EH-Net

The year is almost over, so I'm curious what your certification goals are for 2012. :)

Were you able to achieve all certification goals you've set for 2011?

I was planning on taking CCNA this year, have the voucher but have had a hard time getting motivated to do it. I keep getting drawn back into web and mobile app security learning. I may schedule and sit the exam and throw the dice but I'm finding exam preparation keeps eluding me.

I'm probably going to do GCIH (http://www.giac.org/certification/certified-incident-handler-gcih) in Orlando (http://www.sans.org/sans-2012/) so I can Mentor it internally for my organization, but other than that I plan on focusing on appsec exclusively. I'm finishing up Mile2's CSWAE (http://mile2.com/mile2-online-estore.html?page=shop.product_details&flypage=flypage.tpl&product_id=144&category_id=6) now and plan on doing the exam in January. After that, I'm not sure what I'm going to do next. I have CSTP (http://7safe.com/ethical_hacking_courses-hands-on_2.htm) and CAST (http://7safe.com/application_security_training_course.htm) on my radar (from a previous EH-net Fishnet contest) and if they ever actually hold their scheduled Tampa class I'll sit that. I'm highly considering some independent coursework at my local college or a masters degree just so I can steal some time back from my wife so I have time for code. More than anything, that's what I need.

Plan on finishing up the OSCP.
CCNA and CCNA Sec and taking the CCNP routing class in the fall and in order to pass the class you have to pass the 642-902 ROUTE.
I also want to get a Microsoft cert to get my MCSA sec going, maybe xp or windows 7.

Well with the new job (99% it's mine) I will do the ACE, CCE, CCFE, and possible the EnCe.  I would still like to to Net+, CIH, and then my Mater's degree will be done.

My wall of certs should be full by then.

Yeah got 4 more classes myself till my masters is done.

2011 I got through CCNA, which was the big work-related one, then I had CEH on my plate but got distracted by a college class that took more time than I'd have liked. 

In 2012 I plan on working on CEH over the next month or so, then starting up CCNP next summer, hopefully taking ROUTE or SWITCH by Cisco Live in June.

2012: finish OSCP, do mile2's DRCE and then study security architecture. Maybe I'll do SANS 501 (if company pays) or CISSP ISSAP.


2011: done the OSCP course and GWAPT. I read a lot of books, and I have many others on my shelf.
BTW, there is a new editin of TCP/IP illustrated. This a must read for any IT guy.

2011 first security cert OSWP

Already Booked
2012 Refresh of the OSWP
2012 SFME Security Metasploit Framework Expert

Booking Soon
2012 eCPPT

After this I hope to maybe taking these
OSCP
CREST CRT I do the CREST TL one in about 3 years

Then once I have done these I am not sure what to do as my company don't like paying for course so everything out my own pocket. Hence most course I go for are cheap that are affordable.

for 2012 i plan to do OCSP and later if i have time and money maybe OSWP

I know I want to take the following:

CCNP:S
OSCP

That'll take me to about June or July or so.

After that, things get interesting. My heart says go for CCIE:S but my head says do CCNP R/S. There is also the issue of my desire to do CWNA and CWSP.  I also want to do linux+ (since I am taking a linux course for school) but that may have to wait. What would help me the most at my job would be CCNP R/S (along with CCNP:S and OSCP) then some sans courses.

Going to attempt the mile2 CPTE but probably will not make that a major goal.  It depends on how the course pans out.  So far I am a little unimpressed with the content (out-of-date).  For next year it really depends on if I move from contractor to FTE at the job.  Then I will gear it towards their requirements, which may mean CISSP.  Personally I would love to shoot for OSCP but I think I am a bit weak in some of the pre-reqs so I may end up focusing on strengthening my scripting skills and work some of my pen testing lab VMs until I think I am comfortable enough to go for the class and exam.

So Job wise: CISSP (possibly) maybe GCIH
Career wise: OSCP

Should be an interesting year either way.

2012:

- CHFI (at least study the material, I don't know about actually taking the test)

- GCFA

- ACE

- OSCP

- maybe some more computer forensic certs..

Hopefully the money situation will work out, so I can get all of these!

Going to work on CSWAE (that I won in the Mile2 giveaway.)

Also going through the updates in eCPPT's materials (I LOVE lifetime access to a course!  One BIG benefit to eLearn's program...,) and actually taking the exam, if things line up this year (car accident, last time around, put me out of commission for a bit.)

Then we'll see what else is in-store.  Have a lot of ideas, but have to see how schedule is going to work out, this year.

Either way, should be a fun year!

Here's my tentative list for 2012:

• OSCP (just started on 12/10)
• OSWP (April)
• CEPT (May-June)
• ECSA (debating..)
• CCNA:S (December)

I have to say I'd like to give a big shout out to the www.ethicalhacker.net forum because I had generally given up on certifications but talking w/ you folks every day excites me to go after a few!

I think I will go for eCPPT, OSCP, CISSP in that order. I have been studying for CISSP for a year and think I need a mental break from it.

A lot of people planning on doing OSCP it would be cool if EH members got discount :P

 :D
I had the same idea

Awaiting for the same if any discounts for EH.net community with OSCP..
2011 - SWSE - joined for it, possibly will finish in first quarter of 2012
2012 - OSCP (To learn in depth)
2012 - SMFE
2012 - followed by CEH/eCPPT (Optional, if I complete the above two)

Jamie's idea of CREST/TIGER interests me as its recognised in UK. But haven't thought about it as its on long way ...
THanks
Vp

I didn't manage to get any of my cert goals dealt with this year. Most of next year is going to be focused on going back to college (at 34).

@chrisj - that's an admirable goal, in and of itself.  Good luck!

I have changed up my 2012,

I am not going for GCFA, I will be taking a digital forensics masters course instead

I want to go for CISA, CISSP and GSEC (to get GSE)

That's probably because like me, you've ran into too many people who go brain dump and get a cert just to try and look more impressive for a job. The ladies and guys on this forum tend to care less about the actual cert (though we brag when we get it) are really more interested in the content of the cert and actually learning something.

If I'm lucky, and get all the classes the first time around, I should be out in 5 years. sigh.

Sums it up. I see to many people who in my opinion devalue certifications but around here it seems as if people place great value and pride into them.

I only did eCPPT, CISM, and GCIH this year. I was hoping to also have OSCP and OSWP, but I just wasn't able to squeeze them in. I'm telling myself I subconsciously procrastinated to space out those CPEs ;)

I'm definitely going to take those on in 2012 I already have the materials and hate having things hanging over me. It looks like OSWP was updated since I last looked, so I'll have to get the upgrade materials for that one.

I'm debating CRISC because that'll round out the ISACA hat trick (I don't care about CGEIT). I also need to do GCIA and another GIAC cert or paper to become GSE-eligible.

I'm also focusing on finishing my degree. I just need to test out of a language (working on Japanese), and I'm done. I moved out of state for work and have been traveling a lot, and I just haven't been able to knock out those last two courses.

Edit: What the hell OP? You can't just throw out a question like that and not give a response yourself ;)

This forum definitely boosts the initiative to go for the certs.  I've certainly been more interested since being here.  Usually $$$ is what is holding me back though I try to find the money somewhere.  It would be nice if SANS offered up some payment plan but I think they are used to dealing with corporate environments rather than the individual self-employed type or contractor.  Thankfully there are more affordable options out there and even those that will cater to payments.

You know you can challenge the exams, right? While $899 isn't cheap, it's still much more affordable than $4k. You just need to put in all the work of learning the material on your own ;)

For someone who has a good handle on the material and is just looking for the credential, it's a pretty good option.

True as well, but slightly more risky whereas by attending the course you'd have not only the benefit of the instructor but the actual course material/notes.

Well my boss helped me make this decision. CCNP,CCNP:S and CCIE:S written it is for this year. Maybe a training course. We will see.

Really???  Your boss is pretty confident in you, to throw CCIE:S in AFTER the other two.  I wish you well!

Edit: meaning that's a lot, for one year, but if you're up to the task, I guess...

Oh I probably won't get CCIE completely done next year. Just the written. Although if I don't do CCNP:R/S.......

At any rate that is my 18 month goal (CCNP:S,CCNP,CCIE:S) with OSCP possibly mixed in there.

haha, true, but yeah its a bit risky.  Besides I would much rather hit the class since they are good classes.  I still studied for another 3 weeks after I got my GCWN.  If I am going to drop 900 bucks I'd rather put it towards OSCP course and test.  Besides SANs is nice enough to give you "Free" iPads and knock off 400 bucks of the exam when you take the course :D

I'm not sure, but most probably it will be:
* ECSA/LPT
* OSCP
* CEPT
* OSWP
* GPEN or OSCE

Holy aggressive batman

He's a cylon...

It isn't really too much imo (but I could be talking out of the side of my neck). I work with Routers and Firewalls everyday in a somewhat deep capacity. I am sitting my first CCNP:S exam next month (and the second one in Feb). There is a possibility that I will not do CCNP:R/S and instead go for CCIE:S and OSCP. We will see. That extra 600 for exams could go a long way for study material.

The OSCP is something that I want to do just so I can have some horsepower behind my Network Security certifications. I think many Network Security guys are strictly theory and I don't want to be that way.  Plus it will really help with my IPS studies (knowing what types of attacks are really out there, how to do them and how to defend against them).

I am set for:

OSCE (taking on Christmas day)
CCNA
OSWP (upgrade to version 3)

Still trying to figure out what web application security courses are affordable and still good.

This year should hopefully be busy for me.

My certification plans for 2012:
Linux+
Network+
Security+
CISSP

I still have that CPTE that I need ti finish up and take the exam for, but not exactly part of my 2012 goals. I may try to take that in January, hoping to take the first part of Linux+ exam in early February.

Agoonie I have not seen any course that are totally all about web apps that seem good I am hoping security tube will do one soon.

Yeah I have not seen any either.  I think Joey McCray has a course in Maryland I would love to attend but it is really expensive.  I know my company is not paying for that one.  He has a cheaper one on SQLi for 400 bucks in January but I wont be able to do OSCE and that, at the same time.  OSCE is hard enough. :)

Well im taking a break for the moment, I was recently in contact with a guy who has some programming experience, and I am hoping we can work out a mentorship deal.

IAC I am considering perhaps OSCP this year, if anything. I would be interested in seeing the Hacking Dojo material though as well.

He also offers online courses that are extremely affordable. It looks like the WebApp course is getting a refresh in March: http://strategicsec.com/services/training-services/online/

CISSP for sure. Hopefully before summer starts.
I need to take a Cisco so I can keep what I have current so I am going for the CCNA-Security.
I am also going to shoot for the Pentest Pro from eLearnSecurity.
And last, maybe try for the Wireshark Packet Analysis

Thats all, for now....

Thanks.  I was looking at that page a while back but it is nice to know they are going to update it for the new year.  Sweet.  Hopefully I am done with the osce by then.  It would be a nice transition.  Of course, I am finding new ways to put off the ccna, oy vey....

LPT, probably self study for a change, after that i think eCPPT would be fun :)

Since half of the year is already over... how is everyone progressing with their certification goals?

2 college classes down, I said I was going back to school. Trying to get into the digital forensics 1, but having some problems. I got the pre-req class waved but now I need an override to get in. Also doesn't help that there are limited number of seats due to the class being split with the Grad students.

I got the Elearn Sec class but haven't had as much time to work on it as I thought I would. Preping for a con does that. hopefully get better results in the next 2 months.

I've been swamped with stuff but began a six week class via Stanford

I've been in school so I haven't had time to focus on certs.  Four classes down so far this year: Forensics, Software Architecture, Network Security, and Security Management.

CISSP ISSAP done

This week I am doing SANS 504 - Incident handling (I will write a review when I'll finish it)

OSCP still to come

For the second half of 2012:  probably I'll try to pass GPEN. I would love to do a course in mobile security and/or intrusion detection. I still try to come up with the budget for one of them.

I was also thinking about the Corelan training, but I don't know if I can apply the knowledge in the real world (and... If you don't use it you'll lose it  ;) ).

If Offensive Security will have an online version for their web course I'll do it. If not... probably next year in the Caribbeans.

I was told that their Advanced Web Attacks (http://www.offensive-security.com/information-security-training/advanced-web-attack-and-exploitation/) course will become available in an online format by the end of the year. :)

@awesec - cool

I also forgot that I registered for the python course - SPSE but I really didn't had the time to go further than the first 3 videos. This one also is on my short list.  ???

Wow, I missed it by a long shot. Abandoned Linux+, Network+, and Security+. Just passed CPTE a few days ago. Studying for CISSP, hopefully will attempt the exam within the next 90 days. :P

It's been a busy year for me so far, gotta catch up.

GWAPT and OSWP are down. I'll hopefully do OSCP and GCIA by the end of the summer. I recently started a new job and will be moving, so things have been on hold for a bit.


I may start this or OSCE later in the year if I can get everything else wrapped up.

Not sure if it will happen this year, but probably going to get EnCE, boss wants me to take some classes.  Not on the path I was shooting for, but sometimes work goals trump personal. 

Ok, I'm late to this part but here goes.

Until three months ago I had no college experience and zero certs. The college will likely never come but I've been going all out on certs and have acquired my GCFA, CCFE, CHFI, CUCE (a mobile device forensics cert) and ACE. My plan for the rest of the year is to take my A+ test at the end of August, spend September and October prepping for and taking my Network +, spending November prepping for my sec +, taking the InfoSec Ethical Hacking course where I'll grab my CEH and CPT and then taking my Sec+ test right after that.

It will be a crazy few months and very costly but I'm having a blast learning. I'm really proud of what I've accomplished so far and looking forward to the next few months.

@azmatt

A+, Net+, Sec+ ??? Are you such a newbie?

They could help you get a job as a help desk, but... they are far away from security.

If you are new in IT ... they are a good intro, otherwise... go higher.

My opinion.

I've been playing with computers my whole life but never did much with networking. I'm grabbing those three not to try to get a job but to make sure I have the baseline material for the "real" certs I plan on taking. Those 3 are 100% for me and my general knowledge level so I'm trying to knock them out asap.

In this case Good Luck!

And try to keep your eyes on the ball!

Aww, I did miss this topic. Earlier this year I passed CCNA and CCNA Security. Now I am looking at some pentest course, OSWP/OSCP/eCPPT. Not sure yet which ones I gonna take, all have pro's and con's. The only one I know for sure is OSCP but I have to schedule some holidays then haha.

Later this year I have to do Prince2 Foundation and TMAP Next Test Engineer. As you can imagine they are not my favorite ones so I have to throw a pentest cert in it to keep myself happy.

Gearing up for the PWB course. Hope to start this fall sometime.

This thread is NUTS !!!  :o

I'm just hoping to be able to finnish the OSCP exam in 2012 :-)

I have changed my plans a little bit due to carreer oportunities/requirements. Right now I am prepping for CISSP since it allows me easier access to some interviews. Aiming to get certified somewhere in Oct I think. Some domains have a lot of overlap with my previous studies.

After this I do either OSCP or pursue a Bachelor degree (which has Prince2/TMAP amongst other certs).