.

CISSP or GSEC

<<

mohsinhafeez

Newbie
Newbie

Posts: 19

Joined: Thu Jun 11, 2009 9:37 am

Location: Bangalore

Post Thu Apr 05, 2012 8:08 am

CISSP or GSEC

Hi all, hope you guys are doing good. I am a CCNA, CCIE Security written, JNCIA(FWV/VPN), currently working at on juniper's netscreen firewall at JTAC, Convergys, Bangalore. I want to know if I am eligible to do cissp, I have around 1 year of exp in IT( 6 months of routing and switching, 6 months of firewall experience.). I know I can do Associate of cissp, but what will I have to do once I am certified to get the actual certificate.

And I wanted to know a few things about GSEC, I liked the topics alot, will this certification help me in during my interviews? is it on HR'S list? And do i need experience to take GSEC?
CCNA, MCP, CCIE Security Written, JNCIA(FWV/VPN)
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Apr 05, 2012 8:27 am

Re: CISSP or GSEC

You need five years of full-time security experience. There seems to be a bit of flexibility in what's considered full-time security experience (you need to be involved with two of the domains, but some are fairly broad). Additionally, you can waive a year of experience with a qualifying degree or certification. Regardless, if you only have one year of IT experience, you're definitely a few years away from being eligible.

There is more information here: https://www.isc2.org/cissp-how-to-certify.aspx

Professional experience requirements: https://www.isc2.org/cissp-professional-experience.aspx

Along with the certifications you can use to waive a year of experience: https://www.isc2.org/credential_waiver/default.aspx

As far as GSEC is concerned, I think it's a fairly well-respected entry-level certification. However, you should review the job sites and postings in your area to see how popular it is there.
The day you stop learning is the day you start becoming obsolete.
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Thu Apr 05, 2012 12:43 pm

Re: CISSP or GSEC

What is your goal exactly?  What job do you want to have and in what timeframe?

If you're planning to stay focused on networking, the CCIE Security is tremendously valuable and you could supplement it with GSEC, GCIH, etc.  If you plan to go into management, a CISSP would be worth a lot more (you'll probably need a 4-year degree also).  If you're looking to do penetration testing, a lot of companies ask for the CEH but most of the people here prefer more difficult certifications like the OSCP.  So, again, what is your goal?
BS in IT, CISSP, MS in IS Management (in progress)
<<

mohsinhafeez

Newbie
Newbie

Posts: 19

Joined: Thu Jun 11, 2009 9:37 am

Location: Bangalore

Post Thu Apr 05, 2012 1:14 pm

Re: CISSP or GSEC

Thank you guys for your replies and your time. I want to get into application security. Any idea which certifications will help me?
CCNA, MCP, CCIE Security Written, JNCIA(FWV/VPN)
<<

mohsinhafeez

Newbie
Newbie

Posts: 19

Joined: Thu Jun 11, 2009 9:37 am

Location: Bangalore

Post Thu Apr 05, 2012 1:16 pm

Re: CISSP or GSEC

@ unicityd - I do have a four year degree, Bachelor Of Engineering(Computer Science) :)
CCNA, MCP, CCIE Security Written, JNCIA(FWV/VPN)
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Thu Apr 05, 2012 1:26 pm

Re: CISSP or GSEC

Mohsin Hafeez wrote:Thank you guys for your replies and your time. I want to get into application security. Any idea which certifications will help me?


Check this out http://infiltrated.net/TechnicalSecurityRoadmap.html#
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Apr 05, 2012 1:32 pm

Re: CISSP or GSEC

I'm assuming you're referring to web apps.

GWEB (maybe the .NET or JAVA ones as well): http://www.giac.org/certifications/software-security

GWAPT http://www.giac.org/certifications/secu ... nistration

There will be some web app material in PWB/OSCP and CTP/OSCE, and AWA/OSWE focuses on it entirely: http://www.offensive-security.com/infor ... -training/

eLearnSecurity's eCPPT has a lot of web app material as well.

Sil, you need a search function. Some of that is three-layers deep on your road map ;)
Last edited by dynamik on Thu Apr 05, 2012 1:38 pm, edited 1 time in total.
The day you stop learning is the day you start becoming obsolete.
<<

mohsinhafeez

Newbie
Newbie

Posts: 19

Joined: Thu Jun 11, 2009 9:37 am

Location: Bangalore

Post Thu Apr 05, 2012 3:40 pm

Re: CISSP or GSEC

If i want to get into pen testing, will c and c++ help?? and does oscp require work experience?
CCNA, MCP, CCIE Security Written, JNCIA(FWV/VPN)
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Apr 05, 2012 4:03 pm

Re: CISSP or GSEC

Programming knowledge is always a bonus. You'd probably find yourself using Python or Ruby more often day-to-day, but C/C++ could definitely be a preferred language depending and what you want to do. There are a lot of great Python resources in this thread: http://www.ethicalhacker.net/component/ ... picseen,1/

No work experience is required for OSCP, but it is definitely not an entry-level cert (granted, if you're at a CCIE-written level, you probably already have a fairly solid background).
The day you stop learning is the day you start becoming obsolete.
<<

mohsinhafeez

Newbie
Newbie

Posts: 19

Joined: Thu Jun 11, 2009 9:37 am

Location: Bangalore

Post Thu Apr 05, 2012 5:24 pm

Re: CISSP or GSEC

How much does OSCP cost?
CCNA, MCP, CCIE Security Written, JNCIA(FWV/VPN)
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Thu Apr 05, 2012 5:24 pm

Re: CISSP or GSEC

For appsec, certs may help a little, but they aren't as valued as in pen testing and network security.  A lot of senior level appsec jobs ask for the CISSP, but other than that, most job descriptions don't ask for certs.  Most of the top appsec guys either don't have certs or don't advertise them.  GSEC or GWAPT may be helpful, but you should check out the companies you want to work for and see if they ask for them or for any certs at all.  Plan to get the CISSP eventually, but I don't know that I'd recommend investing in any others for the cert itself.  If you want to take a SANS course to learn, that's fine, just a little pricey. But don't expect the cert to carry that weight that a Cisco cert would in networking.

You need to know at least one language really well and should have experience with several.  You need to be familiar with the OWASP top ten and should also check out ESAPI.  To get started learning about the various application security issues from a bug-hunters perspective, check out this book list by Dino Dai Zovi (he wrote a couple of them):

http://www.amazon.com/A-Bug-Hunters-Reading-List/lm/R21POHD6Y2DOLQ

You should start reading Bugtraq and Full-Disclosure to see the bugs that are posted there.  Don't worry about trying to remember which bugs are in which products, you need to understand what the bug is and how the poster found it.  Every time you see something you don't understand, go research it.  If an exploit is included, make sure you understand how it works.

You have your degree already which is important.  Now, you need to start gaining experience in software development or in appsec directly.  Where to start depends on what you want to do.  If you want to be a security architect at a software company or actually build security solutions, start out as a developer and work on your appsec knowledge along the way.  Make sure you learn some crypto as well; you won't be designing your own algorithms/protocols, but you should understand the ones that are out there.  I recommend reading Understanding Cryptography by Paar and Pelzl and Cryptography Engineering by Ferguson and Schneier.

If you want to be a bug hunter/researcher, you should try to get into a junior role that is somehow related to appsec.  With your degree and a little knowledge, you may be able to get a position analyzing security bug reports at a software company, testing software, or analyzing malware.  To be a bug hunter, you'll need to be able to program and should have a reading knowledge of multiple languages but you don't have to be a primo developer.  You need to learn to debug software and, if you're working with compiled programs, to reverse engineer as well.  Your networking experience won't count for a lot unless there is an actual networking focus to the appsec work you're doing (e.g. doing appsec at Cisco).

If you're interested in buffer overflows in C/C++ code, check out the list of papers I posted a while back:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2897.msg13502/#msg13502

You may want to read a book on pentesting/hacking such as Hacking Exposed or Counter Hack just to get some perspective, but pentesting is a different skillset so don't worry about being proficient.
BS in IT, CISSP, MS in IS Management (in progress)
<<

mohsinhafeez

Newbie
Newbie

Posts: 19

Joined: Thu Jun 11, 2009 9:37 am

Location: Bangalore

Post Thu Apr 05, 2012 5:32 pm

Re: CISSP or GSEC

WOW! thanks alot for all the information. i am pretty confused with all the certifications the world of network security has, but i am happy that i have alot of options :) could you plz tell me how much oscp costs?
CCNA, MCP, CCIE Security Written, JNCIA(FWV/VPN)
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Thu Apr 05, 2012 5:39 pm

Re: CISSP or GSEC

BS in IT, CISSP, MS in IS Management (in progress)

Return to General Certification

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software