Re: HELP NEEDED - Security Certifications

[Ognen Duzlevski <maketo () sdf lonestar org>]

Hi Mark,

this was by far the most useful post I saw on this mailing list 
considering this poarticular subject.

Thanks!
Ognen

On Wed, 13 Jul 2005, Mark Teicher wrote:

> Date: Wed, 13 Jul 2005 21:47:30 -0400
> From: Mark Teicher <mht3 () earthlink net>
> To: dallas jordan <dallas.jordan () gmail com>
> Cc: AMOL SABLE <amol.sable () capsilon com>, security-basics () securityfocus com
> Subject: Re: HELP NEEDED - Security Certifications
>
> Recently some one mentioned to me that in order to be a recognized security 
> professional, one must obtain their CEH (Certified Ethical Hacker) 
> certificate and NSA IAM Certification.  It even helps if you hang a shingle 
> outside your cube "Senior Technical Security Investigator" or claim  you a 
> nationally known expert on Computer Crime.
> Best if you pair up with a few known baddies, and co- author books for a 
> while to add some notches to your credentials.
> Does it help?? It depends on how much fluff or "security" kool-aid one wants 
> to drink.
> One is better of gaining experience as a system administrator and working 
> their way up the SAGE/USENIX certification process or investing some money in 
> training and attending SANS for a few years, picking up a few cheap PC's, a 
> Unix variant, and learning ANSI 'C" inside and outside and then moving to C#, 
> producing a few helpful applications that assist in security.  This doesn't 
> mean you can become the next Chris Klaus, Dan Farmer or Adam Shostack, but 
> one never knows ???
> Or one can become a security analyst grinder (one who works for years in 
> security analyst/consultant role) without attempting to become king of the 
> security mountain.
> One has to remember, longevity and working in stealth mode is not a bad 
> thing..
>
>
>
>
> At 11:24 AM 7/12/2005, dallas jordan wrote:
> > Amol,
> >    I think that for an entry level sec cert for someone in your
> > position, you should look at the Security+.  That was the first sec
> > cert I got and the information covered on that was a great stepping
> > stone to the CISSP.  I think the Sec+ is a bit more on the technical
> > side than CISSP, but it covers most of the same topics.  I think it's
> > a good intro to the field.
> >
> > On 7/8/05, AMOL SABLE <amol.sable () capsilon com> wrote:
> > >
> > > Hi folks,
> > > I'm looking for a good security certification .
> > > I have searched through numerous sites,seen a few comparisons as well. 
> > But
> > > still I think I need a word of advice from experienced security people, 
> > so
> > > posting this messege.
> > >
> > >
> > > The points to be taken into account:
> > > 1)I had some security training but don't have any global certification.
> > > 2)I'm working in the field of Infosec for a little less than a year.
> > > 3)I'm willing to go for a series of certs in a longer run.
> > > 4)I cant take my concetration off my work while preparing.
> > > 5)Main areas of my interests in IS include: Vulnerability assessment,Pen
> > > testing,Forensics and packet analysis etc...
> > >
> > > I had a look at these : ISC2>SSCP,
> > > GIAC>GISF,SSP-MPA,GCIH,GHTQ,GSEC,GCFA,G7799 etc.
> > >
> > >
> > > Your thoughts and Suggestions are precious for me.
> > >
> > > Thanks and regards.
> > > --Amol.
> > >
> > >
> >
> >
> > --
> > Dallas Jordan CCNA, CISSP