Technical Security Certification Roadmap

sexion8 · April 2012

I put together a list of security areas and their associated certifications to create a form of roadmap for those asking the recurring question(s): "What should I do next?" The page is a work in progress and I will try to keep it up to date.

Technical Security Certification Roadmap 2012

Comments questions, appreciated. I will add DoD 8750 to those certs that meet them and add any interesting books alongside the certs as time allows. I know I am missing a few certs, I started with the ones that either I am aware of, of have come across throughout my years in the industry. Again: WORK IN PROGRESS

cknapp78 · April 2012

Very nice work. This will come in very handy for quite a few of my guys.

YuckTheFankees · April 2012

I didn't know you were on here Sil, but thanks again for the roadmap. I would like to see more info for Reverse Engineering.

sexion8 · April 2012

YuckTheFankees wrote: »

I didn't know you were on here Sil, but thanks again for the roadmap. I would like to see more info for Reverse Engineering.

I actually took off reverse engineering just now... There is no cert that I could find associated with it. Certifications along those lines would go more into programming than security per-se. In the security arena, its rare that you would find a "reversing" position as a standalone. Most of the times it will fork into either reversing for virus/malware analysis or exploitation (GXPN/OSCE)

Just updated it and fixed it so its not fully treed when opened

EDITED TO ADD: YTF

Question is, where AREN'T I

YuckTheFankees · April 2012

Sil,

Will an internship in computer forensic help with getting a malware analysis job?

sexion8 · April 2012

YuckTheFankees wrote: »

Sil,

Will an internship in computer forensic help with getting a malware analysis job?

So, there is overlap in forensics and malware analysis however, not that much. It won't hurt, but depending on your responsibilities, it won't necessarily help. Analyzing malware can be real tricky depending on who you are performing your analysis for. I will let that comment sink for a while.

When analyzing malware for the corporation, as an analyst who is getting paid specifically for this, you would likely be working at a HUGE company and they would want a lot of details. This area for analysis is dominant in say the gov sector (Raytheon, SAIC, etc). Fortune 100s etc., are likely going to be using automation (Norman Sandbox, FireEye, etc). When you're tasked to perform say static and dynamic analysis, you will need a wide array of experience in networking, systems, forensics and programming. This is across the board (Windows, Unix, etc). There is no all inclusive class for it. GREM is the standard in this area, but solely possessing the GREM isn't going to automagically throw you into say SAIC.

Now, when performing these analysis for say an AV/Anti Malware company, you're likely going to be performing baselines to make signatures and so forth. There is a lot of automation (dynamic) involved versus completely reversing something in IDA and so forth. You need to ALWAYS keep in mind, there is a cost associated with your analysis. Static analysis is very time consuming and many samples change frequently, so the time you spend one day can be completely wasted as a new iteration changed the scope of what you saw.

Long story short... It can't hurt, but don't expect it to necessarily help.

YuckTheFankees · April 2012

Thanks for the response

.

I have one more questions. What is your opinion on the career outlook for computer forensic jobs?

sexion8 · April 2012

YuckTheFankees wrote: »

Thanks for the response .

I have one more questions. What is your opinion on the career outlook for computer forensic jobs?

Forensics is hot topic however, MOBILE forensics would be the way to go if you ask me. Many people are replacing computers with their mobile devices and the demand is growing. That's just me though, hence me getting more into mobile forensics over the last year.

docrice · April 2012

I know you posted in the other forum, but I'll add my two cents here (mostly nitpicky spelling issues):

SANS provides the training, but GIAC is the one who issues the certs (unless you intended to list the training authority in parenthesis)
"Red Hat" is two words
There's a space between "OS" and "X" for Mac OS X
"HP-UX"
I'm not sure if I'd put CCNP Security under "Routing / Protocols" as it's more about security appliances; then again, the SECURE exam deals with switch and router configs, so...
"Palo Alto Networks"
"Check Point"
"WatchGuard"
You could probably include Sourcefire's various certs (including the one for Snort) under Vendor Specific
Don't forget about CWSP, OSWP, eLearnSecurity, Heorot.net, SecurityTube, Mile2, and some other new ones that have recently come out.

Quite an impressive list otherwise. I wanted to make something like this, but in a flow-chart style (although the overlaps and decision trees for that would prove to be a nightmare). I never realized how many security-focused certs there are out there. We live in good times.

sexion8 · April 2012

Doc, appreciate the feedback. I listed them as SANS versus GIAC simply because SANS is more visible than GIAC. Notice I mention ISS verus IACRB for CPT, CEPT. As for Mile2, I won't get into politics on that. If you're on EH's forums, I explained why I won't add them. I intend on trying to update at least 5-10 items per day though, so still working on it. Nuances like Redhat versus Red Hat are because I wrote a perl script to update a framework I started using Mindmap and I'm too lazy update the spacing

One thing to bear in mind though with little tidbits like that is that although its meant for peers, someone pointed out the fact that her HR department would love to use that as a gauge for candidates as well. So it can be used by others outside of the technical realm

tpatt100 · April 2012

Pretty cool list

onesaint · April 2012

Great work!

whatthehell · April 2012

Nice list and good starting point/guideline

cgrimaldo · April 2012

Thank you so much!

gabypr · April 2012

Very nice list to be honest. In the general security section you can add a new EC-Council certification called Secure Computer User Specialist (SCUS) http://www.eccouncil.org/courses/entry_level_certifications/secure_computer_user_specialist.aspx. Its a entry level certification that has more practical content than lets say Security+. Other EC-Council entry certifications are Security5, Network5 and Wireless5 EC-Council | Entry Level Certifications

Other certifications considered in the "security" field are disaster recovery certifications which also EC-Council has one EC-Council | EC-Council Disaster Recovery Professional. Also EC-Council has another certification towards e-business security risks EC-Council | E-Business Security.

Hope this helps. Good luck and keep up the good job

Plantwiz · April 2012

Merged the two threads.

PW