 lead implementer cert - but it appears not to have any availability near me for quite a while (and it appears to be classroom led only, while I'm more of a self-study person)

So I started looking at a few others... but I have no experience around their reputation in the field...

* CWSP - Certified Wireless Security Programme (Cloud Security alliance)
* GCWN - Windows Security
* C|CISO
* CRISC

What's the "feeling" that people have with these? How reputable are they?

Comments

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Hello and welcome to TE.

    GCWN are the GIAC complementary certification to SANS training. Both GIAC and SANS are well known and well repected. I tend to prefer self-study so I prefer the SANS online formats but their conferences are quite popular. I personally feel that their training is too expensive and I will not likely take any more of their training. I have one taken 2 of their online CBTS. As for the GIAC certifications, they are considered decent certifications. However, I have only sat for 1 GIAC certification exam and I thought it was medicore at best and un-challenging.

    The CRISC is an ISACA certification. If you are planning to take the CISM, you cannot take the CRISC at the same time because all ISACA certs are given at the same time twice per year. However, I understand that ISACA will be changing it to quarterly. All ISACA certs are well regarded. The most well known and coveted is the CISA which is typically held by IS auditors.

    We had a short discussion on C|CISO a while back here on TE. I think the consensus was that it was too new and some people felt that ECCouncil was not the best org to be offering such a cert. I don't really have an opinion on it.

    I have no opinion on CWSP.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,661 Admin
    Spinal33 wrote: »
    * CWSP - Certified Wireless Security Programme (Cloud Security alliance)
    There is the CWSP wireless security cert from the CWNP, and the CCSK cert from Cloud Security Alliance.

    The CWSP is a good cert for 802.11 security, but it's recommended to have knowledge of all the objectives on the CWNA cert prior to taking the CWSP.
  • Spinal33Spinal33 Member Posts: 7 ■□□□□□□□□□
    JDMurray wrote: »
    There is the CWSP wireless security cert from the CWNP, and the CCSK cert from Cloud Security Alliance.

    The CWSP is a good cert for 802.11 security, but it's recommended to have knowledge of all the objectives on the CWNA cert prior to taking the CWSP.
    Thank you - If I must be honest, that one was more of a "like to do" and less something I think will help with my career path (which isn't that technical at the moment). Good to know they're known though!
    paul78 wrote: »
    Hello and welcome to TE.

    GCWN are the GIAC complementary certification to SANS training.

    Thank you - if I must be honest, I'm not a huge fan of EC-Council at the moment, as I feel that their member portal (and associated delta/CPE portal) is still immature and shouldn't have been released as a live system without much more testing/debugging. That said, that's my personal opinion and I probably shouldn't be voicing it as an EC-Council member.

    Interesting you mention CISA - I'm not an auditor, nor have an auditor background, but didn't realise that the CISA was the more coveted of the two. Do you think that's because it's been around longer (vs. CISM)? In the UK, ISACA have a new September exam date, so I could do CISM then, and bump up CRISC to June; but good point. I Think I'll skip for now.

    I'm now leaning more and more towards the ISO Lead Implementer one - even though it doesn't appear to be the option to do it as a self-study exam. Turns out the residential course out in middle earth costs as much as the non-residential one in london... and even though it's not accredited by anyone else than BSI -they kinda created the standard to start with; so they should be reasonably reputable, right?

    M

    M.
  • Spinal33Spinal33 Member Posts: 7 ■□□□□□□□□□
    Right, posted a reply - but it got flagged as spam for some odd reason so is awaiting moderation so can't edit it yet. Forgot to say - JD; CWSP was a typo (I was looking at CWSP, but as something that would be fun rather than useful as I'm less technical than I used to be, nowadays).

    I was seeking opinions on the CCSK one; which you correctly identified. Is is something too new to have a reputation yet?

    Speaking of new certifications - has anyone looked at the UK government ones (which they're doing together with teh BCS). The name escapes me - but they look quite interested as they aren't purely exam based...

    M.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,661 Admin
    Sorry about the anti-spam measures. It's especially Draconian for members with fewer than 10 posts, but it sure keeps the spam/phishing cruft out of the forums.
  • thegoodbyethegoodbye Member Posts: 94 ■■□□□□□□□□
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    I assume you are in the UK based on your comment. I would agree with you that since ISO Lead Implementer is from BSI, it would be viewed as quite reputable but at least in the US, it would not likely be well-known. Most BSI certifications are well respected in the US, they just don't have the same "brand" recognition.

    My comment about CISA being more coveted probably bear some clarification. It is coveted by auditors and ISACA, at least in the US, is more well known as an organization that promotes auditing and IT governance. When I sit for an ISACA exam, the majority of people are taking the CISA. I don't personally have any immediate interest in the CISA other than I am curious enough that I may sit for it someday.

    If you do plan to take ISACA certs, I would suggest sitting for the CISM first and then the CRISC since you are a security consultant. I noticed that you have a CISSP so the CISM should be pretty straight-forward for you. If you have security management experience, the CISM shouldn't be too challenging. But the review and knowledge organization is worth the effort.
  • Spinal33Spinal33 Member Posts: 7 ■□□□□□□□□□
    Thank you - I understand the anti-spam measures; I presume I activated them by quoting a link, but I understand why they are there, no hard feelings :)

    Thanks for the info regarding CCSK - seems like little has changed there. I read through part of their material on the tube over the last few days and it doesn't seem ground breaking... I may do it at some point for the same reason (i.e. give our sales guy a chance to say we have a CCSK certified consultant) - but I'm not sure how beneficial that is...


    Finally - yes, I am in the UK. ISO "officially" isn't a BSI thing being an international standard, but being based on BS7799, which was developed by BSi, they know what they're talking about (I would hope). (I'm sure you know this - just thinking out loud here).

    I think I'll ask them for some pricing options.

    Thanks for the help & advice!
    M.
  • rob1234rob1234 Banned Posts: 151
    Spinal33 wrote: »
    Thank you - I understand the anti-spam measures; I presume I activated them by quoting a link, but I understand why they are there, no hard feelings :)

    Thanks for the info regarding CCSK - seems like little has changed there. I read through part of their material on the tube over the last few days and it doesn't seem ground breaking... I may do it at some point for the same reason (i.e. give our sales guy a chance to say we have a CCSK certified consultant) - but I'm not sure how beneficial that is...


    Finally - yes, I am in the UK. ISO "officially" isn't a BSI thing being an international standard, but being based on BS7799, which was developed by BSi, they know what they're talking about (I would hope). (I'm sure you know this - just thinking out loud here).

    I think I'll ask them for some pricing options.

    Thanks for the help & advice!
    M.

    FYI I am ISO27001 Lead Auditor certified, and you can do it via self study and just sit the exam.
  • Spinal33Spinal33 Member Posts: 7 ■□□□□□□□□□
    rob1234 wrote: »
    FYI I am ISO27001 Lead Auditor certified, and you can do it via self study and just sit the exam.

    Rob - thanks. There are lots of iso exams, but who certifies the exam? It's an open standard, so anyone (theoretically) can run an ISO27001 exam and say "here's a certificate".

    The only self-study exams I could find were certified by pecb, which I've never heard of - and appears to be quite new (2005). That's why I want a bsi accredited exam/cert; they wrote the standard on which iso27001 is based on. I guess it's a whole other "what is the reputation of pecb" question I should have asked :p

    Now need to find a book on cism - but I'll post a question on the right subforum ;)
    M
  • rob1234rob1234 Banned Posts: 151
    GASQ and IBITG provide some but I am unsure how many people will know about who certified your exam its more the fact you are certified as an ISO27001 Lead auditor.
  • charlemagnecharlemagne Member Posts: 113 ■■■□□□□□□□
    Spinal33 wrote: »
    Right, posted a reply - but it got flagged as spam for some odd reason so is awaiting moderation so can't edit it yet. Forgot to say - JD; CWSP was a typo (I was looking at CWSP, but as something that would be fun rather than useful as I'm less technical than I used to be, nowadays).

    I was seeking opinions on the CCSK one; which you correctly identified. Is is something too new to have a reputation yet?

    Speaking of new certifications - has anyone looked at the UK government ones (which they're doing together with teh BCS). The name escapes me - but they look quite interested as they aren't purely exam based...

    M.

    I recently passed the CCSK exam. I researched it well in advance. It fits well with my other qualifications. More importantly, I asked some people in my target field about it and this is what led me to take it.
Sign In or Register to comment.