Notifications
Clear all

Advice on Security Certificate

chienchat
(@chienchat)
New Member

Hello everyone,

I have got my GCFA certificate recently, and I would like to expand my vision to the network forensics as well as ethical hacking. It seems that CEH is a certifiacte mentioned everywhere, but I think it is a entry-level one, so I am thinking to jump over it and head directly to Offensive Security Certified Professional(OSCP). I ould like some advice on these two certificate, especially on the difficulty and the recruitment market reviews. Meanwhile, I am also thinking of CISA, however, without any audit background, I am hesitate to jump in.

Quote
Topic starter Posted : 02/11/2017 12:03 pm
RolfGutmann
(@rolfgutmann)
Community Legend

CEH Certified Ethical Hacker is in Switzerland kind of worthless, was good in 90s. Be aware that OCSP also stands for Online Certificate Status Protocol which is a technical and not personal certificate related to CRL Certificate Revocation List.

ReplyQuote
Posted : 02/11/2017 3:16 pm
chienchat
(@chienchat)
New Member

CEH Certified Ethical Hacker is in Switzerland kind of worthless, was good in 90s. Be aware that OCSP also stands for Online Certificate Status Protocol which is a technical and not personal certificate related to CRL Certificate Revocation List.

RolfGutmann, thanks for your advice. I should have clarified that OSCP that I mentioned is Offensive Security Certified Professional. Also, do you have any advice for any other certificates worthy to get than CEH?

ReplyQuote
Topic starter Posted : 02/11/2017 3:24 pm
RolfGutmann
(@rolfgutmann)
Community Legend

Difficult to say but maybe you can check about Certified Information Systems Security Professional (CISSP). But very helpful is if you get certified by e.g. Cellebrite. Their certifications are high-value.
In the U.S. I guess more SANS certs are required. But in Europe less.

What certs are in U.K. fine?

ReplyQuote
Posted : 02/11/2017 4:05 pm
athulin
(@athulin)
Community Legend

I ould like some advice on these two certificate, especially on the difficulty and the recruitment market reviews. Meanwhile, I am also thinking of CISA, however, without any audit background, I am hesitate to jump in.

OCSP is fairly well regarded in security-testing circles. It's a tricky certificate though, so be prepared to fail the first dozen times you take it (partly joking, partly serious). Unless you really know your stuff already.

CISSP is really a management certification (project leader who knows security), and is very wide and very shallow. Oddly enough it's in demand, so CISSP may actually be something you need, but its mostly because it's not well understood. (I used to be a CISSP, but dropped it just because it pulled me towards project leader tasks. Things may have changed, however.)

CISA is often what CISSP people take if they lean towards auditing.

GIAC certificates … are in my opinion not worth much. They're largely a question of information retrieval, unless SANS and GIAC are getting their act together.

As for recruitment market … it's a local thing. Read ads for whatever jobs you're looking for. I warn you that I doubt that any of the certifications mentioned are in high demand in computer forensic circles.

ReplyQuote
Posted : 02/11/2017 8:11 pm
chienchat
(@chienchat)
New Member

Difficult to say but maybe you can check about Certified Information Systems Security Professional (CISSP). But very helpful is if you get certified by e.g. Cellebrite. Their certifications are high-value.
In the U.S. I guess more SANS certs are required. But in Europe less.

What certs are in U.K. fine?

Thanks, but I think CISSP is not yet in my picture at this moment. I don't want to push myself to the road of InfoSec manager. As for vendor-oriented certificates, I am not that into them. One important reason is that the price are quire high and different employers adopt different softwares. I still prefer the vendor-neutral certificates if I have to pay for it.

ReplyQuote
Topic starter Posted : 03/11/2017 8:13 am
chienchat
(@chienchat)
New Member

I ould like some advice on these two certificate, especially on the difficulty and the recruitment market reviews. Meanwhile, I am also thinking of CISA, however, without any audit background, I am hesitate to jump in.

OCSP is fairly well regarded in security-testing circles. It's a tricky certificate though, so be prepared to fail the first dozen times you take it (partly joking, partly serious). Unless you really know your stuff already.

CISSP is really a management certification (project leader who knows security), and is very wide and very shallow. Oddly enough it's in demand, so CISSP may actually be something you need, but its mostly because it's not well understood. (I used to be a CISSP, but dropped it just because it pulled me towards project leader tasks. Things may have changed, however.)

CISA is often what CISSP people take if they lean towards auditing.

GIAC certificates … are in my opinion not worth much. They're largely a question of information retrieval, unless SANS and GIAC are getting their act together.

As for recruitment market … it's a local thing. Read ads for whatever jobs you're looking for. I warn you that I doubt that any of the certifications mentioned are in high demand in computer forensic circles.

Hi Athulin,

I do agree you that CISSP is not an ideal choice for people who want to go for the technical path. Actually I am considering OSCP and CISA at this moment. Personally I enjoy the pen-testing direction, but most of the advice that I got from others shows that CISA has a more opportunities in the market. What do you think about these two?

ReplyQuote
Topic starter Posted : 03/11/2017 8:17 am
athulin
(@athulin)
Community Legend

Actually I am considering OSCP and CISA at this moment. Personally I enjoy the pen-testing direction, but most of the advice that I got from others shows that CISA has a more opportunities in the market. What do you think about these two?

OSCP will certainly give you a technical challenge, and if you like penetration testing, you are likely to have the motivation necessary. Other pen testers are highly likely to know it, while management may not always have heard of it.

CISA is more information security-related, and if you can find their exam objectives anywhere (I find them in a study guide), you'll find topics such as 'knowledge of contracting strategies', as well as various technical topics in IT security, similar to what CISSP has.

In order to take a CISA cert, you need "a minimum of 5 years of professional information systems auditing, control or security work experience" (although there are several waiver possibilities).

I can't judge marketability well.

ReplyQuote
Posted : 03/11/2017 4:45 pm
chienchat
(@chienchat)
New Member

Actually I am considering OSCP and CISA at this moment. Personally I enjoy the pen-testing direction, but most of the advice that I got from others shows that CISA has a more opportunities in the market. What do you think about these two?

OSCP will certainly give you a technical challenge, and if you like penetration testing, you are likely to have the motivation necessary. Other pen testers are highly likely to know it, while management may not always have heard of it.

CISA is more information security-related, and if you can find their exam objectives anywhere (I find them in a study guide), you'll find topics such as 'knowledge of contracting strategies', as well as various technical topics in IT security, similar to what CISSP has.

In order to take a CISA cert, you need "a minimum of 5 years of professional information systems auditing, control or security work experience" (although there are several waiver possibilities).

I can't judge marketability well.

Thanks for the tips. THe experience requirement of CISA is indeed a problem for me. Maybe I will just go for CFE for now.

ReplyQuote
Topic starter Posted : 06/11/2017 9:34 am
Share: