Hi guys

I want your advice.
I have a master degree in information and network security and I don't any previous experince in security field.

Could you guys recommend me a training center , in chicago if possible, to take courses in CEH and SSCP.

last question:
I have been thinking of CISM but it require previous experience, is there I can take it without experience as Associate CISM ?

thank u guys

Firstly, what is it you intend on doing in the long run. A CISM is a managerial cert while the C|EH is geared towards (wants to be) a pentesting like certification which introduces you to tools used in hacking/pentesting.

Its akin to you asking "I want to be a Registered Nurse should I take a nurses assistant class" if you will. CISM's differ from those who possess the C|EH, OSCP, OPST, etc., in the sense it tends to be more hands on with a lot of emphasis on "hacking" ethical for corporations/business. While the CISM, CISSP is geared more towards managing the information policies, etc.

SSCP is nothing more than a mini CISSP for those who don't really have enough years of experience, or enough knowledge of all CBK's to complete the SSCP. It's more of an associates with the CISM being more of a masters.

My advice, determine what it is you want to do. Want to push papers, read, tell others what to do, focus on the CISSP, CISM, CISA. Want to play with tools, do penetration testing, I would go with the following:

Pentester / Master Hacker route
Security+ (for starters)
CCNA - to learn / understand networking
Do a SANS course if you can, focusing on a specific, e.g., GPEN for Pentesting, GCIH for Incident Handling, etc.
OSCP - for a thorough overview of penetration testing
OPST - For expert level pentesting

Security Manager
CISA + CISM studies (they both can be done, they're both different certs though)
CISSP
CISSP - ISSEM
NSA IAM/IEM

Super Network Ninja / Pentester
Wait for us to finish the OWASP cert http://www.owasp.org/index.php/Category:OWASP_Certification_Requirements
OSCP
OPST
CCNP

Again, there seems to be a lot of misinformation/clarity between what certs will get you to which route you want to be at the end of the day. You mention two completely separate scenarions (CEH of SSCP) so figure out what you want to do and maybe re-ask the question.

J. Oquendo
sil at infiltrated dot net

Thank you guys for your responds, and I really appreciate it

don:
Thank you don, and I'll be contacting you soon and I'm looking forward to get more information about SSCP because it looks like they don't offer this course.


silxp:
man, I enjoyed reading your comments, it's was so clear and it was really helpful. Thank you so much slixp

My final destination is to be in the management side with some understanding of the technical side (not to be completely dump)

My point of taking CEH is to get some understanding of the current tools and this is what CEH is all about, it won't teach me about infosec anything. In term of management I thought about CISSP but I was afraid that I might need more time to study so I went to, baby CISSP, SSCP.
I knew that I can take the exam and be CISSP associate and once I have the required experience I'll be certified.

many people have told me that if you want to get to the management level, you should have some background in the technical side, not to mention that I don't have any previous experience and I think it's kind of impossible to be hired in Information security or security management or Risk Management field without experience so I'm doing CCNA + CEH to help me accomplish my goal.

My plane is to finish within 3-4 months CEH and SSCP or CISSP,and I'm studying 3-4 hours a day , What do you think ??

Since I have a master degree in information security, do I have enough time to study CISSP within 2-3 months or should I stick with SSCP ?? ( encourage me  and Thank you again)


Dark_Knight :
I was going to take the course with trainingcamp but the class in chicago was canceled, I don't know more about infosec.
My prof. told me about global knowledge, any thoughts

Thank you silxp and I look forward to hear from other guys.

If you're looking for resume fodder the CISSP/CISM will do that but neither will prepare you to provide strategic leadership to an IT shop.  Unless you fall into something (luck), Certs aren't going to compare to years of experience.

I guess as far as Certs go, if your goal is Information Security then I would consider GSEC or Security+ to get a foundation.  From there, you need to figure out the size of org that you want to move into.  For instance, if your goal is to join a small to mid-size company than you'll need to work to increase the breadth of your knowledge.  In large companies roles are specialized so I would consider looking at getting really knowledgeable about a single focused area (this would get you in the door and then you can move around from there).  MIS, SANS, or you’re local training center can usually provide specialized training for UNIX, Windows, or Network security.  Either way, once you get some experience than the mgmt doors should start to open.