.

Certification Advice

<<

Questionable

Newbie
Newbie

Posts: 13

Joined: Wed Dec 07, 2011 10:43 pm

Post Mon Dec 17, 2012 10:48 am

Certification Advice

Hi EH,

Just a quick question about any certifications it would be worth while taking. I'm currently a student studying Computer Security & Ethical Hacking in the UK, I'm on placement as a Software Developer so I am learning Programming principles. I will hopefully graduate with a 1st degree, my question is, is it worth taking a few certificates along with my degree? I know there are certs like CISSP, CREST <-- supposed to be incredibly hard and CEH but which is the best bang for your buck?

I'd quite like to go towards the web app security side || maybe PCI DSS? I still have quite a while to think about this, but any advice would be great.

Edit: If you know any certs which are worth while taking for web app's or that are quite well rounded, that would be appreciated

Thanks,

Questionable
Last edited by Questionable on Mon Dec 17, 2012 10:55 am, edited 1 time in total.
We can re-code him, we have the technology!
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Dec 17, 2012 3:58 pm

Re: Certification Advice

Hello Questionable, welcome to EH.Net.  To give you a quick answer, check around on the forums.  This question has been answered a number of times. 

Since you are still in school, it would be more beneficial for you to get some entry level experience.  You will need to have proven experience in a number of the domains in CISSP in order to qualify for the cert.  It is designed more for managers within the Information Security realm and is not always required for InfoSec jobs.  At most it might be an HR hurdle which can be overcome by other skills/certs.  A good reference you can use for technical certs would be the SANs Roadmap: https://www.sans.org//security-training/roadmap.pdf

I don't expect you to go and drop the cash for a SANS course, but it might provide you with some information as to where you want to start looking.
Certs: GCWN
(@)Dewser
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Dec 19, 2012 9:44 am

Re: Certification Advice

Hi Questionable and welcome to the forum!

If you know any certs which are worth while taking for web app's or that are quite well rounded, that would be appreciated

For this one, I suggest you first take a more broad and entry-level certification before aiming at web applications. And don't get me wrong, "entry-level certification" doesn't mean easy, but they tend to cover lots of different areas used in other more specialized certs/fiels.

For example, web app certifications will focus more on SQL injection, XXS and the likes than on TCP/IP network protocole and post-exploitation skills. I believe that knowing these things before going to web app cert world would only help you in the long run.

Also, what is your long term goal in information security? I am asking because forensic investigation is quite different than being a manager who writes policies... Let us know and we will guide you!

And like 3xban said, experience and contacts are very important too...

Good luck!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Dec 20, 2012 1:06 pm

Re: Certification Advice

You should probably start with something like eLearn's eCPPT. It's affordable and covers a good deal of material, including web app testing. It's not going to be as impressive as a SANS cert, CISSP, etc on your CV, but you can always tack those on over time.
The day you stop learning is the day you start becoming obsolete.
<<

Questionable

Newbie
Newbie

Posts: 13

Joined: Wed Dec 07, 2011 10:43 pm

Post Tue Jan 08, 2013 8:08 am

Re: Certification Advice

Thanks for the replies guys! eCPPT looks great, I'm currently reading The Web Application Hackers Handbook, it's pretty insightful and rounding my knowledge, I have been networking a lot where I live at OWASP chapter meetings and other conferences, so I hopefully will have my foot in the door before I finish University, after University, my first job would be towards the pen testing field.

The only issue I'm looking at, it doesn't offer a lot of information on individual purchases, more of a company based thing, does anyone know the price for the eCPPT and if they do any sort of student discount? :P probably not, but it's always worth a shot.

Any sort of reading material you could suggest for the eCPPT would be great, but I know it comes with a bucket load of videos and tutorials when you purchase it.

I'm still narrowing down my choices but web applications seems to be the thing which interests me the most, but even if I drift off into another part of the sector, I don't think it'll be a waste of time.

Thanks again,

Questionable.
Last edited by Questionable on Tue Jan 08, 2013 8:10 am, edited 1 time in total.
We can re-code him, we have the technology!
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Jan 08, 2013 8:58 am

Re: Certification Advice

Armando (eLearnSecurity) regularly posts discounts on here, as well as running promo's, so if you want to know if anything's currently running, give him a shout.  He's a member here, too.  (PM him)  His username is 'Armando'

Good luck!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Questionable

Newbie
Newbie

Posts: 13

Joined: Wed Dec 07, 2011 10:43 pm

Post Wed Jan 09, 2013 7:57 am

Re: Certification Advice

I sent Armando a pm, waiting on a reply :)
We can re-code him, we have the technology!
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Wed Jan 09, 2013 10:32 am

Re: Certification Advice

My suggestion when asked a similar question is to see what requirements are out there for jobs that you would like to do. For example, there is a job on Dice.com for web hacking ( http://bit.ly/ZH952s (perishable link)), that provides a list of things the employer wants to see it their employees. they even have a questionnaire on their web site for the app pentest job.

In this case, it looks like they want someone well versed in web languages, not someone with any certs (which I find typical with the programming track into professional pentesting)... and perhaps someone known in the community of hacking.

Now, if you were working your way through networking or system administration as a path to pentesting, certs can play a bigger role in your profession.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Jan 09, 2013 10:47 am

Re: Certification Advice

I find that certs are the only way to force me to learn usefull but boring things. Without a goal/carrot in front of my, I either get lazy or study only what I like.

There have been many discussions on certs vs experience on this site and I think most people agree that experience is more important, while *some* certs open doors (get you through HR screening) and *other* certs/training programs make you a better pentester.

For example, CISSP vs OSCP are pretty much opposite to each others...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Wed Jan 09, 2013 6:58 pm

Re: Certification Advice

H1t M0nk3y wrote:I find that certs are the only way to force me to learn usefull but boring things. Without a goal/carrot in front of my, I either get lazy or study only what I like.

There have been many discussions on certs vs experience on this site and I think most people agree that experience is more important, while *some* certs open doors (get you through HR screening) and *other* certs/training programs make you a better pentester.

For example, CISSP vs OSCP are pretty much opposite to each others...


I completely agree.  I get callbacks on about 80% of the jobs I submit my resume for, but I have trouble passing some of the technical interview questions, so I'm more focused on things like eCPPT and OSCP which will give me knowledge.  On the other hand, someone who knows more than I do but doesn't get past HR screenings would probably do better to get a CEH or CISSP.
Sec+, eCPPT

Return to General Certification

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software