Penetration Testing mailing list archives
Re: Pentest exams
From: Curt Shaffer <cshaffer () gmail com>
Date: Fri, 18 Sep 2009 07:30:45 -0400
I may be a little biased being GPEN certified myself as well as a mentor for the class, but I wouldn't take back my choice for one second. I'm not saying there aren't other good classes and certs out there but I learned sooo much from the GPEN that has helped me in many ways, even beyond just penetration testing. The instructors for the GPEN course are the cream of the crop in my opinion. These guys are out there in the thick of it, learning what works and what doesn't. They are giving talks on deep topics in the security area at all of the major and minor cons out there. It's nice to know that your instructors are known by major players in the industry due to their contributions. That is worth it by itself. Beyond that what I found just looking over materials for difference choices when I wanted to become certified in penetration testing is the professional aspect. Sure it's cool to have a class to learn a bunch of new tools and techniques to get into systems. What was probably more important, and a large focus on the GPEN, was methodology. We had full days of class based on rules of engagement, scope, laws to consider when pen testing and report generation. These are the things that a lot of people in the field don't get trained on and that is what can make a good pentester great. It's more than just popping the box, it's about letting the client know what that means to them and what they can do about it. With that said, the SANS GPEN was the only one that I saw that really fit that bill fully. Again, I don't want to discredit anyone else's training or certs, just my half a nickel :) If you have specific question on this course feel free to hit me up off list. Curt On 9/17/09 4:04 PM, "Scott" <opiesan () gmail com> wrote:
You should also consider the OSCP from Offensive Security (www.offensive-security.com). It's a lab based cert exam and worth looking into when comparing the certs you mentioned. Scott On Wed, Sep 16, 2009 at 9:15 AM, Chris <troncarter80 () gmail com> wrote:I'm looking to get certification as a penetration tester but, I'm torn between which would be the best fit. I work for a large company that deals with about 70% DoD, 20% military and 10% commercial. Although I'm not doing cleared work currently, a lot of our contracts involve TS/TS with a Full Scope. I'm currently looking at ECSA from EC-Council and GPEN from SANS. I've looked over some of the actual material briefly from EC and it seems decent. Any help would be greatly appreciated. There may be more certs out there that are just as worthy, I'm just not aware of them. Thank you ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Pentest exams Chris (Sep 17)
- Re: Pentest exams Eric Milam (Sep 17)
- Re: Pentest exams Mike Theriault (Sep 22)
- Re: Pentest exams Scott (Sep 17)
- Re: Pentest exams Curt Shaffer (Sep 22)
- Re: Pentest exams Scott (Sep 24)
- Re: Pentest exams Marco Ivaldi (Sep 25)
- Re: Pentest exams Curt Shaffer (Sep 25)
- Re: Pentest exams Curt Shaffer (Sep 22)
- Re: Pentest exams Eric Milam (Sep 17)
- Re: Pentest exams Razeor (Sep 22)