Seeking self paced training for DoD 8570 certifications

MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
A sudden and unexpected end to my employment contract has left me in a spot. I do however find myself with plenty of time to work on my certifications. I'm currently in a program through Veteran Affairs which is funding my training towards employment as a network security engineer (I recall that's the job title I gave them, the actual position will be something close). I'm not happy with the training plan I have now and the powers that be have informed me that they are not pleased with the entity currently tasked with providing my training. I'm working on a proposal for a change to my training plan, both in who does the training and what training I'd get.

The place I've had training with in the past offers only one week, 40 hour, "boot camp" style classes. This works well for an established employee which can convince their employer to give them paid time off for the class but I do not have that luxury. Working as a contractor I'm expected to get my training on my own time and find the funds myself. The VA has been kind enough to provide the money, but I can't always find the time. I have the time now but I'm hoping that will change soon, I'm waiting for word back on if I got another contract or not.

Rather than these "boot camp" classes I'm working on a proposal that would include a combination of online classes towards a masters of science in information security, and online classes towards security certifications. I know that there are plenty of people offering online certification classes, I'm just looking for some help in sorting them out.

The first criteria in selecting training is that the certification must meet US DoD Directive 8570 baselines. The logic here is that the VA is not just going to take my word that a security certification is a good one or not, but they should believe the DoD. This also fits well with the VA liking to get veterans government work, and government agencies like to hire applicants with government approved certifications.

The second criteria in selecting training is that it be self paced and somewhat open-ended on the complete date. I have time now to soak up certification lectures until my ears bleed everyday but that can change real quick. I'll want to be able to pick up where I left off weeks later and even back up to review what I didn't get the first time. I see something like this from INE but they don't offer certification that meets DoD 8570. (Although I'll try to sneak in CCNA and/or CCNA:Sec into the proposal.)

The third criteria is suitability. Cost is an issue with the VA but they are more concerned about the bang/buck ratio than total dollars. I want something that is a step up from the CompTIA Network+ and Security+ I already have but also not so difficult I cannot pass the test with a year or two of graduate level classes, self paced online study, and hopefully some work (and sleep) in between.

I'm leaning towards one, maybe two, of the following: CEH, CASP, and CISSP. I picked those primarily because I know where I can find the test centers for those but I'm open to suggestions.
MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.

Comments

  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Sounds like you would be a great candidate for WGU...
    Working on: staying alive and staying employed
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    What is your goal here? Is it certification or getting a position as a Network Security Engineer? If it is certification then boot camps or community college programs are the right way to go. If you want to get hired, then you need to get in an IT position and work forward while self studying for your certs.
  • MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
    colemic wrote: »
    Sounds like you would be a great candidate for WGU...

    Yep. I've been talking to WGU about their program. I'm putting them as an option on my application with the VA. Their Master of Science in Information Security and Assurance includes three certifications. They have CCENT, CEH, and CHFI as part of the program. I'm looking for other options as well as something to augment the WGU program should I choose it.

    Any government agency or contractor hiring a network security engineer will want to see a certification that meets DoD Directive 8570. What I have now meets the baseline for IAT Level II and IAM Level I. I want to go one step above that, that means getting one of a dozen different certifications from the DoD 8570 list.

    WGU is on the short list of schools. Even f I choose them (and they accept me) then I'd still want another certification to go with that masters program. If I choose a different school that might mean getting two certifications beyond my masters education instead of just one.
    MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.
  • MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
    SephStorm wrote: »
    What is your goal here? Is it certification or getting a position as a Network Security Engineer?

    The goal is getting a position as a Network Security Engineer. The certifications (and the graduate school) is a means to that end. I have a BS in computer engineering and a Security+ certification, as do a lot of people. I want to go above that so I can get the job in security and move above the level I'm at now.
    SephStorm wrote: »
    If it is certification then boot camps or community college programs are the right way to go.

    I ran into an issue with the boot camps already. The training center I was going to before schedules them at their convenience, not mine. If I have work to do then I can't go to class. The VA recognizes the issue and is allowing me to modify my plan to include on-line training.

    Where I am located there's only one place that offers the training I'm looking for and the VA is not happy with them. No community colleges around here offer training in anything beyond Security+, and I already have that. So I've come here hoping someone has an idea on where to turn.
    SephStorm wrote: »
    If you want to get hired, then you need to get in an IT position and work forward while self studying for your certs.

    Agreed, and I'm doing that. Experience tells me that the VA will not pay for a certification exam without training to go with it, that policy makes sense to me. I need to show them a plan to get the job and how I'm going to get there, training->certification->job. Skipping a step in that is a problem for them.

    Also, the thinking is also that to get hired in a good job to get the experience I need I can leverage the masters program to get access to the school's employment office. There's all kinds of good jobs on college campuses, but preference is placed on student applicants. So, I'll become a student.

    The goal is the job, graduate school is the means to the experience and certifications to get the job. The graduate degree is just gravy to put on a resumé.
    MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    My experience, grad school is not going to help. I was in an interview online for government tons of guys with Masters, not getting anything. I however got an interview without a single degree. Not saying this is universal. My .02
  • MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
    SephStorm wrote: »
    My experience, grad school is not going to help. I was in an interview online for government tons of guys with Masters, not getting anything. I however got an interview without a single degree. Not saying this is universal. My .02

    Tell me more. What did you have that the others lacked? Is it possible that the others were over qualified for the job?

    It's unlikely I'd start graduate school before August anyway, that's just when classes start. If something better comes along before the fall semester starts then I can drop out and do something else. One thing that brought me down the path of considering graduate school was a co-worker that mentioned WGU. I took a look and saw it offered certification training and testing as part of it's online self paced masters program. If I can find a information security certifications training program online that is self paced then I'll consider that instead.

    I can do both the grad school and certification training, that's the plan right now if the VA goes along with it. I also have to be accepted into grad school yet, I'm working on the applications.

    We're kind of getting off track here. Going to grad school is not the question here, online training for security certifications is the issue at hand. Who offers online training for certifications on the DoD 8570 IAT Level III list?
    MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    As a vet are you under Ch30 or Post-911? If you are Ch30, they will reimburse certification exam cost 100%, and 60% of bootcamps. GI Bill may be a better vehicle for what you are wanting, than voc rehab (if I understand you correctly.) As for your last question - level III certs are CISA, CISSP and specializations, GCIH, GCED, CASP, GSLC, and CISM... there are loads of online courses for studying for these, some are better than others, some are cheaper than others. I can't recommend any specific one, since I have never used one, but maybe someone else can...
    Working on: staying alive and staying employed
  • MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
    colemic wrote: »
    As a vet are you under Ch30 or Post-911?

    Since you asked, I'm applying for benefits under Chapter 31. Chapter 31 is a vocational program for veterans with service connected disabilities. Standing, walking, and lifting is painful for me, something that has already kept me from getting some contracts.

    Experience tells me the progression in IT is that you start at answering the phones, then you move up to desk side support, and then you get to go back to a desk or at least get someone else to carry the equipment. It's been a long time since I was carrying the equipment and a series of events has lead me back to where I'm answering phones. I want to get to a level of engineer, analyst, manager, or whatever and skip over that part where I have to lift hardware. I'm thinking a combination of graduate school, certification, and work experience will get me there.

    On the work experience side I got a phone call today to schedule a phone interview for a contract as a network technician. The interview will be on Monday. Wish me luck!

    I found online training for CompTIA CASP. I'm looking for other options. CASP is on the DoD list but it seems from other threads I've read on this forum it's not a well known certification.

    Maybe I'm going about my search wrong. It shouldn't be this hard. Are there some key words I need to type into Google to find the right training?

    I understand the dynamic at work here. Every place that offers training is not going to tell potential buyers about their competitors. Every entity that offers certifications does not want to be accused of playing favorites on who offers training so they don't advertise for anyone.
    MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.
  • MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
    I just found CBT Nuggets and they offer training for SSCP, CISSP, CEH and perhaps more from DoD 8570. Anyone have experience with them?
    MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    CBT Nuggets is very popular here, most have positive experiences with them. Regarding CASP - keep in mind that while it may not be as 'well-known' as other certs, it is on equal footing with other certs within 8570. For CISA and CISM, ISACA offers some training resources - their test bank of questions is phenomenal, and every single one has a clear explanation. Those may be of benefit to you as well... Good luck on your job interview!
    Working on: staying alive and staying employed
  • MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
    I had my interview, didn't get the contract. icon_sad.gif

    I spoke with my counselor at the VA and she was not very receptive to the idea of graduate school. She also pointed out that the VA had already paid for classes for me up front with a local training center, therefore I must complete those classes before I can ask for anything more. The problem with taking the classes from this place before is that it was not compatible with full time work. Since I have not yet got any full time work the VA says there is no reason I cannot continue the existing training plan.

    I'm not keen on on-line training any way. I prefer in classroom training from an in person instructor. It's that if I could not get the classroom training then on-line training would have to to. I'll be talking with someone at the training center next week, sounds like they will have a live person teaching the CEH class next month. I believe the VA paid for two more classes, if the CEH is one then I still need to find another. CASP might be an option but it appears many on this forum do not think highly of that certification. Whatever it is the course much be what this training center offers.
    MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.
  • wikigetwikiget Member Posts: 75 ■■□□□□□□□□
    MacGuffin wrote: »
    CASP might be an option but it appears many on this forum do not think highly of that certification. Whatever it is the course much be what this training center offers.

    CASP is not a bad cert, just new and still in the early stages of developing a reputation. Generally, the consensus that I've seen is that CASP is more technical then the CISSP, but easier because it doesn't cover quite so many non-technical subjects.

    CISSP is still the most well known security cert.
    "Once upon a time, disks were floppy, administrators were electricians and computers were louder then jets. Then it all got complicated." -Anon

    Life of a Network Security Manager: http://imgur.com/kKvmgjj
  • MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
    I see that the CISSP training is offered but it costs more than the CASP. The CEH certification looks good so I'm fairly certain I'll do that, cost looks about the same as the Cisco training I have on the plan now. What ever I choose it has to fit in the budget that the VA defined.
    MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.
  • wikigetwikiget Member Posts: 75 ■■□□□□□□□□
    MacGuffin wrote: »
    I see that the CISSP training is offered but it costs more than the CASP. The CEH certification looks good so I'm fairly certain I'll do that, cost looks about the same as the Cisco training I have on the plan now. What ever I choose it has to fit in the budget that the VA defined.

    While I don't have an issue with CEH, I would like to point out that unless you are specifically looking for CND/Network Security positions CEH doesn't meet any requirements to get work.

    IAT Line - For Technical jobs (Help Desk, Administrator)
    IAM Line - For Management jobs (IA Planning, IAM/ISSM, CISO, CIO)
    IASAE Line - For Engineering/Architecture jobs (Network Design, Feature/Service Development)
    CNDSP Line - For Security jobs (Incident Handling, Information Assurance, CND Manager)
    "Once upon a time, disks were floppy, administrators were electricians and computers were louder then jets. Then it all got complicated." -Anon

    Life of a Network Security Manager: http://imgur.com/kKvmgjj
  • MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
    wikiget wrote: »
    While I don't have an issue with CEH, I would like to point out that unless you are specifically looking for CND/Network Security positions CEH doesn't meet any requirements to get work.

    I'm looking for a job that pays well and is interesting, which is what I guess everyone wants to do. I find computer security interesting and it looks like it pays well. I didn't see CEH mentioned specifically too often in job opening descriptions but it does seem that having a well recognized and respected security certification would be quite helpful, and CEH seems to fit that description.

    Another item in favor of CEH is that it is one of the few instructor led classes available to me. The other classes would be from watching pre-recorded lectures or by live streaming instruction. I don't like the idea of having to listen to an instructor through a computer. I'll be meeting with the people offering the training in the morning, I'll see what they have to say then.

    On a side note, I'm thinking of adding CompTIA A+ certification into the plan. I won't take any class on it, just take the test. The thinking is to avoid any HR person tossing out my application because the job description calls for A+ certification. I'm thinking it'd also get me used to taking tests again. Is this a good idea? Bad idea? Or just an idea?
    MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.
  • MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
    Spoke with the people at the training center this morning. The instructor there recommended the CISSP. He also pointed out the material and testing is difficult. What I'm not too keen about is that there is no testing location for CISSP near here, I'd have to go to Chicago. The instructor didn't think too highly of the CASP, he seemed to think the Security+ certification I have is just as good. He recommended I take something else, I believe it was the CHFI, I don't recall exactly. I checked the schedule and the CHFI course will not be offered until March.

    Classes offered this February in security include CEH, CISSP, and CASP. There are others that depend on certifications I do not have, such as courses for Cisco, Microsoft, and VMWare. I chose CEH and CASP. We'll see if the VA approves.
    MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.
  • Falcon56Falcon56 Member Posts: 94 ■■■□□□□□□□
    MacGuffin, just looking at the certs listed under your profile, I'm scratching my head as to why you're not pursuing your CCNA? After that, I think I'd attempt the Cisco Security exam. I know you want to get some 8570 stuff but the Cisco stuff, IMO, would really help prepare you for the CISSP.

    I work desktop support for a government agency and a friend of mine was a contractor. He interviewed with all the local IT recruiters and firms and could never land a job. As soon as he got that CCNA, he was offered a job with a major midwestern city.

    Just my $0.02 worth and I wish you the best of luck!
  • wikigetwikiget Member Posts: 75 ■■□□□□□□□□
    MacGuffin wrote: »
    Spoke with the people at the training center this morning. The instructor there recommended the CISSP. He also pointed out the material and testing is difficult. What I'm not too keen about is that there is no testing location for CISSP near here, I'd have to go to Chicago. The instructor didn't think too highly of the CASP, he seemed to think the Security+ certification I have is just as good. He recommended I take something else, I believe it was the CHFI, I don't recall exactly. I checked the schedule and the CHFI course will not be offered until March.

    Classes offered this February in security include CEH, CISSP, and CASP. There are others that depend on certifications I do not have, such as courses for Cisco, Microsoft, and VMWare. I chose CEH and CASP. We'll see if the VA approves.

    CASP is new, so some people don't see it's potential yet. It's more technical then CISSP, but it's also focused meaning less to study, but you have to understand the material better. The issue CASP is dealing with is that CompTIA was traditionally thought of as covering entry-level certs and CASP isn't entry-level. Being added as an IAT III in the 8570 shortly after introduction has jump started CASP's path as a highly regarded cert.

    (ISC)^2 has the best PR of the certification companies. If you want a recognized cert they made the CISSP one of the most recognized certs in IT and the second (or first) most recognized cert in security (toss up between them and Security+). They call the material, "An inch deep and a mile wide." That means you need to understand the concepts and memorize some material, but you don't need an in-depth knowledge of any of it. Due to the wide amount of study material the test can be a bear to study for.

    CEH is an older cert, but it's "respectability" only came recently (v7 and v8 ). Previously the cert has been riddled with less then stellar support, company issues and general distrust. Although some of the disrespect revolves around the name of CEH (which is ridiculous), some were genuine concerns. Overall the material is very technical, similar to CASP in some respects.

    CHFI (also from ECCouncil) should be the next step after CEH. In fact ECC recommends taking the CEH courseware before CHFI. It is also not an 8570 cert.

    If you already understand the material, there is no real reason to get A+ if you already have Net+ and Sec+.
    "Once upon a time, disks were floppy, administrators were electricians and computers were louder then jets. Then it all got complicated." -Anon

    Life of a Network Security Manager: http://imgur.com/kKvmgjj
  • wikigetwikiget Member Posts: 75 ■■□□□□□□□□
    Falcon56 wrote: »
    MacGuffin, just looking at the certs listed under your profile, I'm scratching my head as to why you're not pursuing your CCNA? After that, I think I'd attempt the Cisco Security exam. I know you want to get some 8570 stuff but the Cisco stuff, IMO, would really help prepare you for the CISSP.

    I work desktop support for a government agency and a friend of mine was a contractor. He interviewed with all the local IT recruiters and firms and could never land a job. As soon as he got that CCNA, he was offered a job with a major midwestern city.

    Just my $0.02 worth and I wish you the best of luck!

    Maybe he doesn't want to be a Cisco guy.
    "Once upon a time, disks were floppy, administrators were electricians and computers were louder then jets. Then it all got complicated." -Anon

    Life of a Network Security Manager: http://imgur.com/kKvmgjj
  • MacGuffinMacGuffin Member Posts: 241 ■■■□□□□□□□
    I basically forgot about this thread but since I found it again I'd thought I'd add to it some more, especially since I just finished my CASP training today.
    wikiget wrote: »
    Maybe he doesn't want to be a Cisco guy.

    There's a sort of long story behind that. One way to give a short story is that I tried the CCNA exams a few times and missed by a few points each time. I told myself I'd pick it up again at some point, perhaps now is a good time. My CCENT expires next year so I should probably not put that off for much longer. I wouldn't mind being a Cisco guy but so far that has not worked out for me.

    What is something of a bummer for me is that when I was looking for DoD compliant certifications the CCNA-Security certification was not on the list, now it is. It's a bit late for that now, best not to dwell on it too much. I'm not saying that I will not consider CCNA-Security at some point, or that I wasted my time with my CompTIA certs. I'm just saying that had I known then what I know now I might have chosen a different stack of certifications.

    Since I didn't get the contract I was applying for a couple weeks ago I have time to do training at New Horizons for CEH in a couple weeks. I was not going to give the name of where I had my training since I've been ripping on them so much but I'm tired of playing that game. So, I'll say it, I don't like New Horizons. I started going there because that is what the VA suggested and that is what they were willing to pay for. I kept going there because I didn't feel like I had much of a choice. I'm going there again for CEH only because it is training with a real live instructor that will be in the same room as me. I don't like bootcamps. I don't like distance training. I'll tolerate another bootcamp so long as it is not distance training.

    Once I'm done with my exams I'm done with New Horizons. After that they can go rot for all I care. Most of the people there have been very nice to me, the others I just didn't get to know well. I like the people I met there, just not fond of the company. I'd guess they work out for some people, it's just not the place for me. I'd recommend other places first.

    I have some studying to do. I'll keep looking for work. If I don't find something soon then I'll go back to the VA and try again to get graduate school out of them. I think that if I can pass the tests that the VA lined up for me then I'll have enough certifications for a while. I think getting some college courses would be more helpful and a better learning environment for me. I'd just have to get the VA to agree with me.

    Thanks to all for the advice. Unless something significant changes in the next month then I think I got this figured out for now.
    MacGuffin - A plot device, an item or person that exists only to produce conflict among the characters within the story.
Sign In or Register to comment.