Your opinion(s) and information on certifactions.

[chap0]

I would agree with Lupin and what he has posted, I currently have th CEH and if people do not know really what the cert is about then it sounds impressive but the CEH cert is mainly tool driven and that does not count if you know how to use them or not I have done some looking into some of the other certs mentioned above also and have seen plenty of job descriptions that require CISSP, again this is a known cert and will help but this cert focuses on documentation. I think if you want to know real info sec and want to certify in something either the GPEN or OSCP which either one is next on my list. Just my .5 cents

[IAMZOMBIE]

I started studying for the CISSP but quit for now, simply because it's so boring.
From what I read(first two chapters of AIO), it has nothing to do with pen-testing.
But like others have pointed out, everyone knows the CISSP name. The other certs, even people in the filed don't necessarily know anything about them.

[enc0de]

This my story and in need of good guidance. Do I have to know any programming languages to get any IT Security certificate.



They know I'm not that experienced thats why they are willing to pay for my courses plus even though its a big company. Well let me explain it better the company is my uncle's and his friend, witch is related to the King Abdullah of Jordan so my family is kinda well known so they want to open up a company for me out here and I want a IT Security company first they want it to be a part of there company so i can get experience then if everything goes well I'm set. Even though It's easy for me I still want to know what I'm doing and not one of those idiot that don't.

Thanks and looking forward to your feedbacks.

[Archangel-Amael]

This my story and in need of good guidance. Do I have to know any programming languages to get any IT Security certificate.
Thanks and looking forward to your feedbacks.

As for this question you will get a variety of answers. Here is a recent story on the topic, which I do happen to be somewhat in agreement with.
SkullSecurity

[hhmatt]

As for this question you will get a variety of answers. Here is a recent story on the topic, which I do happen to be somewhat in agreement with.
SkullSecurity

They went on somewhat of a rant but makes several good points. Now I don't feel as bad for not knowing everything but knowing a few things well.

We are all in a learning phase. Even when we think we know everything about a subject we will soon find something new that we didn't know. That is one of the reasons it's hard to teach penetration testing because tomorrow that information could be outdated.
Thanks for sharing.

[chap0]

I started studying for the CISSP but quit for now, simply because it's so boring.

@IAMZOMBIE

I think this would make me quit too

[wif1bust3r]

Hi,

It's been a while. Apologies if this reply is a bit too late.. One thing I realized regarding one's career path, if you want to make something for yourself... you can either stick to what you love doing, be an expert in it, and do it for the rest of your life, or be what I call, "jack of several trades", do what you love doing, but at the same time, be open to changes and adapt to your current environment so you'll have more opportunities for career growth.

The first job I got into was in networking, working for ISPs, configuring proxy servers, routers, dns/mail servers and firewalls. Then I got into IT security but my area was limited to attack and penetration testing. Now in the company I'm working for, the higher management said we (our service line) are no longer going to accept jobs where there are so many competitors offering the same for lower rates. And that includes penetration testing, vulnerability assessments and IS audits. At first I thought, i'd rather look for other opportunities elsewhere than do something which I find boring. But then I realized, this is how a company is supposed to think. Focus on whichever makes the most sense to keep the business going. That is how an employee is supposed to think if he wants to grow and be able to contribute to the entire organization. There are two colleagues of mine which are two levels above me. Senior guys. They're making twice as much as I am, yet non of what they're doing are what I would consider more complicated (something that requires more time studying) than doing what I've been doing since I started my career.

It's the fact of life. I think there are two highest paid IT individuals. One, those who are doing boring jobs like Business continuity, IT strategies, architecture reviews, IT governance, enablement and IT service management, transformations, assurance and risk management consultancies; and two, those who are technically experts in their chosen area, like a CCIE consultant working for a big telecom company, a computer forensic expert working for a law enforcement agency, or a really talented programmer working for Google.

As for my career path the future seems bright. There's a lot of room for growth in our company. I just have to beef up my credentials, keep learning as I did in my technical jobs and work my way up the ladder. Once I have enough money, I'd invest them into business, go home with my family and let the money work for us.

Though I also found CISSP boring like the last poster, after passing the exam last month, I couldn't be happier since the fiscal year is ending and I already got one thing on my side which might help me get promoted, and probably change the way they look at me, just some technical guy on his mid 20s, who only knows how to talk to computers.

After CISSP, my next targets in no particular order are: CISA, CISM, ISO 27001 lead auditor, ITIL, CBCP, and a few SANS technical information security certs, like incident handler and forensics.

Hope this helps anyone.

[daffyduc]

when we were hiring a systems admin the way we were presented resume's was after the HR folks went though them. I went and asked for th stack they threw out. the HR folks basically threw away all the resume's without certs before they ever got to the IT department for review. I am sure we are not the only place that does that....

certs get you past the people who do not understand the rest of your resume. simple as that.

btw we ended up hiring someone who did not have any certs but the right experience. ... most of the people we interviewed that had certs but little experience did not know what they were talking about.... they knew the terms and the lingo but thats about it. I had an one guy tell me dns farms out Ip addresses... I was astonished.... this is someone with a BS in computer science and multiple certs including MSCE.... I assumed he misspoke until later in the interview I realized he really just had no clue.

my opinion would be to finish at least a associates and get an entry level position with a decent size company. Get a few basic certs... but I would consider someone with a cissp and no experience or college for an entry level position... not anything more until they proved themselves. In fact putting them in a higher position would be a liability.

best of luck...

(Sent from blackberry)