Your Cert Advice is Needed

Khaos1911 · June 2013

Good day, All!

I'm trying to figure out my next security cert. I was thinking C|EH, but 500 to 600 bucks I'm just not willing to shell out at the moment. Don't want to tackle CISSP until I can be fully endorsed and meet the experience requirement. Don't want to do the whole associate thing. Gonna try and talk boss man into paying for GSEC, but I know the budget is tapped and I won't be able to do it until next year at the earliest (Seems like it's a employee requirement anyway). ITIL doesn't give you that "uumph" in this market and did not really keep my attention.

I'm thinking CCENT followed by CCNA Security, but skipping ICND2...The thing is, I really despise networking, I find it boring. I do admire you "church of Cisco" dudes (that's how I refer to different members of this board with the Cisco avi's and always talking about Cisco and how every cert has to be cisco/networking related, blah blah blah) who are so enthralled with networking/Cisco. Unfortunately, I find all that stuff boring and uneventful. Frame relay this, EIGRP that blah blah blah. *snores.* But anyway, I gotta figure out my next move, I would like another IT security cert by the end of the year. Any suggestions?

tpatt100 · June 2013

Is is "just" Cisco or networking in general? If it is networking in general then you might not like some parts of this field.

the_hutch · June 2013

Agreed. Networking is a pretty huge part of security.

horusthesun · June 2013

the_hutch wrote: »

Agreed. Networking is a pretty huge part of security.

Indeed..... I would get the CCNA as well
Worst case Scenario you would always be a router admin

When in doubt LAB

the_hutch · June 2013

My biggest regret about my time in the military is that I never knocked out CCNA / CCNP. I know Cisco pretty well, but have nothing to show for it. It would definitely help put that final touch on my resume. But at this point, I don't really have time. Since I'm separating on Oct 1st.

Master Of Puppets · June 2013

I agree with the others. I just don't see a lot of options for getting into security with such hatred for networking. This makes me curious about some things. First of all, why do you want to get into it? And do you know what it involves and what you will be doing?

Khaos1911 · June 2013

Ahhh, the church of cisco appears and shines down upon us, what a surprise (lol)...I'm not getting into security. I'm in Security. I'm an Info Sec Analyst. I'm different from most posters on here who post threads in hopes of getting into security. I'm asking specifically about certs. See I've been around the block and the you "MOST KNOW XYZ" advice "the church" throws around on this site just isn't conducive to every situation in the real world. You don't have to ONLY know Network security like the back of your hand to get into say, Application Security, etc. Even though I'm in Network Security, I think that's where some users on this site go wrong with their advice. You can be a SAP or Oracle Security Applications Analyst and many more things, but all alot of you kick is the network security/cisco advice. The field is simply bigger than JUST Network Security. Sure network security is a great start and great knowledge in general, but ya'll gotta stop pigeon holding some of these newer tech guys to simply network security and Cisco. If you enjoy that, great. To each his own. But the field is so much broader.

r0ckm4n · June 2013

My infosec background is application security and pentesting. I had my MCSE 4, MCSE 2k, CNE, and CCNA in my system admin days, but let them expire. The knowledge gained from those certs and experience was still helpful, since I didn't need them in infosec. I have the CISSP, IAM, and OSCP. My first year of infosec was firewall and IDS stuff, but got moved into application security, which I liked a lot better. I would get certs based on what you want to do.

Master Of Puppets · June 2013

I can't agree with you. We have never pushed people in certain directions, we have just asked them to where they are drawn and given them the best instructions we know for that path. No restrictions or anything are placed on people. Usually the whole situation is explained by someone quite broadly so new comers have an idea of the many different aspects of the field they want to get into.Also, I don't think that the process of making distinctions in the field of security should be carried out by categorizing them vendor-wise. That is, if that's what you're doing.

Back on topic. Indeed, for CEH you might end up spending more than for Cisco exams. However, for some unknown to many people reason, the CEH will give you a noticeable increase in market value. That I am sure. So you might want to consider it anyway. Have you looked into the EC-Council CSA? It might be something for you. GCIA and GCIH are other suggestions you may benefit from looking into.

Falasi · June 2013

ITIL and CCNA. take them with grain of salt and you'll have better understanding of the whole Information Security Job. (even as application security).

its not about being a Cisco's church advocate (I don't have any Cisco Cert, as I've done the academy course back in 2006) ; its more about the knowledge gained from understanding the networking part of IT , especially for a newly Security guy.

instant000 · June 2013

1. What's wrong with the Associate of (ISC)2 for CISSP:

Q: What are the benefits of becoming an Associate of (ISC)² ?

A: By passing an (ISC)² exam, Associates prove that they have the broad knowledge required to succeed in an information security role, putting them in an excellent position to begin or advance their career. They can list ‘ Associate of (ISC) 2 for CISSP, CSSLP, SSCP or CAP’( in accordance with the exam they passed) after their name .

Source: https://www.isc2.org/uploadedFiles/Credentials_and_Certifcation/Associate_of_%28ISC%292/AssociateProgramforCSSLPandCAPFAQs_FINAL.pdf

There is nothing wrong with listing "Associate of (ISC)2 for CISSP" on your resume. It matches (ISC)2 policy. It means that your resume/profile matches searches for CISSP.

It's good enough for DoD 8570:

http://iase.disa.mil/eta/iawip/images/8570-cert.jpg

2. The GIAC series of certs are generally good, considering that they're slighly more rigorous, and their open book nature and the practical focus makes them closer to "real-world".

3. Consider something in the realm of offensive security. Since you mentioned CEH, there are other, more rigorous certs you could attempt for offensive security, if you like the ethical hacker sort of thing.

4. Look at something in the realm of risk. As we balance things in security, we have to consider how much risk we're willing to bear. I know that ISACA has a cert in this area that maybe one or two posters on the board have.

5. With regards to the thing with networking/Cisco: I glanced over the GSEC outline. It does include networking.

Like tpatt100, I hope your issue is not with networking in general. Except for proprietary stuff, most of networking is cross-platform.

With regards to vendors (Cisco, Microsoft, Oracle,etc.), I have no vendor loyalty. A vendor who does not ship equipment with insecure defaults would be an exception, not the rule. That alone lets you know that they don't care about security. It is my job to care.

6. Of course, I have no idea how much desire you have for advancing to higher responsibility and paying positions. If this is the case, please consider that the more specialized and difficult certs (if you have the skills to back them up) usually increase your employment opportunities.

Hope this helps.

Your Cert Advice is Needed

Comments