You will find that the CISSP is probably the strongest candidate for
serious entry into information security. Is it going to give you
useful technical information? Definitely not. It's one of those
generic certs that looks VERY good on the resume. Yes it requires work
experience but the requirements are so general you could work as an
electrician inside a server room and you would qualify. With a
Bachelor's degree it cuts the required work experience down. It's one
you WILL want to get eventually once you get some experience under
your belt.

I've done the CEH but do the course for sure with the exam... the
instructors teach you the practicality the exam does not. The
certification doesn't stay very current, uses old tools, some of which
are pretty archaic and ineffective on OS's patched beyond 1999. And it
is mostly a tools exam, it's not going to teach you to pen test. I
have the CEH and I will say that. Now I got it in 2006 so maybe
somethings changed but when I did it the course and the exam didn't
sync up much, which was a good thing! The instructors are excellent
and realize the shortfalls of the exam, and they teach you real pen
testing. Don't worry, they spend like 1/2 the last day prepping you
for the tools exam. I will say this, I would never do an EC-Council
exam on its own. Course? YES! Exam? No.

The SANS courses are excellent. Back in the day when GIAC didn't
succumb to whining paper cert kiddies the certifications required
practicals and actual knowledge not memorization, which is what most
other IT certs are. Therefore the courses have been built around
teaching you real world application and proper theory applied to
practical situations. Of all the courses I have done, I found the best
to be the SANS ones. You get your money's worth with them. Your brain
gets a full on assault of information though :) I just renewed my
GCIA, and I did the GWAS certificate. Both were excellent, even though
GWAS was still being developed at the time. There's lots of course
delivery methods too, so if cost is a concern...

You might want to check out the courses offered at Black Hat. They are
$$$ but apparently they are good. I have never been but will be in
2008. But maybe its assumed they are good only because they are

CompTIA is VERY basic but might be ok to crack out that first cert...
I can't say anything about it really, I've never thought much of the
'+' exams because its all memorization, and bad experience with A+
(wouldn't trust someone with an A+ with a desktop). Security+ I hope
is different, and I do hear ok things about it.

I help make decisions on hiring for our engineering dept and I will
say SANS impresses me, puts up a flag. This is because you have to be
serious about the material, their exams aren't a walk in the park. You
need to know your stuff. You'd love them, you seem like you're pretty
serious about this field if you've done some work on your own.

Oh, and vendor certifications aren't worth your time... You don't need
to pay Cisco $300 for them to tell you how great they are (there are
literally questions on the CCNA that make you tell Cisco why they have
the best router, I am not kidding). I have vendor certs but only
because I get paid for them. Otherwise I couldn't care less. And I
don't pay attention to them at all when measuring a security
professional, especially the ones who tattoo them after their name
like they are PhD's :)


On Dec 17, 2007 7:44 AM, <infolookup@xxxxxxxxx> wrote:
Good day all,

I know this is not really a tech-pentest question however I wanted to get some feed back as to what certs/skill set one need to acquire in order to break into the pentest/information assurance/computer forensics job market.

I am a about to graduate with my BA in computer system next semester, and I am tring to get into a security related field, I did very little vul-testing/pentesting for friends, or on a few work servers and wifi network.

And that was very interesting, but with so many certs and paths out there I wanted to know which ones you guys took so I can get an idea.

Thanks in advance.
Sent via BlackBerry from T-Mobile

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

Relevant Pages

  • RE: Value of certifications
    ... Like a bar exam though, ... This increases the cost, but you do not just memorise the questions. ... SANS Gold still makes you do this and as such I have far more respect for the Gold than Silver certs. ... Subject: Value of certifications ...
  • Re: Security+ Certification - Is the SANS materials enough?
    ... I have passed the CompTIA Security+ exam twice. ... The first edition of the exam(2003) and the most up-to-date and I can tell you that 2008's exam was alot *LESS* technical than the first edition. ... As far as the other certifications you have mentionned, i am not any familiar w/ the ACSP and have thoughed about becoming MCP but i remember reading an article when the world economy began to "colapse" that organisations not beeing able to pay back for their M$ licences would see their local MCPs handle the charges. ...
  • Re: IT Manager to CISO
    ... there's no comparing the two certifications. ... The Security+ exam is an entry level exam suitable for most people who are just entering the field. ... The CISSP is a well respected exam for people who are experienced and involved in designing and managing all forms of security at a high level. ... Sent from my BlackBerry® Smartphone ...
  • RE: Value of certifications
    ... I took a 40 hour CCNA course before taking the exam. ... Through the years, I've touched on security in various fashion, and the ... law issues in the case of forensics, but we have a law department that ... So, to summarize, from a knowledge aspect: Some certs = good (you can ...
  • Re: security cert
    ... As I remember, the firewall exam required ... >I was wondering if there are any security certifications ... For in-depth technical certifications GIAC would be good. ...