Which of the Elite Three: CCIE, CISSP, or CEH?

Yes this thread is sarcasm. And no, I didn't write this ad. But it's not the first ad where I've seen statements like, "CEH required--GCIH/GPEN are merely nice extras." So which one of these three is the most elite to you?

elitecerts.jpg

Find more posts tagged with

Comments

Remedymp

yoba222 wrote: »

Yes this thread is sarcasm. And no, I didn't write this ad. But it's not the first ad where I've seen statements like, "CEH required--GCIH/GPEN are merely nice extras." So which one of these three is the most elite to you?

It sounds like a Government contractor role and they're writing it based on the 8570 list of certifications. Because it's an Infosec position, I don't see anything wrong with the listing.

CISSP would be the default.

ccie14023

It's certainly amusing to see all of those put in the same category. The CCIE Security is a hands-on exam focused on the configuration of one vendor's equipment. It doesn't cover so many other things, like security policy. And as I've written more than once on my blog (link below), it's entirely possible the CCIE Security you are talking to passed the exam back in 2008, like I did, and is therefore an expert on the VPN 3000-series concentrator, NAC framework, PIX firewalls, and CiscoSecure ACS. Realllly useful stuff nowadays!

As it is, it's just one data point in the overall evaluation of a given candidate. It's just amusing that they would lump certs that cover such highly disparate subject areas into one category.

NetworkNewb

CEH... CCIE... close enough!

spiderjericho

Whoever wrote that probably meant CCNA Security or the new CCNA Cyber Ops cert. They're 8570/8140 compliant.

OctalDump

The other odd thing in that listing is 3 references from the last 3 years. Which kind of suggests 3 different roles in the last 3 years, since normally they want references from your line manager ie someone who has actually worked with you closely. I guess you could have 3 references from the one employer, especially if it's project work.

UnixGuy

Pick the cert with the word Hacker in it.

TechGuru80

Remedymp wrote: »

It sounds like a Government contractor role and they're writing it based on the 8570 list of certifications. Because it's an Infosec position, I don't see anything wrong with the listing.

CISSP would be the default.

Yep definitely geared towards 8570 and government. There might be something specific written into the contract so although you might see it as random, generally there is a reason behind it.

80hr

IAM, ISSO work ...

CISSP must have DoD will take CASP but CISSP I the one you want. Get CEH for a check in the box this way you can work wit incident handers etc..

within the DoD CEH is somewhat of a joke... but the certification meets a current market need.

TechGromit

spiderjericho wrote: »

Whoever wrote that probably meant CCNA Security or the new CCNA Cyber Ops cert. They're 8570/8140 compliant.

No, they meant what the wrote. Unfortunately when HR writes ads, they are a day late and a dollar short. They usually have no clue when writing requirements, I've applied for job postings that had nothing to do with the actual job. One job listing mentioned Datacard printers and when I told the interviewer I had experience working with them, he told me yea we don't have any of those. WTF?

And what the hell is a IAM certification?

With a little research I learned the "Infosec assessment methodology (IAM) certification" appears specific to the NSA, I can't imagine too many people outside of government / government contracting have one.

518

its a poorly written ad. For one, IAM in the DOD means Information Assurance Manage/ment/r..not InfoSec Assessment Methodology...lol. This ad has got to be a joke.

CASP are for the ones who are not responsible for the IA posture of a DoD network. CASP or SEC+ are for the ISSM/O of a contractor's network e.g. P2P, Isolated WAN, Isolated LAN.

CISSP, on the other hand, are for the folks who are responsible for the IA posture (compliance C&A or A&A package) of a DOD theater or enclave.

CEH is mainly for folks who we call CND (Computer Network Defense) that uses security scanners like Nessus (ACAS).

518

TechGromit wrote: »

No, they meant what the wrote. Unfortunately when HR writes ads, they are a day late and a dollar short. They usually have no clue when writing requirements, I've applied for job postings that had nothing to do with the actual job. One job listing mentioned Datacard printers and when I told the interviewer I had experience working with them, he told me yea we don't have any of those. WTF?

And what the hell is a IAM certification?

With a little research I learned the "Infosec assessment methodology (IAM) certification" appears specific to the NSA, I can't imagine too many people outside of government / government contracting have one.

There are two categories in the DoD, IAM AND IAT. They are not certifications per say. Rather, they are used to determine what cert you need ased on your role. Network, Systems Admin, Help Desk, and ADPE Tech belongs to IAT. They are only required a Sec+ and an OS Baseline cert like Cisco or Microsoft (depending on your role).

TechGuru80

518 wrote: »

There are two categories in the DoD, IAM AND IAT. They are not certifications per say. Rather, they are used to determine what cert you need ased on your role. Network, Systems Admin, Help Desk, and ADPE Tech belongs to IAT. They are only required a Sec+ and an OS Baseline cert like Cisco or Microsoft (depending on your role).

Not in this case for IAM. See https://www.blackhat.com/html/bh-usa-08/train-bh-usa-08-nsa-iam.html for a little information...there is actually a certification.

TechGromit

518 wrote: »

There are two categories in the DoD, IAM AND IAT. They are not certifications per say.

Yea I notice that too, but "Infosec assessment methodology (IAM) certification" is a actual certification as well.

518

TechGuru80 wrote: »

Not in this case for IAM. See https://www.blackhat.com/html/bh-usa-08/train-bh-usa-08-nsa-iam.html for a little information...there is actually a certification.

An article that dates back 2008. Theres even a reference of that InfoSec Assessment Methodology back in the 90s. Never heard of it before, only certification we look for DoD is under 8570/8140.

518

The more I read about it, the more obsolete it gets. DoD and/or SAP are using RMF based on NIST 800 for A&A now. (DSS/RMF or JSIG/RMF)