Penetration Testing mailing list archives
Re: GCIA, GSEC, GCIH, CISSP, CEH ???
From: "Jason Thompson" <securitux () gmail com>
Date: Wed, 19 Dec 2007 00:51:58 -0500
Hi, You will find that the CISSP is probably the strongest candidate for serious entry into information security. Is it going to give you useful technical information? Definitely not. It's one of those generic certs that looks VERY good on the resume. Yes it requires work experience but the requirements are so general you could work as an electrician inside a server room and you would qualify. With a Bachelor's degree it cuts the required work experience down. It's one you WILL want to get eventually once you get some experience under your belt. I've done the CEH but do the course for sure with the exam... the instructors teach you the practicality the exam does not. The certification doesn't stay very current, uses old tools, some of which are pretty archaic and ineffective on OS's patched beyond 1999. And it is mostly a tools exam, it's not going to teach you to pen test. I have the CEH and I will say that. Now I got it in 2006 so maybe somethings changed but when I did it the course and the exam didn't sync up much, which was a good thing! The instructors are excellent and realize the shortfalls of the exam, and they teach you real pen testing. Don't worry, they spend like 1/2 the last day prepping you for the tools exam. I will say this, I would never do an EC-Council exam on its own. Course? YES! Exam? No. The SANS courses are excellent. Back in the day when GIAC didn't succumb to whining paper cert kiddies the certifications required practicals and actual knowledge not memorization, which is what most other IT certs are. Therefore the courses have been built around teaching you real world application and proper theory applied to practical situations. Of all the courses I have done, I found the best to be the SANS ones. You get your money's worth with them. Your brain gets a full on assault of information though :) I just renewed my GCIA, and I did the GWAS certificate. Both were excellent, even though GWAS was still being developed at the time. There's lots of course delivery methods too, so if cost is a concern... You might want to check out the courses offered at Black Hat. They are $$$ but apparently they are good. I have never been but will be in 2008. But maybe its assumed they are good only because they are expensive? CompTIA is VERY basic but might be ok to crack out that first cert... I can't say anything about it really, I've never thought much of the '+' exams because its all memorization, and bad experience with A+ (wouldn't trust someone with an A+ with a desktop). Security+ I hope is different, and I do hear ok things about it. I help make decisions on hiring for our engineering dept and I will say SANS impresses me, puts up a flag. This is because you have to be serious about the material, their exams aren't a walk in the park. You need to know your stuff. You'd love them, you seem like you're pretty serious about this field if you've done some work on your own. Oh, and vendor certifications aren't worth your time... You don't need to pay Cisco $300 for them to tell you how great they are (there are literally questions on the CCNA that make you tell Cisco why they have the best router, I am not kidding). I have vendor certs but only because I get paid for them. Otherwise I couldn't care less. And I don't pay attention to them at all when measuring a security professional, especially the ones who tattoo them after their name like they are PhD's :) -J On Dec 17, 2007 7:44 AM, <infolookup () gmail com> wrote:
Good day all, I know this is not really a tech-pentest question however I wanted to get some feed back as to what certs/skill set one need to acquire in order to break into the pentest/information assurance/computer forensics job market. I am a about to graduate with my BA in computer system next semester, and I am tring to get into a security related field, I did very little vul-testing/pentesting for friends, or on a few work servers and wifi network. And that was very interesting, but with so many certs and paths out there I wanted to know which ones you guys took so I can get an idea. Thanks in advance. Sent via BlackBerry from T-Mobile ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: GCIA, GSEC, GCIH, CISSP, CEH ???, (continued)
- Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Pete Herzog (Dec 18)
- Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Danux (Dec 18)
- RE: GCIA, GSEC, GCIH, CISSP, CEH ??? Ardian Silvano (Dec 18)
- Re: GCIA, GSEC, GCIH, CISSP, CEH ??? mgk.mailing (Dec 19)
- Message not available
- Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Walter Cuestas (Dec 19)
- RE: GCIA, GSEC, GCIH, CISSP, CEH ??? Ferris, Joe (Dec 20)
- Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Cristian Serban (Dec 20)
- Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Jim Clausing (Dec 20)
- RE: GCIA, GSEC, GCIH, CISSP, CEH ??? Chadha, Sachin (Dec 23)
- RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Erin Carroll (Dec 18)
- Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? infolookup (Dec 19)
- Re: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? xelerated (Dec 19)
- RE: RE: Re: GCIA, GSEC, GCIH, CISSP, CEH ??? Erin Carroll (Dec 19)