Basically, get a lab at home and start researching some stuff, turn up at conferences, ask questions… Certs are fine but not where near the any replacement for independent learning.<\/p>","upvoteCount":0,"datePublished":"2014-03-11T13:43:01.000Z","url":"https://community.spiceworks.com/t/information-security-suggestions/284694/6","author":{"@type":"Person","name":"maxsec","url":"https://community.spiceworks.com/u/maxsec"}},{"@type":"Answer","text":"
Obviously the long term certification of choice would be CISSP as Gear mentioned above. That cert is a “master” level certification and is very demanding (5 years experience in 3 different domains, recommendation, crazy 6 hour test, etc). As a net admin looking to branch into security. Start with Security +, it is an entry level certification (although has gotten harder since I passed it back in 2008) and now has a continuing education requirement, I think.<\/p>\n
CEH is a good cert to have but often hard to explain to an interviewer I have found. GPEN works well as a substitute. Something about the word “hacker” that people done like, but you tell them you are a certified pen tester, seems to go over easier, just my2c.<\/p>\n
That should get you just about everything you would need to work at the senior information security level.<\/p>","upvoteCount":1,"datePublished":"2014-03-11T14:09:38.000Z","url":"https://community.spiceworks.com/t/information-security-suggestions/284694/7","author":{"@type":"Person","name":"ds52","url":"https://community.spiceworks.com/u/ds52"}},{"@type":"Answer","text":"
\nCEH is a good cert to have but often hard to explain to an interviewer I have found. GPEN works well as a substitute. Something about the word “hacker” that people done like.<\/p>\n<\/blockquote>\n
I think Certified Ethical Hacker is the most unfortunately named certifications out there. It doesn’t matter how many times or how many ways you try to explain what an ethical hacker is, people still give you the same kind of look as if someone took a dump in the punch bowl.<\/p>","upvoteCount":0,"datePublished":"2014-03-11T14:17:20.000Z","url":"https://community.spiceworks.com/t/information-security-suggestions/284694/8","author":{"@type":"Person","name":"toddadams7725","url":"https://community.spiceworks.com/u/toddadams7725"}},{"@type":"Answer","text":"
LMAO…good point.<\/p>","upvoteCount":0,"datePublished":"2014-03-11T14:23:09.000Z","url":"https://community.spiceworks.com/t/information-security-suggestions/284694/9","author":{"@type":"Person","name":"workaholic1","url":"https://community.spiceworks.com/u/workaholic1"}},{"@type":"Answer","text":"\n\n
<\/div>\n
Todd_in_Nashville:<\/div>\n
\n\nCEH is a good cert to have but often hard to explain to an interviewer I have found. GPEN works well as a substitute. Something about the word “hacker” that people done like.<\/p>\n<\/blockquote>\n
I think Certified Ethical Hacker is the most unfortunately named certifications out there. It doesn’t matter how many times or how many ways you try to explain what an ethical hacker is, people still give you the same kind of look as if someone took a dump in the punch bowl.<\/p>\n<\/blockquote>\n<\/aside>\n
yeah and the way they handled their own internal infosec snafu shows they aint doing their own stuff internally…<\/p>","upvoteCount":0,"datePublished":"2014-03-11T14:28:00.000Z","url":"https://community.spiceworks.com/t/information-security-suggestions/284694/10","author":{"@type":"Person","name":"maxsec","url":"https://community.spiceworks.com/u/maxsec"}},{"@type":"Answer","text":"
Any suggestions for a website that has sample questions for certifications (Security + specifically)? I remember, a couple of years ago, I took a Microsoft test and the test questions were almost word-for-word what was on the test however I don’t remember the website
I know a guy (LOL) who is looking at the infosec security jobs but would like some suggestions on where he might look to move to that carreer. He has been in IT for about 9 years starting out in helpdesk and is now a sys admin. Are there any suggestions on certification(s) that he might peruse?
6 Spice ups
CISSP +
Common Certifications for Security Analysts
1 Spice up
There are several good InfoSec certs he can go for. The first and easiest would be CompTIA Security+. Some dismiss CompTIA, but they are a foot in the door for many people. Beyond that, there are a couple of different tracks depending on whether you want to go the route of being a hands on practitioner or go the management route.
For the practitioner route (penetration testing, forensic analysis) you can go for CEH (certified ethical hacker) or OSCP (offensive security certified professional). For the management route, CISSP is traditionally the gold standard, but it’s hard to obtain and has been losing favor in recent years.
Some certs cover the spectrum of both management and practitioner. These are CASP (CompTIA advanced security practitioner) and CISM (certified information security manager).
You also have vendor specific certs like CCNA Security. These can be worth more in salary but also narrow your options when it comes to looking for a job. An employer that uses a mix of different vendors (Juniper, Brocade, Fortinet, Cisco) might look for someone that’s not Cisco-centric. But personally I still think vendor specific certs are a good idea.
1 Spice up
Thank you! Is Security + a prerequisite for CEH? I was looking at Security + since they recently updated the material.
No, they are administered by two different organizations. But I can tell you from holding Security+ and studying a bit for CEH, there is about 70% overlap in the exam objectives. CEH is obviously more focused on the tools and methods of penetration testing. Security+ is more of a broad, vendor-neutral overview of infosec concepts and practices.
1 Spice up
maxsec
March 11, 2014, 1:43pm
6
have a listen to the first segment on PaulSecurityWeekly from last week where Eve Adams talks on this
Basically, get a lab at home and start researching some stuff, turn up at conferences, ask questions… Certs are fine but not where near the any replacement for independent learning.
ds52
March 11, 2014, 2:09pm
7
Obviously the long term certification of choice would be CISSP as Gear mentioned above. That cert is a “master” level certification and is very demanding (5 years experience in 3 different domains, recommendation, crazy 6 hour test, etc). As a net admin looking to branch into security. Start with Security +, it is an entry level certification (although has gotten harder since I passed it back in 2008) and now has a continuing education requirement, I think.
CEH is a good cert to have but often hard to explain to an interviewer I have found. GPEN works well as a substitute. Something about the word “hacker” that people done like, but you tell them you are a certified pen tester, seems to go over easier, just my2c.
If I were going to do it over again, I’d do the following.
Security+
GPEN
CGEIT
CISSP
That should get you just about everything you would need to work at the senior information security level.
1 Spice up
CEH is a good cert to have but often hard to explain to an interviewer I have found. GPEN works well as a substitute. Something about the word “hacker” that people done like.
I think Certified Ethical Hacker is the most unfortunately named certifications out there. It doesn’t matter how many times or how many ways you try to explain what an ethical hacker is, people still give you the same kind of look as if someone took a dump in the punch bowl.
maxsec
March 11, 2014, 2:28pm
10
yeah and the way they handled their own internal infosec snafu shows they aint doing their own stuff internally…
Any suggestions for a website that has sample questions for certifications (Security + specifically)? I remember, a couple of years ago, I took a Microsoft test and the test questions were almost word-for-word what was on the test however I don’t remember the website
