.

certifications dilema

<<

Bushman4u

User avatar

Newbie
Newbie

Posts: 15

Joined: Fri Jul 09, 2010 4:05 pm

Post Mon Jun 18, 2012 1:18 am

certifications dilema

Hi guys,

Here are a few certs that I can find with their respective training institutions. They all look sexy and self proclaimed as being the best cert.

CPTC - Certified Penetration Testing Consultant 25421
CPTE - Certified Penetration Testing Engineer 34894
CSTA - Certified Security Testing Associate         3614
GPEN - GIAC Certified Penetration Tester         33170
OSCP - Offensive Security Certified Professional 36097
CEH - Certified Ethical Hacker                         90494
ECSA - EC-Council Certified Security Analyst 29890
CEPT - Certified Expert Penetration Tester            26267

However, the question I have been wrestling with is which one of these ethical hacking or pentesting certifications and trainings truly and genuinely offer the best material in the world? Categorizing them in the best being 1, how would you rank them in term of quality, depth, practicality and maturity?
I have only taken SANS training but have read a lot about the other ones' testimonies, reviews and talk to a few friends who have taken for example OSCP and CEH.

Could any one of you guys attempt to answer this question if you have taken a few of these courses and certs. Please provide some comparisons if you wish on tools covered, instructors' experience, labs setup and etc.

I am excited to hear from you and would like to thank you in advanced.
Certifications: CISSP, GISP, GPEN, GAWN, MCSE, Network+ and A+
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Mon Jun 18, 2012 2:24 am

Re: certifications dilema

OSCP and CEH is great but OSCP is more professional and its harder.....
ICS Academy Network Security Certified
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Jun 18, 2012 2:27 am

Re: certifications dilema

From the ones you have listed, I'd say OSCP and CEPT. GPEN is popular as well, but based on your signature, it seems you already have it. If you want something for HR, you can also add CEH.
<<

Bushman4u

User avatar

Newbie
Newbie

Posts: 15

Joined: Fri Jul 09, 2010 4:05 pm

Post Mon Jun 18, 2012 2:57 pm

Re: certifications dilema

A thank you to though who have responded so far.

However, I should add that I am not really interested in the HR or job hunt certs. I must say that even though all of us would like the pay but I am more into a REALY STUFF! I am interested in skills development, personal challenge and self satistifaction.
Certifications: CISSP, GISP, GPEN, GAWN, MCSE, Network+ and A+
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Jun 18, 2012 4:38 pm

Re: certifications dilema

offsec
<<

DragonGorge

User avatar

Jr. Member
Jr. Member

Posts: 86

Joined: Wed Feb 08, 2012 6:30 pm

Post Mon Jun 18, 2012 8:11 pm

Re: certifications dilema

Bushman wrote:However, I should add that I am not really interested in the HR or job hunt certs. I must say that even though all of us would like the pay but I am more into a REALY STUFF! I am interested in skills development, personal challenge and self satistifaction.

In that case I'd stick with OSCP. You're not going to get a whole lot of depth in CEH - "Mile wide and a foot deep"
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Jun 19, 2012 9:27 am

Re: certifications dilema

If you're in India and you need a job, CEH. Keep in mind they require a clean criminal record and I think they also require 2 years of IT-security experience or related at least.

If this is not your situation, and you really want to learn what pentesting is about, well, at least the basics that is, it's definitely OSCP you have to do. CEH won't teach you pentesting. It's a mile wide but only a foot deep, while OSCP is a foot wide (pentesting) but a mile deep.

Keep in mind that a "foot wide" in OSCP, doesn't mean it covers only a few things, as OSCP (i.e. PWB) covers almost or perhaps just everything within penetration testing pretty much. Except hardcore exploit development, they have other courses for that  ;D
I'm an InterN0T'er
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Jun 19, 2012 9:51 am

Re: certifications dilema

I'd beg to differ on the whole mile wide, foot deep thing. Based on my conversations with CEH candidates, I tend to think CEH is only a foot wide, and about an inch deep. The exception to the width comment is that it seems CEH teaches you 20 tools to perform one task that you will likely only ever use 2 or 3 tools for. If that's what HR is looking for, by all means do what you have to do, but I'd prepare for disappointment if you were hoping to learn anything useful. The one thing CEH has going for it is marketing/name recognition and the other players lag behind here, regardless of their technical value.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Jun 19, 2012 10:05 am

Re: certifications dilema

Bushman wrote:However, I should add that I am not really interested in the HR or job hunt certs. I must say that even though all of us would like the pay but I am more into a REALY STUFF! I am interested in skills development, personal challenge and self satistifaction.


I'd go with OSCP and CEPT.

MaXe wrote:Keep in mind that a "foot wide" in OSCP, doesn't mean it covers only a few things, as OSCP (i.e. PWB) covers almost or perhaps just everything within penetration testing pretty much. Except hardcore exploit development, they have other courses for that  ;D


Although Mati and crew did - without a doubt - a great job, saying or thinking that PWB (or any other course) teaches (almost) everything about penetration testing, is just wrong and also naive.

I assume you didn't mean it that way, but that's how someone (especially someone new to the field) might interpret your statement.
Last edited by UNIX on Tue Jun 19, 2012 10:17 am, edited 1 time in total.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software