Rapid7 Insight VM certified administrator?

UsualSuspect7UsualSuspect7 MemberMember Posts: 90 ■■■□□□□□□□
I'm thinking about working towards this cert. I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry. The exam is open book, i believe you can use google and the cost is 200 bucks. Anyone heard about this certification?


*Edit*

I legit have 5 years of Vulnerability Management experience from enterprise to service providers. I worked with Tenable (excluding the Security Center) and Rapid7 (Dashboards, Remediation Projects, Integration CyberArk, Asset Groups, Tags, SQL reports, and preforming administrative task backups, scheduling differentiate scanning, etc...

/Edit


CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, PenTest+, InsightVM Certified Administrator


Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,201 Admin
  • yoba222yoba222 Senior Member Member Posts: 1,230 ■■■■■■■■□□
    edited March 16
    I'm assuming you haven't used InsightVM before so this isn't about validating current experience level and more about "legitimately" getting an exclusive product onto your resume. 

    I wouldn't do it.

    Having the keywords "Rapid7" and "InsightVM" might attract the eyes of the security manager looking for a vulnerability management person for their InsightVM environment. It might be the difference that lands you an interview with them. But the problem is when they question you in the interview and it's quickly revealed that you really have zero experience on InsightVM. Because right then and there you've thrown into question the credibility of all your other certs, even if they've been earned from blood sweat and tears, so to speak. That one InsightVM "fluff" cert can ruin it for all the others.

    EDIT: Just saw in your other post that you have 5 years of vuln management. Hmmm. If they think your company might switch to them around when Tenable renewal is up, they'll set you up with a test license for free for about a month IIRC. That might be an ideal time to bang this cert out while actually using the product in your environment.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • trojintrojin tecnomancer IRLMember Posts: 214 ■■■■□□□□□□
    I have this cert. If you have to pay for exam - it is not worth.
    If your company is paying - just go and do this, it's easy enough
    I'm just doing my job, nothing personal, sorry

    40+ certs...and I'm not counting anymore

    LinkedIn: https://www.linkedin.com/in/arkadiusz-s/

  • SteveLavoieSteveLavoie Member Posts: 966 ■■■■■■■■□□
    If you have real experience with the product to back you, then it could be great.. If not.. it is worthless.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,201 Admin
    I agree that hiring managers would prefer candidates that have actual hands-on experience with InsightVM (or any vendor's product) rather than just the cert. However, the cert material might be an excellent way to start learning InsightVM.
  • SteveLavoieSteveLavoie Member Posts: 966 ■■■■■■■■□□
    of course it is the chicken and the egg problem.. you want to have exp on a product.. but no one give you the chance... 

    Well.. do that certification if you think you next job will require it, it will give you head up.. otherwise it is time lost. 
  • E Double UE Double U Member Posts: 1,876 ■■■■■■■■■□
    edited March 18
     I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry. 


    The requirement is there, but so are a lot of other topics such IAM, BCM, incident response, and more. I hope this alone is not the reason you pursue this cert. I have actually seen many organizations using Nessus and Qualys so why a Rapid7 cert. I do not mean to suggest there is no value, but I simply do not see it. 

    Just my $0.02
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, and more.

    2021 goals: AZ-303, AZ-304, maybe TOGAF and more ISACA

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • E Double UE Double U Member Posts: 1,876 ■■■■■■■■■□
    edited March 24
    I've been on this board for sometime, it's strange to see people discoursing others in pursing of knowledge based solely on assumption.

    If you have been with TE longer you would not find it strange at all lol. People post questions all of the time and provide very little background info. Those of us trying to help only work with what we have been given. 

    Now that I see you have updated more info showing you have a decade in Info Sec which includes five years of vulnerability management hands-on, you definitely can decide on the investment value without our opinions. 

    So to answer your original question: No, I have never heard of this certification. And because I have never heard of it, my vote is no on the investment value unless one of the following apply to you:

    1) Required for a role
    2) Employer is paying
    3) Collecting certs is a hobby
    4) Just have money to burn

    With the other credentials in your signature, I do not see the added value to obtain the cert. Especially since the experience section on your resume will clearly demonstrate you have the skills. 

    Oh, I forgot to mention a bias I have: I prefer vendor-agnostic certifications. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, and more.

    2021 goals: AZ-303, AZ-304, maybe TOGAF and more ISACA

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • E Double UE Double U Member Posts: 1,876 ■■■■■■■■■□
    I wonder if you are confusing my initial post with the feedback you received from others. Let's take a step back sir/maam. You made the following statement:

    "I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry"

    And my response:

    I hope this alone is not the reason you pursue this cert (emphasis on the word hope because your motivation was not clearly stated thus uncertain).

    You definitely do not need to post your resume (though some others do lol), but trying to understand where a question is coming from does help others provide feedback. I do not feel I made an assumption about you personally in either post though I could be mistaken. I scanned the thread again and see it was othes that questioned your experience and I was trying to provide insight on why they may be doing so. I am definitely making an assumption about you now though lol. 

    As someone with close to 20 years of general IT experience and a focus on Info Sec for the past nine years I like to feel that I know a lot, but definitely not all. With that experience I feel have a decent idea of what is considered "marketable" and have also seen lots of new "hot" credentials pop-up that do not add much additional value depending on what a person's aim is for getting it. Given that these companies want to bring in as much money as possible, the exam/CPE/maintenance fees machine will just keep on rolling. Not all credentials are worth the paper they are printed on, but of course that is subjective and everyone has to decide for themselves on if is worth it. You mentioned $200 is not a bad investment, but even a free exam can be a bad investment depending on what you get in return. Time is also an investment (cert junkie speaking) so combined with time and money given the experience you already have, I do wonder what you hope to get from it. But as a fellow techie that treats collecting certs as a hobby, I can totally relate. I do several certs per year for the first three of the four cert motivators I mentioned in the previous post. 

    So to wrap this up, I did not learn anything new from your remarks besides just reinforcing things I already have already learned over the years: written word is interpreted differently than spoken word, people are quick to jump to conclusions, and despite good intentions the help one tries to offer is not always helpful. 

    Just my $0.02. Good luck!



    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, and more.

    2021 goals: AZ-303, AZ-304, maybe TOGAF and more ISACA

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • E Double UE Double U Member Posts: 1,876 ■■■■■■■■■□
    You win the internet!  :)
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, and more.

    2021 goals: AZ-303, AZ-304, maybe TOGAF and more ISACA

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
Sign In or Register to comment.