SSCP vs CEH vs CASP

ZomboidicusZomboidicus Posts: 105Member ■■□□□□□□□□
Hello, nice to meet you all. There was no place for introduction, so I'll use this place to introduce myself.

Currently I'm studying for CCNA security, and planning on taking it at the end of November.
My plan is to move onto CCNP and CCNP security after I am done with CCNA:S.
However, I do not want to limit my security certs to only Cisco, so I'm trying to figure out which cert take in between CCNP and CCNA:S.

My goal is to work with technical stuff like Network security (Firewalls, VPN, IDS, NAC, authE servers, etc) within 2-3 years from now, take CISSP when I have the required 5 years experience and land a managerial position like security manager (or information security officer) down the road. But prior to taking CISSP, I also want to broaden my security knowledge besides Cisco device security. I'm also interested in pen testing or a security analyst type of job where I asses the security condition within an organization.

Currently I have about 1.5 years of Help Desk/System Admin assistant experience, and wanting to move to bigger things. I also passed sec+ about a year ago, and graduated with a Network Security B.S. degree.

So my question would be, what would be the recommended path?

After taking my CCNA:S, which certification would make more sense?

SSCP? CEH? CASP?


Thank you for reading and any advice you may have.
2016 Certification Goals: Who knows :D

Comments

  • ajs1976ajs1976 Posts: 1,945Member
    SSCP over CASP - SSCP is from ISC2 and is more recognized. CASP is newer, but may become more popular over time.
    Andy

    2017 Goals: 1 of 5 courses complete, 0 of 2 exams complete
  • ZomboidicusZomboidicus Posts: 105Member ■■□□□□□□□□
    OK, thanks for the input. I'll look into SSCP as opposed to CASP.

    Where does CEH fit into this dilemma? If I am to get CEH, I think I need to get Linux+ beforehand. Which cert would you say would increase the chance of me getting my foot in the door into network security, SSCP or CEH?
    2016 Certification Goals: Who knows :D
  • redzredz CISSP-ISSAP, ISSEP, ISSMP, CAP (& others) Posts: 265Member ■■■□□□□□□□
    getting my foot in the door into network security, SSCP or CEH?

    Welcome to TE! :)

    That's kind of a tough question.

    The C|EH is highly valued by hiring managers, and provides a solid understanding of the hacker methodologies and tools, past and present. I believe it requires ~2 years of information security experience unless you attend an EC-Council accredited course (I may be wrong on this). I don't know what your SysAd role(s) have encompassed - this may not be the best route for you to take. I consider it over-valued, but that's more of a good thing when searching for a job than a bad thing ;)

    The SSCP is a lower level certification than the C|EH, though I would recommend it over the CASP. I believe it also has experience requirements (at least a year of which will probably be waived for the degree or Security+), but I'd need to take a look at isc2.org to be sure. I do know that I've seen it growing in demand, albeit slightly, over the past few years.

    Take a look around Dice.com - Job Search for Technology Professionals, check out some network security positions and things you feel you'd be interested in (location irrelevant) and start building your certification checklist and priorities to mirror the certification requirements (and preferences) for those positions. Then, once you have them and you're ready to move on, start looking for positions similar to them again. It should provide you with some insight into how to start off.
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAPosts: 5,735Member ■■■■■■■■■■
    Although I don't have a lot of respect for the CEH, I would take it over the SSCP for the same reason as Redz, recruiters love it. I wouldn't take the CASP at this time. It's just not popular enough.
    Currently working on: Linux and Python
  • ZomboidicusZomboidicus Posts: 105Member ■■□□□□□□□□
    Thank you for your insight.

    I'm more of an assistant than an actual admin as half of responsibilities only consist of typical desktop/user support for our organization. Also, my job does not directly relate to security. But on the other hand, I've created and managed VPN accounts, installing physical security devices such as badge scanner and cameras, going through security logs for our Windows 2008 server, malware removal, etc. Even if it's indirect experience (as security it is not my primary responsibilities), would I be able to make a case to the ISC2 representative with stuff like that? If not, I'd feel like I'd be stuck in a chicken and egg situation.

    Also, I haven't even looked through the CEH book, but a solid understanding of Linux and command line is also required for CEH, correct? Obtaining Linux+ would be preferred, or at least make my CEH studying much easier?
    2016 Certification Goals: Who knows :D
  • da_vatoda_vato Posts: 445Member
    To my understanding the SSCP and sec+ are equal as far knowledge level goes so since you have one I personally wouldn't waste the money on the other. Unless your job is paying for it, I think the test delivery could hep prepare you for taking the CISSP.
  • ZomboidicusZomboidicus Posts: 105Member ■■□□□□□□□□
    da_vato wrote: »
    To my understanding the SSCP and sec+ are equal as far knowledge level goes so since you have one I personally wouldn't waste the money on the other. Unless your job is paying for it, I think the test delivery could hep prepare you for taking the CISSP.

    I didn't realize that...maybe I'll spend money and time on other things then. So at this point, it seems that CASP isn't worth it because not many recruiters know about it, I'm currently under-qualified for CEH, and SSCP does not add a lot of value if I already have Sec+.

    Hmm...maybe there are other certs that go well with my CCNA instead of security certs then.
    2016 Certification Goals: Who knows :D
  • ZomboidicusZomboidicus Posts: 105Member ■■□□□□□□□□
    Thank you : D

    I took your advice and went through Dice and Monster. It seems even though the role consists of configuration and maintaining networking equipment, they want certs such as MSCA/CE, VCP, and Junos. Maybe I'll worry about security certs for later, and diversify my knowledge set in the system engineering, or second language in networking with Juniper. So that way, at least I can go either higher in the SysAd role, or become more marketable as a network engineer.

    I'm not sure, touch choices.
    2016 Certification Goals: Who knows :D
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,473Admin Admin
    Also realize that CEH covers topics that less than one percent of IT people use in their daily duties, while Security+, CASP, and SSCP are far more broad and practical in their coverage of InfoSec topics. Honestly, if you get into a job that some some InfoSec-related duties, I would skip SSCP, CASP, and CEH and go straight for CISSP. That's the best recognition for your dollar these days.
  • the_Grinchthe_Grinch Posts: 4,160Member ■■■■■■■■■■
    Personally, I wouldn't waste my time with the CEH. I had it and without the experience behind it you won't get much out of it. SSCP is the way to go in my opinion and based off of your experience you should meet the requirement, if not they give you time to get the experience.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • da_vatoda_vato Posts: 445Member
    CEH can aid in giving you a different perspective of your current networking knowledge (which I think is valuable). Just don't expect that you will come out ready to be a true pentester for that you woul need to take the OSCP. As Redz has said CEH is popular amongst recruiters and it could help to obtain a job. You seem to be young in your career so no matter what direction you go you've got a bit of an investment to make.

    To be honest of your three that you presented the CASP is going to give you the most knowledge for the cheapest price in the area you are trying to go, the downside is that is not heavily recognized outside of the DoD.
  • redzredz CISSP-ISSAP, ISSEP, ISSMP, CAP (& others) Posts: 265Member ■■■□□□□□□□
    I took your advice and went through Dice and Monster. It seems even though the role consists of configuration and maintaining networking equipment, they want certs such as MSCA/CE, VCP, and Junos. Maybe I'll worry about security certs for later, and diversify my knowledge set in the system engineering, or second language in networking with Juniper. So that way, at least I can go either higher in the SysAd role, or become more marketable as a network engineer.

    Many of the most talented security individuals that I know (not all) were experts in another area of IT before moving to security. Security is something you can always move into, as all your prior experience will retain a level of relevance.

    I'm not trying to dissuade you, I know quite a few people who successfully moved into security very early in their careers, but it will be more difficult to get into without some security-related responsibilities or several years experience in another area.
  • ZomboidicusZomboidicus Posts: 105Member ■■□□□□□□□□
    redz wrote: »
    Many of the most talented security individuals that I know (not all) were experts in another area of IT before moving to security. Security is something you can always move into, as all your prior experience will retain a level of relevance.

    I'm not trying to dissuade you, I know quite a few people who successfully moved into security very early in their careers, but it will be more difficult to get into without some security-related responsibilities or several years experience in another area.

    I see. I think my solution is to focus on networking then, as I loved what I learned while I was studying for CCNA. I should look into ways to get myself a job in networking, as securing such devices should also part of the job. Perhaps after I obtain CCNA:S, I should look into CCNA wireless as you probably can't get away from security while you are dealing with that topic.

    Based on everybody's advice, I think I'll buy the book for CASP and use it reference to gain knowledge from it, but nothing more than that. Perhaps same goes for CEH, unless I really struggle to obtain a security job down the road, I'll take it to see whether it'll at least help me get a job. I'll take SSCP after CCNA:W & S but only get a practice on the ISC2 testing environment and style, and to help me refresh my memory on what I learned with Sec+.

    I'd like to thank you all for your advice.
    2016 Certification Goals: Who knows :D
  • bobloblawbobloblaw Posts: 228Member
    Having just taken the CEH, I can say it's a good introductory to tools and some InfoSec methodology. One thing it doesn't make you is a hacker. You don't complete your CEH with a high level of knowledge in Wireshark, nmap, tcpdump, Nessus, Linux, snort, etc. It's entry level. Put simply, there are books for just Wireshark and just Snort that are much bigger than the All-in-One CEH book. I did enjoy the reading, though.

    Like was said before, you'd be better off getting the CISSP or SSCP simply because they're recognized. I think the CASP will bridge the gap between Sec+ and CISSP, but it's not recognized yet. CEH would do more for you than the CASP as well. It's just not out there yet and widely recognized by HR.

    Good luck in your studies.
  • NovaHaxNovaHax Posts: 502Member ■■■■□□□□□□
    Don't do CASP. CompTIA has established a name for itself as the leader in entry-level IT certs. Unfortunately...that means that most people have a hard time recognizing them as anything but.
Sign In or Register to comment.