Rapid7 Insight VM certified administrator?
UsualSuspect7
Member Posts: 97 ■■■□□□□□□□
I'm thinking about working towards this cert. I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry. The exam is open book, i believe you can use google and the cost is 200 bucks. Anyone heard about this certification?
*Edit*
I legit have 5 years of Vulnerability Management experience from enterprise to service providers. I worked with Tenable (excluding the Security Center) and Rapid7 (Dashboards, Remediation Projects, Integration CyberArk, Asset Groups, Tags, SQL reports, and preforming administrative task backups, scheduling differentiate scanning, etc...
/Edit
CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, PenTest+, Network+, Microsoft AZ-900, InsightVM CA
Comments
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I wouldn't do it.
Having the keywords "Rapid7" and "InsightVM" might attract the eyes of the security manager looking for a vulnerability management person for their InsightVM environment. It might be the difference that lands you an interview with them. But the problem is when they question you in the interview and it's quickly revealed that you really have zero experience on InsightVM. Because right then and there you've thrown into question the credibility of all your other certs, even if they've been earned from blood sweat and tears, so to speak. That one InsightVM "fluff" cert can ruin it for all the others.
EDIT: Just saw in your other post that you have 5 years of vuln management. Hmmm. If they think your company might switch to them around when Tenable renewal is up, they'll set you up with a test license for free for about a month IIRC. That might be an ideal time to bang this cert out while actually using the product in your environment.
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
If your company is paying - just go and do this, it's easy enough
xx+ certs...and I'm not counting anymore
I’m far from an expert, but I think this would be a great weekend certifications. I was curious giving the exam is open book can we log into prod if needed? How many questions on the exam?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Well.. do that certification if you think you next job will require it, it will give you head up.. otherwise it is time lost.
Just my $0.02
Now that I see you have updated more info showing you have a decade in Info Sec which includes five years of vulnerability management hands-on, you definitely can decide on the investment value without our opinions.
So to answer your original question: No, I have never heard of this certification. And because I have never heard of it, my vote is no on the investment value unless one of the following apply to you:
1) Required for a role
2) Employer is paying
3) Collecting certs is a hobby
4) Just have money to burn
With the other credentials in your signature, I do not see the added value to obtain the cert. Especially since the experience section on your resume will clearly demonstrate you have the skills.
Oh, I forgot to mention a bias I have: I prefer vendor-agnostic certifications.
"I think a lot of companies have a vulnerability management requirement especially in heavily regulated industry"
And my response:
I hope this alone is not the reason you pursue this cert (emphasis on the word hope because your motivation was not clearly stated thus uncertain).
You definitely do not need to post your resume (though some others do lol), but trying to understand where a question is coming from does help others provide feedback. I do not feel I made an assumption about you personally in either post though I could be mistaken. I scanned the thread again and see it was othes that questioned your experience and I was trying to provide insight on why they may be doing so. I am definitely making an assumption about you now though lol.
As someone with close to 20 years of general IT experience and a focus on Info Sec for the past nine years I like to feel that I know a lot, but definitely not all. With that experience I feel have a decent idea of what is considered "marketable" and have also seen lots of new "hot" credentials pop-up that do not add much additional value depending on what a person's aim is for getting it. Given that these companies want to bring in as much money as possible, the exam/CPE/maintenance fees machine will just keep on rolling. Not all credentials are worth the paper they are printed on, but of course that is subjective and everyone has to decide for themselves on if is worth it. You mentioned $200 is not a bad investment, but even a free exam can be a bad investment depending on what you get in return. Time is also an investment (cert junkie speaking) so combined with time and money given the experience you already have, I do wonder what you hope to get from it. But as a fellow techie that treats collecting certs as a hobby, I can totally relate. I do several certs per year for the first three of the four cert motivators I mentioned in the previous post.
So to wrap this up, I did not learn anything new from your remarks besides just reinforcing things I already have already learned over the years: written word is interpreted differently than spoken word, people are quick to jump to conclusions, and despite good intentions the help one tries to offer is not always helpful.
Just my $0.02. Good luck!