SSCP vs CEH vs CASP
Zomboidicus
MemberMember Posts: 105 ■■□□□□□□□□
Hello, nice to meet you all. There was no place for introduction, so I'll use this place to introduce myself.
Currently I'm studying for CCNA security, and planning on taking it at the end of November.
My plan is to move onto CCNP and CCNP security after I am done with CCNA:S.
However, I do not want to limit my security certs to only Cisco, so I'm trying to figure out which cert take in between CCNP and CCNA:S.
My goal is to work with technical stuff like Network security (Firewalls, VPN, IDS, NAC, authE servers, etc) within 2-3 years from now, take CISSP when I have the required 5 years experience and land a managerial position like security manager (or information security officer) down the road. But prior to taking CISSP, I also want to broaden my security knowledge besides Cisco device security. I'm also interested in pen testing or a security analyst type of job where I asses the security condition within an organization.
Currently I have about 1.5 years of Help Desk/System Admin assistant experience, and wanting to move to bigger things. I also passed sec+ about a year ago, and graduated with a Network Security B.S. degree.
So my question would be, what would be the recommended path?
After taking my CCNA:S, which certification would make more sense?
SSCP? CEH? CASP?
Thank you for reading and any advice you may have.
Currently I'm studying for CCNA security, and planning on taking it at the end of November.
My plan is to move onto CCNP and CCNP security after I am done with CCNA:S.
However, I do not want to limit my security certs to only Cisco, so I'm trying to figure out which cert take in between CCNP and CCNA:S.
My goal is to work with technical stuff like Network security (Firewalls, VPN, IDS, NAC, authE servers, etc) within 2-3 years from now, take CISSP when I have the required 5 years experience and land a managerial position like security manager (or information security officer) down the road. But prior to taking CISSP, I also want to broaden my security knowledge besides Cisco device security. I'm also interested in pen testing or a security analyst type of job where I asses the security condition within an organization.
Currently I have about 1.5 years of Help Desk/System Admin assistant experience, and wanting to move to bigger things. I also passed sec+ about a year ago, and graduated with a Network Security B.S. degree.
So my question would be, what would be the recommended path?
After taking my CCNA:S, which certification would make more sense?
SSCP? CEH? CASP?
Thank you for reading and any advice you may have.
2016 Certification Goals: Who knows 
Comments
2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete
Where does CEH fit into this dilemma? If I am to get CEH, I think I need to get Linux+ beforehand. Which cert would you say would increase the chance of me getting my foot in the door into network security, SSCP or CEH?
Welcome to TE!
That's kind of a tough question.
The C|EH is highly valued by hiring managers, and provides a solid understanding of the hacker methodologies and tools, past and present. I believe it requires ~2 years of information security experience unless you attend an EC-Council accredited course (I may be wrong on this). I don't know what your SysAd role(s) have encompassed - this may not be the best route for you to take. I consider it over-valued, but that's more of a good thing when searching for a job than a bad thing
The SSCP is a lower level certification than the C|EH, though I would recommend it over the CASP. I believe it also has experience requirements (at least a year of which will probably be waived for the degree or Security+), but I'd need to take a look at isc2.org to be sure. I do know that I've seen it growing in demand, albeit slightly, over the past few years.
Take a look around Dice.com - Job Search for Technology Professionals, check out some network security positions and things you feel you'd be interested in (location irrelevant) and start building your certification checklist and priorities to mirror the certification requirements (and preferences) for those positions. Then, once you have them and you're ready to move on, start looking for positions similar to them again. It should provide you with some insight into how to start off.
I'm more of an assistant than an actual admin as half of responsibilities only consist of typical desktop/user support for our organization. Also, my job does not directly relate to security. But on the other hand, I've created and managed VPN accounts, installing physical security devices such as badge scanner and cameras, going through security logs for our Windows 2008 server, malware removal, etc. Even if it's indirect experience (as security it is not my primary responsibilities), would I be able to make a case to the ISC2 representative with stuff like that? If not, I'd feel like I'd be stuck in a chicken and egg situation.
Also, I haven't even looked through the CEH book, but a solid understanding of Linux and command line is also required for CEH, correct? Obtaining Linux+ would be preferred, or at least make my CEH studying much easier?
I didn't realize that...maybe I'll spend money and time on other things then. So at this point, it seems that CASP isn't worth it because not many recruiters know about it, I'm currently under-qualified for CEH, and SSCP does not add a lot of value if I already have Sec+.
Hmm...maybe there are other certs that go well with my CCNA instead of security certs then.
I took your advice and went through Dice and Monster. It seems even though the role consists of configuration and maintaining networking equipment, they want certs such as MSCA/CE, VCP, and Junos. Maybe I'll worry about security certs for later, and diversify my knowledge set in the system engineering, or second language in networking with Juniper. So that way, at least I can go either higher in the SysAd role, or become more marketable as a network engineer.
I'm not sure, touch choices.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
To be honest of your three that you presented the CASP is going to give you the most knowledge for the cheapest price in the area you are trying to go, the downside is that is not heavily recognized outside of the DoD.
Many of the most talented security individuals that I know (not all) were experts in another area of IT before moving to security. Security is something you can always move into, as all your prior experience will retain a level of relevance.
I'm not trying to dissuade you, I know quite a few people who successfully moved into security very early in their careers, but it will be more difficult to get into without some security-related responsibilities or several years experience in another area.
I see. I think my solution is to focus on networking then, as I loved what I learned while I was studying for CCNA. I should look into ways to get myself a job in networking, as securing such devices should also part of the job. Perhaps after I obtain CCNA:S, I should look into CCNA wireless as you probably can't get away from security while you are dealing with that topic.
Based on everybody's advice, I think I'll buy the book for CASP and use it reference to gain knowledge from it, but nothing more than that. Perhaps same goes for CEH, unless I really struggle to obtain a security job down the road, I'll take it to see whether it'll at least help me get a job. I'll take SSCP after CCNA:W & S but only get a practice on the ISC2 testing environment and style, and to help me refresh my memory on what I learned with Sec+.
I'd like to thank you all for your advice.
Like was said before, you'd be better off getting the CISSP or SSCP simply because they're recognized. I think the CASP will bridge the gap between Sec+ and CISSP, but it's not recognized yet. CEH would do more for you than the CASP as well. It's just not out there yet and widely recognized by HR.
Good luck in your studies.