January 8, 2014 at 4:57 pm #8640Jamie.RParticipant
I am after some advice on certs, I currently work in the UK as a pentester but would like to move to the USA sometime in the future. So just wanted to find out if there are any certs that are required by USA pentesting companies before employing someone from another country ?
Thanks for the help
January 9, 2014 at 6:28 am #53748unicitydParticipant
I don’t think there is any cert that employers will want to see on account of your being from the UK. You just need to look at what would be helpful to any pen tester for getting hired.
I don’t know what employers look for in the UK, but in the US the CEH is probably the most widely recognized pen testing cert. It’s supposed to be relatively easy to pass and will help you with HR and hiring managers. If you’re able to pick up additional certs, the OSCP and the eCPPT are good choices; they both require a hands-on/practical test and pen testers tend to respect them more. The SANS certs (e.g. the GPEN) are also very good to have, but they are expensive to acquire unless your employer is footing the bill. I think live attendance is around $4k or so.
If your skill set is focused on networking (as opposed to say web apps), the CCNA is another good add-on. It’s fairly well regarded by HR and by technical folks. The basic CCNA isn’t focused on security, but it shows you have the basic networking/infrastructure knowledge that most employers will want you to have alongside your pen testing skills.
I wouldn’t recommend the CISSP in your case; at least not now. It’s sought after by many employers, but it’s not very technical, not specific to pen testing and (since you are from outside the US) it won’t be able to help you get one of the many security jobs available with the US government or US defense contractors.
Short version: Get the CEH then try to follow up with the OSCP, eCPPT, CCNA or a SANS cert (your pick).
I know you’ve been around here for a while so I may be telling you what you already know. Still, I hope I gave yo u something helpful.
January 9, 2014 at 8:39 am #53749Jamie.RParticipant
Thanks for the reply I was just asking as in the UK the two main cert’s to get are Tiger and CREST and even tho in the UK you can get a job without these certs by having them increase your chances. I was trying find out if there were any certs in the USA that were required so I can start working on them in next few years.
I already have some of the eLearnSecurity certs and OSWP. I am hoping to do OSCP this year and maybe the new eLearnSecurity mobile cert.
I never really been interested by CEH I think because most companies in the UK that I have come across don’t really value it so never seen the point of doing it. I also thought about doing CISSP many times but as you say its not really technically and not really a pentesting cert so never seen eh value in it and always tried to go for more hands on pentesting certs.
I also plan to move in few years so I hope by then I should have good few years of pentesting under my belt.
Thanks for the advice.
January 13, 2014 at 10:41 pm #53750dynamikParticipant
CEH and CISSP will help you get your foot in the door when working with HR and recruiters. Specialized technical certs, such as OSCP, will be more likely to impress the people you interview with. It helps to have both.
You must be logged in to reply to this topic.