- This topic has 21 replies, 12 voices, and was last updated 10 years, 4 months ago by
.
-
Posts
-
-
http://certmag.com/read.php?in=3950
Here are the four most in-demand certifications, according to Robert Half Technology’s staffing and recruiting professionals across the United States
…
…CISSP…
…MCSE…
…PMP…
…CCNA…Looks like a good list to me.
-
-
-
@Determ wrote:
What do you think about ISO/IEC 27001:2005 ? After passing final exams, participants receive accredited certification with title “Information Security Manager” and “Information Security Auditor”.
It looks good on paper, but I’m unfamiliar with what is actually tested and what it takes to pass so I can’t say one way or the other. Have you passed this (or has anyone here taken this)? What is it like?
-
Yeah, while it’s not, IMHO, as valuable to me, ‘technically’, ‘politically’ I plan on pursuing CISSP in the near future, myself.
The one on that list that I find interesting, is CCNA. While I see a number of posts for it on job boards like Monster, etc, even more often I’m seeing CCNP-styled job postings, where they want more than the average CCNA is going to have.
-
-
Even though I am a CCNP, I see CCNA more valuable in the manner of knowledge and expertise necessity. CCNP is definitely a targetted cert towards Network Engineering, just like CCSP is for Cisco Security etc. On the other hand, CCNA is a must-have-this-knowledge cert as it provides necessary know-how to everybody regardless of getting a job on Network Engineering.
If I were a recruiter I would value CCNA for every IT/Telecom professional. I would value CCNP only for routing-switching roles.
So CCNA to me is sth like a prerequisite cert in the sense of providing very fundamental and important knowledge (TCP/IP).
-
@Hordakk wrote:
Even though I am a CCNP, I see CCNA more valuable in the manner of knowledge and expertise necessity. CCNP is definitely a targetted cert towards Network Engineering, just like CCSP is for Cisco Security etc. On the other hand, CCNA is a must-have-this-knowledge cert as it provides necessary know-how to everybody regardless of getting a job on Network Engineering.
If I were a recruiter I would value CCNA for every IT/Telecom professional. I would value CCNP only for routing-switching roles.
So CCNA to me is sth like a prerequisite cert in the sense of providing very fundamental and important knowledge (TCP/IP).
Right. Even if you’re an MS systems admin, having CCNA-level will help you out. We strictly provide security services, yet we require all analysts to have a CCNA. If you don’t already have it, that will be the first thing you’ll be required to work on.
-
-
-
At InfoSecurity a few months ago I had the chance to talk to a bunch of big-time IT security managers, and suprisingly they all agreed that OSCP is one of the cert’s they hold in highest regard.
It’s not suprisingly in itself, since OSCP is obviously awesome (looking at all the reviews), but I was surprised to see that it already has great value in the manager/recruiting world.I actually noticed it again in a recent job interview, where they explicitly asked for it.
In short: I’d add that to the list 🙂
-
@Anquilas wrote:
At InfoSecurity a few months ago I had the chance to talk to a bunch of big-time IT security managers, and suprisingly they all agreed that OSCP is one of the cert’s they hold in highest regard.
I actually noticed it again in a recent job interview, where they explicitly asked for it.
In short: I’d add that to the list 🙂
I had the same preception, I planned eLearnsecurity > CEH > OSCP
I already beging with eLearnsecurity
-
This has been my plan for the past 3-4 years when I pretend to myself I will stop slacking:
CCIE(s) (of note… I’ve actually studied for +10 years now on this… Google sucks! http://www.mail-archive.com/cisco@groupstudy.com/msg04919.html)
CISA + HISP (to annoy)
CREA || GREM (find it fun/interesting)
OPSA + OPST + ISRM (more geared towards reality for me)CCIE(s) I’ve been fiddling with for years now… Lab part scares me not the content. CISA + HISP is to annoy people. CREA + GREM because they look fun. OPSA + OPST + ISRM because they make more sense for me.
The reality is though, I don’t know what else to do. Sometimes I get bored with security, even more bored with certs. The certs have become the challenge to me, not the technology. I’m still awaiting the results for the CISM which some come within the next 10 days. I wanted to beat the authors with a cluestick. I had to “dumb myself down” and answer to the business side of security as opposed to the technical/defense side of things. So I’m having to try to figure out what it is INSERT_SPECIFIC_BODY_HERE wants.
Who knows what route I’ll take but I will figure it out shortly. I thought about going the Juniper route since I’m immersed in SA’s and SSG’s daily, but that too annoys me. 2 months ago I had to configure and deploy 10 SSG’s (small number) with pre-defined tunneling information provided by the client. Had them all down with t’s crossed, I’s dotted only to have the client fudge the whole game up. I literally had to re-do them remotely on site which left me annoyed with SSG’s because of my client. I may do the JNCIS-SEC who knows but I’ve had it up to ^here^ with vendor-specific certs. I’m keeping an eye on the ISRM though (http://www.securityhorizon.com/aboutISRM.php) and for those unaware of it, its what the NSA-IAM/IEM used to be.
-
-
-
In Canada, the Communications Security Establishment (CSE) is more or less the equivalent of the NSA in the United-States. They are responsible for evaluating security professionals working for the canadian government. Here are the ONLY certs they value:
CISSP from (ISC)2
CISSP / ISSEP from (ISC)2
CISSP / ISSAP from (ISC)2
CISSP / ISSMP from (ISC)2
CISM from ISACA
CISA
GIAC / Any Silver audit certification
GIAC / Any Gold audit certification
GIAC / Any Silver management certification
GIAC / GSFP, GEIT Gold management certificationWe are always 5 years behind the american DoD…
-
-
I thought about it a few times. The fact is, I would likely have a few books to write. Some would make people do a Home Alone (http://images.eonline.com/eol_images/Articles/20071211/293.home.alone.121107.jpg). I thought about an “Art of Cyberwarfare” style book based on attacks with explanations of the attack vector and logic behind potential defenses. The problem with this style of writing would be that the moment that the book was quoted as being behind some scriptkiddiot’s attack, would be the moment the industry would poop on the book: “How could they publish such a book!”
The reality is, in order to truly comprehend ANY defensive strategy, one MUST be familiar with the attack vector and the inherent and potential dangers behind it. For example, in 2005 Theo DeRaadt @ OpenBSD decided away with ICMP source quenches in the network stack to which I responded… “Nothing new move along” (http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-07/0101.html) I had written about this starting in 1999 and releasing a PoC in 2000 (http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=tidcmp&type=archives&%5Bsearch%5D.x=0&%5Bsearch%5D.y=0)
People didn’t get it then. Same went for Bubonic and Daemonic. Back then Richard Bejtlich got it (http://seclists.org/incidents/2000/Aug/277) others didn’t. Right now I have a pretty nasty tool I won’t ever release because it literally allows me to turn your device into a firewall like it or not. Imagine that for a moment… I aim it at any networked device you have, that device stops sending and receiving period until I give you room to breathe. I went over the tool and what it does with NANOG, IETF, Cisco, Foundry, Sun and others. Its really nasty, the solution? Rewrite TCP which no one would do. (seriously) Ask yourself, if I can find this tinkering how long before someone has as much time and weird creativity or can fuzz that much.
I did think about the book gig before, the problem: Content… I wouldn’t want to do anything anyone else has done. In order for a company to publish it, there has to be an audience. An audience filled with “Go to hell…”, “why the f,,, would someone write this book!…”, “there goes our networks…” wouldn’t make for much appeal
-
Just found this article today, which pretty well sums up what I’ve been seeing in the industry over the past few years, and what has been said on this site a number of times.
http://www.computerworld.com/s/article/9180194/Let_s_certify_business_savvy
But no IT certification currently available can gauge whether a professional understands how IT supports and complements the overall business.
And this part too:
We need a new type of certification, one that measures a person’s understanding of how computing integrates into, and drives, today’s business. A certification that weighs understanding of business computing concepts, business processes, communications skills and technical acumen would better reflect the package of skills needed in today’s IT workforce.
This is probably why PMP is on the above-mentioned list, but PMP really isn’t enough.
Still, it always seems to be polarized. At my company we have some very gifted help desk folks and a network admin who manages well and knows his stuff, but none of these guys have much business knowledge and readily pass those tasks to either myself or to one of our database admins. Unfortunately, the DB guy is on the opposite end and knows the business really well and has electrical and computer experience (obviously since he’s a DBA), but if you try to talk to him about taking away admin rights of users or antivirus or patching and all he’ll say is it hinders the business and puts unnecessary blocks in the way. Absolutely no idea about INTERNAL threats, much less exploited users (social engineering or otherwise). Keep in mind this guy still writes all his apps in VB6 because it’s easier, but because of that we’ve had to deal with insecure and unsupported objects and protected environments, all of which “prevents us from doing business.”
I’m caught in the middle, but sometimes its comfy since I can talk to everyone with some level of understanding. Getting into the security side too requires knowledge on both sides of the table, which is probably why I’ve seen so much of this opinion on this site.
-
-
-
That is absolutely true, especially in Canada. I do not know how the similarity comes to have taken place but the truth is the communication security establishment is very much similar or almost similar to the National Security agency of the United States of America. I guess there has been a medical report of someone trying to poison another official there. At least that is what I have heard from the hospital I have worked in USA
-
- You must be logged in to reply to this topic.
