Hello all,
I know several of you wonder which Security Certification to pursue and what is the most sought after.
This article gives an overview of the current state of security certifications.

Quite a good read over @ Security PipeLine

Are any of them available to people that aren't actually working in the security industry at the moment? (im a good for nothing student )

I was thinking of getting the CCNA but a friend who is in the security industry said it was a waste of time and money

You can Go For Security+ Certification. Its a vendor Neutral Cert which can help you.
Take a look Here

Thats an interesting read thanks.

I've got a few computer certs but my company is unwilling to help me do security certs because its not really in my job description so im looking to go solo for a few. CISSP seems a bit hard to do without support but CISA seems good, anyone here done it by themselves?

You can also go for the TICSA and the TICSE offered by True Secure now known as cyber trust.

I currently hold my CISSP and I am working on my CISA, planning to take the exam at its next offering in DEC.

Wouldn't say the the CCNA is a waste of time or money, it has one of the hightest pass marks of the certs out there and the weighting of the marks means that you need to know how to enter commands into the box rather than just answering the questions (You can answer all non simulator questions correctly and you will fail unless you get most of the simulator questions right).

I'd personally say that it provides a sound foundation (ie Networking) on which to build everything else on. Am surprised that anyone in the industry thought that the CCNA wasn't worth it...bet he hasn't taken it.

Security Certs hold an important function in todays day and age. Myself, it shows that someone is willing to take the time out to better themselves.

But when it comes down to nickels and sense, you can have all the alphabets behind your name. If you can't answer my questions or get past my physical hands on practical, the candidate for the job offered is useless to me and I have no qualms in addressing that factor.

If you say you've been doing security for 8 years plus and you can't answer something simple like what port can Back Orifice run on, I have no use for you.

Being able to comprehend whats in a book and applying it on paper is great, but if you can't do it in a real world situation all the book smarts in the world is useless if you can't physically apply it. JMO

I agree.

I hate to admit it, but I learned a bit when I studied for the CISSP. It was worthwhile just for that.

As for the salary jump, I'm still looking for it. I can't complain about my salary increases, but my cert had nothing to do with that*, even though management required me to get the cert. I know my increases were directly tied to my successes because that's what I was told. My cert has never come up in conversation since I got it (other than the original congrats).

So back to what Spookie says, it's all output and results, not certs.

* Yes, my sharpened skills helped me get the results for which I was rewarded, but the impact was fairly minimal. I think I could have done as well without the cert.

Got my CISSP last year and to be honest it was a waste of time :-(

Nice read, thanks for sharing.

But how valued are certifications in the industry ?

who ever uses backorffice anymore? Is this a history test spookie? lol :>

hmm i saw and old cissp and want to buy me the new one (as soon, as i've got money -.-) ... but is this book a book to the course cissp, where u can make a certificate (if u pass the test)?

greez

digital-flow

LoL Naw my brain is just freeze dried is all

I think thats how quite a few of us beardednose got to where we are today.

Tha paperwork for the wall hanger was part of the backend we needed to make the road to wearing the suit that much smoother. JMO

True, but I don't even have mine hanging up and it's not on my card yet (I haven't needed a new card yet and won't waste the money on new cards just to flatter myself).

I think the cert matters most when you're looking for a job or are trying to move way up. The only time I've seen certs help in your current job salary is if you work for one of those jerks who cares more about certs than skills.

Having said that, if you already have the skills, certs really help. That sounds stupid and unfair, but it's true. If you have just a cert and few skills, the cert helps until your lack of skills show. In that case, you diminish yourself and the cert overall.

Hi,
What you everybody has to understand is that -
Certification is valuable but provided you have the stuff proposed in the certification.
Always remember Certification is just the cream on top of the cake.
The main content is your knowledge, profiecincy and skill in that particular foundation.

DA**N BN ~~~ I NEED TO BUY YOU A DRINK FOR THAT ONE. WELL PUT, you hit it on the head!!

This is exactly what I'm worried about. I got my CISSP a few months ago, but I feel like I don't have enough skills. I was lucky to get this some-what entry level security job(access control) but I want to do more hands-on security like IDS or pen testing.

My company out-sources most of it's security so I really can't meet and talk with them about what they do.

I have heard that the OPST, OPSA, and the OPSE exams given by OSSTMM will soon be on the same level as the CISSP. Check it out

http://www.isecom.org/osstmm/

I have to say that the CISSP is very valuable when you are looking for jobs, some places only look for CISSP, some are just impressed by it, and others while they don't realy care they at least are happy you put time in on it. It has also helped me raise myself up to new heights and I'm currently looking at a Sr. Security Architect for a fortune 500 company due to it.

All my other letters don't hurt either. I must say that the GIAC stuff is probably the best as far as knowlege gained and funnest to attend. CCNA is great to get the basics of networking that any person calling themselves a security proffesional should have. CCIE is great and is the next on my checklist of certs, after that the CISA.

--P>G>>, CISSP, CCNP, RSA, JNCIA-FWVS, GCIA, DKLS, WEOIW, CAPIEW, PWOaD32, fzaET#023, BORKADORK (v3.2).

Thanks, Spookie. Why not just ante up by logging onto beerpal.com, select one of the bars near me, and then enter the amount of cash you're willing to provide. Just plug in my reference #98drinkingnose.

If you still want to come in person, that's okay too.

@Ph03n1xPr0j3c7

Pentesting experience isn't too hard to come by. There are so many free, quality scanners out there, like Netscan (lightweight), Xscan, Newt (by Tenable, allows only scan of subnet that your PC is on), and of course, Nessus. If you can load Nessus and get it working on a *nix box, you're growing.

However, make sure:
1) You have WRITTEN authorization to scan your network at work...I wrote a thread on this and gave an example of such an authorization. (see Authorization to Hack
2) You're careful not to crash any systems. Always test first on your own machines; don't use the attack and denial scripts/functions.

IF you aren't able to scan at work, then do your own systems, your friends systems, those of your church, civic organization, etc. Volunteer!

While there's a lot more to pentesting than doing simple scans, you can lean a lot from scanning and digging into the issues that surface.

There's all kinds of pentest methodolodies all over the google.

I'm always big on voluteering anytime I want to learn something new and no one will let me do for pay. When you volunteer, even for free, you win and the organization you vol for wins too.

The stats on the CCIE seem to be a bit off, last i heard which was only few weeks ago from an instructor who just got his ccie there are under 30k ccie's in the world. ccie = god of networking certs. 100 questions written exam + 8hour lab. and yah its only about 1600 bucks...lol. CCNA is not a waste of time..its 20x times harder to get then security+ all the questions on the security exam can be found on testking ..lol. CCNA shows employers you know how a network runs, how to troubleshoot and how to configure. Also during the CCNA exam you get simulations where you have to configure routes..ect. There is like a database of 500+ questions you might get asked and the test is self adapting so if you screw up in an area you get more questions relating to that area. The exams only 50-60 questions.

I just found your tutorial on Auditor and installed it on my laptop. I'll be playing with that for awhile on my own network.



I really doubt my company would like me hack their networks. I was thinking about going to Independent School Districts (ISD) and help them with their security. They can't afford security and the skiddies hit them frequently.

Ask 'em.

But you're right. The sad truth is that 1) they don't want to know and 2) they're afraid of what you'll find. And 3) they don't plan on fixing it.

The saddest part is that even a lowly skilled person can get into most companies, especially once you're on the inside as a temp or contractor, or even a visitor!

ANy chance you could link me to that tutorial. I heard someone else talking about it but i couldnt dig it up
Thanks

http://www.governmentsecurity.org/forum/in...showtopic=13491