Options
Thoughts and ideas please
abnmi
Member Posts: 66 ■■■□□□□□□□
Been lurking on the boards for a while before i attempted and passed my CISSP last November. Have been told i did things a tad backwards lol. The CISSP is my first and only attempt at a cert. Have been a computer enthusiast and security wonk for a while though. Half my military career was spent in the security/intelligence field. Recently facilitated a GSEC class and will take the exam within a month or so(thoroughly enjoyed it). WHile i do have my CISSP i feel that i need to shore up some of my technical foundations. I have never been on a helpdesk, sysadmin, or netadmin. I love information security/assurance and want to become one of the top 10% in my go to group.
Any ideas on how to proceed or what to learn or test for.
Any ideas on how to proceed or what to learn or test for.
Comments
-
Options
LionelTeo Member Posts: 526 ■■■■■■■□□□
Depends if you are into compliance or technical?
Both compliance and technical has it own equal amount of depth to branch into.
For compliance I would suggest the ISACA certs, CRISC or CISA are the two next certs people usually go for, and finish with CISM in the last. Depending on work areas, ITIL, PMP will help. GIAC G2700 is also pretty neat to assure employers you know 27000 series at your finger tips. GSEC falls under compliance in a way as well.
For technical, depends if you would want to branch into which field of work; there is a few choices from intrusion analysis, penetration testing, incident handling, forensic analyst, auditor, exploit development, malware research or just want to learn everything. Most of them can be learn from the GIAC courses. For a start I would recommend GCIH given it has the largest amout of possible branch it can goes into. GCIH is a strong foundation for lots of possible technical path. For example, GCIH -> GPEN -> GWAPT will assure your knowledge in penetration testing. GCIH -> GCIA -GCFW will helps you in doing intrusion analysis work. GCIH -> GCED -> GSEC will help you as inicdent handler to bring back and harden any infected unix, windows and network devices. There are some of the examples you can think of.
For skill assurance ceritifcation, offesive security offers a good amount of course at a great price of learning. Their exam simulates a real world 24 hour practical exam. Most people go for their OSCP course, be it for interest purpose and wanted to branch in penetration testing field. A real world practical lab bundle with practical exam also ensure you get to apply what you learn in the best way.