Penetration Testing mailing list archives
Re: Pentest exams
From: Curt Shaffer <cshaffer () gmail com>
Date: Fri, 25 Sep 2009 06:31:36 -0400
You make good points as well Scott. I really think your last point is the best. If you can, take both or maybe even more! As I said there is plenty of good training out there. I can relate to your concern about cost. I am on the GSE track with SANS and until I find that right employer, I will probably be footing every GIAC cert and gold attempt out of pocket. Curt On 9/24/09 10:16 AM, "Scott" <opiesan () gmail com> wrote:
Those are great points Curt. Proper methodology is a hugely important area to learn and I didn't feel like I picked up on that during the OSCP course. The barrier for me (and I assume many other people) is the difference in cost. SANS courses in general are a few thousand dollars just for the class (plus travel costs unless you're taking it over the web) and my employer has no training budget for it. They are worth the money but that doesn't make it appear in my wallet any faster. Conversely, the online/self study version of PWB is only $550 for the materials, 30 days of lab access, and the certification attempt. That still isn't chump change but when you're footing the bill yourself it's an easier price point to attain. Personally I'd take the GPEN if I could. Having both the GPEN and OSCP would be a dynamic duo of pen testing certs. Scott On Fri, Sep 18, 2009 at 7:30 AM, Curt Shaffer <cshaffer () gmail com> wrote:I may be a little biased being GPEN certified myself as well as a mentor for the class, but I wouldn't take back my choice for one second. I'm not saying there aren't other good classes and certs out there but I learned sooo much from the GPEN that has helped me in many ways, even beyond just penetration testing. The instructors for the GPEN course are the cream of the crop in my opinion. These guys are out there in the thick of it, learning what works and what doesn't. They are giving talks on deep topics in the security area at all of the major and minor cons out there. It's nice to know that your instructors are known by major players in the industry due to their contributions. That is worth it by itself. Beyond that what I found just looking over materials for difference choices when I wanted to become certified in penetration testing is the professional aspect. Sure it's cool to have a class to learn a bunch of new tools and techniques to get into systems. What was probably more important, and a large focus on the GPEN, was methodology. We had full days of class based on rules of engagement, scope, laws to consider when pen testing and report generation. These are the things that a lot of people in the field don't get trained on and that is what can make a good pentester great. It's more than just popping the box, it's about letting the client know what that means to them and what they can do about it. With that said, the SANS GPEN was the only one that I saw that really fit that bill fully. Again, I don't want to discredit anyone else's training or certs, just my half a nickel :) If you have specific question on this course feel free to hit me up off list. Curt On 9/17/09 4:04 PM, "Scott" <opiesan () gmail com> wrote:You should also consider the OSCP from Offensive Security (www.offensive-security.com). It's a lab based cert exam and worth looking into when comparing the certs you mentioned. Scott On Wed, Sep 16, 2009 at 9:15 AM, Chris <troncarter80 () gmail com> wrote:I'm looking to get certification as a penetration tester but, I'm torn between which would be the best fit. I work for a large company that deals with about 70% DoD, 20% military and 10% commercial. Although I'm not doing cleared work currently, a lot of our contracts involve TS/TS with a Full Scope. I'm currently looking at ECSA from EC-Council and GPEN from SANS. I've looked over some of the actual material briefly from EC and it seems decent. Any help would be greatly appreciated. There may be more certs out there that are just as worthy, I'm just not aware of them. Thank you ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------------------- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentest exams Chris (Sep 17)
- Re: Pentest exams Eric Milam (Sep 17)
- Re: Pentest exams Mike Theriault (Sep 22)
- Re: Pentest exams Scott (Sep 17)
- Re: Pentest exams Curt Shaffer (Sep 22)
- Re: Pentest exams Scott (Sep 24)
- Re: Pentest exams Marco Ivaldi (Sep 25)
- Re: Pentest exams Curt Shaffer (Sep 25)
- Re: Pentest exams Curt Shaffer (Sep 22)
- Re: Pentest exams Eric Milam (Sep 17)
- Re: Pentest exams Razeor (Sep 22)