Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Your opinion(s) and information on certifactions.

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Mar 2010
    Location
    Utah
    Posts
    4

    Default Your opinion(s) and information on certifactions.

    I've been interested in doing network security as a job and I was wondering what type of education/certifications employers are looking for.

    I'm working on my CCNA right now, and I want to do OSCP, CEH, CPT, CISSP, and eventually OSCE. Do you think that would be enough? I know that I would need experience before I get seriously looked at, but would this be enough education wise?

    Thanks

  2. #2
    Junior Member skidmarq's Avatar
    Join Date
    Jan 2010
    Posts
    88

    Default Re: Certs?

    You are correct in saying that you have to have a healthy balance of job experience versus certifications. I think the certs you have listed there are all reputable but it is never a bad thing to start with an entry level job at a large company so you can get a lot of hands on experience with large enterprise environments.

    This will allow you to see various technologies and focus on those you like while gaining valuable experience at the same time. You can also network and get your name out there in the industry because a lot of times it really comes down to who you know as much as what you know.

  3. #3
    Just burned his ISO
    Join Date
    Mar 2010
    Location
    Utah
    Posts
    4

    Default Re: Certs?

    I'm currently working as a network/computer tech for a school district, and I'm learning alot since I'm in charge of about 250 computers, but the state makes sure that we are secure, so outside of the little lab I've set up at my house I'm not getting much security training. Unfortunately that isn't really something I can put on a resume lol.

    Is there any other certs that anyone would recommend that I work on with these while I work on getting real life experience?

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Certs?

    My advice is to check what certifications appear in the job advertisements in the locale in which you want to work. Different markets value different certifications.

    My preferences in this area are towards the Offensive Security and SANs certifications. If Pen Testing is your chosen field I would aim for OSCP, GPEN and GWAPT and maybe OSWP if wireless stuff interests you. There are better choices if you are interested in some other security specialty such as Forensics or Incident Handling/Detection/Response (GCIA, GCIH, GCFA).

    CISSP is more of a documentation style certification, good if you want to be doing risk assessments and security documentation, but not for hands on technical work. I have a very low opinion of CEH as a certification, it seems to be focused on memorising long lists of tools. GSEC is a good technical computer security certification if you want something more general. I havent heard too much about CPT.

    And along with everyone else I agree that experience is critical.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Just burned his ISO
    Join Date
    Mar 2010
    Location
    Utah
    Posts
    4

    Default Re: Certs?

    Lupin,

    Thanks, I've never looked into those certs before. The only reason I put the CISSP is because I have seen it on a lot of job ads, but it sounds like the MCSE of the security field. To be honest I think certifications are a necessary evil. At my job all of the other techs have all the standard CompTIA certs and they don't know anything!

    Everything I've learned about computers, I've learned by myself just playing with it till it broke (I must of pooched my first 20 installations of Slackware when I tried to learn it at the beginning lol) and then re-installing. I'm only 22 but I still have more knowledge (not to brag) than all the other techs I work with because I didn't learn computers from reading a book studying for an exam. That's why I dropped out of college too. I got tired of learning things I already knew, and how I have to do everything the way the professor wants and have no creativity (stupid CS classes!!).

    Anyways, how much stock would OSWP hold? It seems like wireless is the "easy" thing to hack so everyone does it. That's how I got my start forever ago. I was cracking WEP before I knew there was a replay attack haha. That took some time... Is it a cert that employers would look for? I guess I just need to go look at some job search sites eh?

    Thanks for all the feedback

  6. #6
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    8

    Default Re: Certs?

    Very good insight Lupin. I am just about finishing up my B.S in Info. Tech. with a concentration in security and I too was looking for certs I should go for. A lot of jobs seem to ask for CISSP, but from what I read, I too agree it seems more documentary. Forgive me since I'm not working in the industry yet (still looking for an internship, it's hard bleh) but are the remote-exploit certs well known in the industry? I really want to take them because they are hands on, but it would be great if they also help me find a job.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Certs?

    Quote Originally Posted by m0ngr31 View Post
    Thanks, I've never looked into those certs before. The only reason I put the CISSP is because I have seen it on a lot of job ads, but it sounds like the MCSE of the security field.
    Im not saying that the CISSP is bad, (in the way that the MCSE is bad), Im just saying it does not have a technical focus, and its more focused on learning the 10 CBK domains at a generally high level (a mile wide and an inch deep is a common way to refer to it). It is probably the best certification to get if you want to do risk assessments and other documentation style IT Security reviews, however Im assuming that someone asking a question on this forum may not be into that, and may have a technical focus instead.

    Quote Originally Posted by m0ngr31 View Post
    To be honest I think certifications are a necessary evil. At my job all of the other techs have all the standard CompTIA certs and they don't know anything!
    True, and its similar to other educational qualifications in that regard, however those things can help get you through the door for an interview, which can be a fairly valuable thing.

    Quote Originally Posted by m0ngr31 View Post
    That's why I dropped out of college too. I got tired of learning things I already knew, and how I have to do everything the way the professor wants and have no creativity (stupid CS classes!!).
    Unless you get into an advanced program thats generally par for the course. I didnt learn anything useful from traditional IT education until I did a Masters Degree in the subject. That stuff was actually interesting and valuable. Dont discount the value of the qualification itself though.

    Quote Originally Posted by m0ngr31 View Post
    Anyways, how much stock would OSWP hold? It seems like wireless is the "easy" thing to hack so everyone does it. That's how I got my start forever ago. I was cracking WEP before I knew there was a replay attack haha. That took some time... Is it a cert that employers would look for? I guess I just need to go look at some job search sites eh?
    I have never seen anyone ever ask for the OSWP certification in a job ad, however its the same for many of the more obscure qualifications. The SANs wireless hacking certification might be better known but I doubt that on its own will really qualify you for a job either. At best, having a few well regarded penetration testing related certs may provide a point in your favour when you are being considered for a job - though I doubt it would be a deciding factor.

    It depends to some extent who is reading your resume as well. If its a HR drone then anything but the best known certifications (CISSP, CEH,CISA) wont help , but if its someone knowledgeable then it will be different - I wouldnt be convinced that a CISSP, CEH or CISA had any technical skills at all (absent other information).

    Quote Originally Posted by seven View Post
    Very good insight Lupin. I am just about finishing up my B.S in Info. Tech. with a concentration in security and I too was looking for certs I should go for. A lot of jobs seem to ask for CISSP, but from what I read, I too agree it seems more documentary. Forgive me since I'm not working in the industry yet (still looking for an internship, it's hard bleh) but are the remote-exploit certs well known in the industry? I really want to take them because they are hands on, but it would be great if they also help me find a job.
    They are better known now than they were a few years back, but they are still not that widely known, no. People who are aware of them generally have a very high opinion though. I think the PWB course and the OSCP exam are the best examples of a course and exam I have taken, and the OSCP exam in my opinion is probably one of the best tests of pen testing ability available (other than experience of course).

    The SANs certs are very well known and regarded, but I think the sheer number of them confuses people. The GSEC is the best known of the bunch, and I think its an excellent introductory computer security certification. The material will be a little easy for people who already have good knowledge in the area of computer security, but if you haven't done formal training it can help round out the rough edges and close some important knowledge gaps.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    8

    Default Re: Certs?

    Thanks a lot Lupin. I look forward to taking the PWB with my graduation money or just "social-engineer" my parents to getting it alongside my other graduation presents lol.

  9. #9
    Junior Member skidmarq's Avatar
    Join Date
    Jan 2010
    Posts
    88

    Default Re: Certs?

    A simplified viewpoint is that certs will get you an interview but experience will get you the job...

  10. #10
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default Re: Certs?

    Quote Originally Posted by skidmarq View Post
    A simplified viewpoint is that certs will get you an interview but experience will get you the job...
    Simplified, yes, but also true.

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 0
    Last Post: 01-11-2010, 07:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •