Abdul wrote:Hi guys
I want your advice.
I have a master degree in information and network security and I don't any previous experince in security field.
Could you guys recommend me a training center , in chicago if possible, to take courses in CEH and SSCP.
I have been thinking of CISM but it require previous experience, is there I can take it without experience as Associate CISM ?
thank u guys
Firstly, what is it you intend on doing in the long run. A CISM is a managerial cert while the C|EH is geared towards (wants to be) a pentesting like certification which introduces you to tools used in hacking/pentesting.
Its akin to you asking "I want to be a Registered Nurse should I take a nurses assistant class" if you will. CISM's differ from those who possess the C|EH, OSCP, OPST, etc., in the sense it tends to be more hands on with a lot of emphasis on "hacking" ethical for corporations/business. While the CISM, CISSP is geared more towards managing the information policies, etc.
SSCP is nothing more than a mini CISSP for those who don't really have enough years of experience, or enough knowledge of all CBK's to complete the SSCP. It's more of an associates with the CISM being more of a masters.
My advice, determine what it is you want to do. Want to push papers, read, tell others what to do, focus on the CISSP, CISM, CISA. Want to play with tools, do penetration testing, I would go with the following:Pentester / Master Hacker route
Security+ (for starters)
CCNA - to learn / understand networking
Do a SANS course if you can, focusing on a specific, e.g., GPEN for Pentesting, GCIH for Incident Handling, etc.
OSCP - for a thorough overview of penetration testing
OPST - For expert level pentestingSecurity Manager
CISA + CISM studies (they both can be done, they're both different certs though)
CISSP - ISSEM
NSA IAM/IEMSuper Network Ninja / Pentester
Wait for us to finish the OWASP cert http://www.owasp.org/index.php/Category:OWASP_Certification_Requirements
Again, there seems to be a lot of misinformation/clarity between what certs will get you to which route you want to be at the end of the day. You mention two completely separate scenarions (CEH of SSCP) so figure out what you want to do and maybe re-ask the question.
sil at infiltrated dot net