+ Reply to Thread
Results 1 to 24 of 24
  1. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    862

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #1

    Default How 5 Top Cybersecurity Certifications Can Advance Your Career

    Little article for you guys - How 5 Top Cybersecurity Certifications Can Advance Your Career | Redbud

    Summing up - their top 5 are CISSP, CISA, CISM, GSEC, & Security+.

    FWIW, Security+ was my starter and I found it very valuable at a 101 level.

    I don't know that GSEC was around at that time, but if I had the money then I would agree now that it would have been a great technical-level follow-up to Security+.

    CISA I'm not as impressed by. I hear they're in the midst of redoing it some and I agree it could be tweaked to be more focused as well as have some concepts brought more in line with the other ISACA cert principles. It's good, but not as good as it could be with some reworking.

    CISSP of course is the one that opens the doors. It isn't mandatory, but you do learn a lot of basic principles and it gets your foot in the door for just about any infosec job nowadays.

    CISM is likewise the one that opens the doors to the infosec mgr spots. It's a decent cert in terms of knowledge you gain, but as usual at the end of the day you only get out of a cert what you want to. If you just learn to pass the test then the value is limited. If you learn to gain concepts to put into your daily life it has a lot of good value.

    Overall I think this is actually a good list compared to the random babble that most places put out. Are there other good certs, yes, but for a list of 5 that would have value to someone's career, I'd agree these all fit the bill.

    And no I don't have anything to do with whoever this guy is, I just stumbled across the article and thought I'd share.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #2
    I think they're overstating the CISSP. I can tell you I haven't designed any policy or standard since getting it, and I wouldn't consider it "advanced-level".
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Apr 2014
    Location
    South Florida
    Posts
    857

    Certifications
    CISSP, CISM, CISA, CRISC
    #3
    Quote Originally Posted by Sheiko37 View Post
    I think they're overstating the CISSP. I can tell you I haven't designed any policy or standard since getting it, and I wouldn't consider it "advanced-level".
    Creating policies has to do with your role not passing a Cert! i don't get your point here. Its like me saying I passed my CISSP but i don't do software development.. well no Sh*t i'm not a programmer/coder
    Reply With Quote Quote  

  5. Member
    Join Date
    Apr 2016
    Posts
    41
    #4
    His point is that the CISSP is heavily focused on creating standards and policies around information security. It's not heavily focused on the technical aspect of Information Security like other certs. That's what I think he's saying at least, I don't have the CISSP nor have I looked to deeply into it, but outwardly it really appears to focus on industry best practice and management of security teams rather than working in the industry as a security professional who get's down and dirty with the technology.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Apr 2014
    Location
    South Florida
    Posts
    857

    Certifications
    CISSP, CISM, CISA, CRISC
    #5
    Well if thats what he is saying then Policies and standards are very important as that's what should drive the technology.. buying lots of blinkie boxes isnt security if there are no process or procedures around it. Technical is only half of the story.
    Reply With Quote Quote  

  7. Member
    Join Date
    Apr 2016
    Posts
    41
    #6
    Believe me, I understand that. Policies are important, as such the CISSP is important. It's not for everyone though. I personally will not go for it as I have no interest in managing an information security team. I know it pays well, but I have to be hands on and not designing policies and procedures all day.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #7
    Quote Originally Posted by dustervoice View Post
    Creating policies has to do with your role not passing a Cert! i don't get your point here.
    Did you read the article? I'm responding to that.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    May 2015
    Location
    UK
    Posts
    221

    Certifications
    MCITP, MCTS, MCSA, A+, Security+, SSCP, CISM
    #8
    Sec+ was good to study for and get, made no decernable difference to my marketability but found it interesting.
    CISM has been ok - some jobs use CISM/CISSP interchangeably, and I'm now appearing on recruiters radar which is a double-edged sword.
    I'm doing GSEC training at the moment. For a "fundamental" cert it's pretty comprehensive and much broader and deeper than Sec+ (although it sits alongside it on the DoD chart). Very interesting material and I have learnt things from it. I don't see it adding to my marketability as it is a largely unknown cert in the UK.
    As with most in infosec CISSP is on my "to do" as it is the gold standard when lookingfor new positions.
    I am told that CISA is good, but it's not on my list!

    As has been said before her many times - the cert doesn't make the person, the person makes the cert.
    Reply With Quote Quote  

  10. Junior Member Registered Member
    Join Date
    Apr 2016
    Location
    New York
    Posts
    2
    #9
    What about CEH?
    Reply With Quote Quote  

  11. Cisco R00t Clan Member NOC-Ninja's Avatar
    Join Date
    Feb 2011
    Location
    R00t
    Posts
    1,329

    Certifications
    CCIE-Wireless, CCIE-RS (written), CCNP-Wireless, CCNP, CCNA-Wireless, CCNA-Security, CCNA, CEH, CHFI
    #10
    Isnt these certs are all managerial roles?
    MSISA
    Reply With Quote Quote  

  12. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,680

    Certifications
    RHCSA, Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practioner, VCP-DCV, Storage+, CCNA R+S, CCNA Sec, Security+, CEH, CASP
    #11
    Quote Originally Posted by Howard the Duck View Post
    What about CEH?
    Not sure if serious, but CEH is a specialist certification so rarely appears on these 'top' lists. Top lists of "info sec" certifications are always biased to the generalist certification, because they will cover a greater breadth hence more people with them, hence more top people with them.

    It's similar to the advice people give to get the popular certifications - they have the most jobs available. The downside is that those jobs often have the most applicants - since everyone gets the popular certifications.

    If you really want to get ahead, find an in demand niche and get really good. There will be far fewer people for the jobs that come up, so you are in a stronger position. The risk is that your niche disappears.
    2017 Goals - MCSA 2008, CISSP, CCNP:R+S, Agile PM
    Reply With Quote Quote  

  13. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,680

    Certifications
    RHCSA, Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practioner, VCP-DCV, Storage+, CCNA R+S, CCNA Sec, Security+, CEH, CASP
    #12
    Quote Originally Posted by NOC-Ninja View Post
    Isnt these certs are all managerial roles?
    To add to my last post, this is an artefact of how these lists are composed. They look at the big groups of top earners and that is management. There are 100s of specialist roles where people earn lots of money and have interesting careers, but those roles don't have a lot of commonality. So a top pen tester and a top forensics person and a top PCI compliance person might have some low level certifications in common (eg Sec+, GSEC), but might not have anything else in common as their paths diverge.

    Management is a fairly conservative area: you see the same qualifications again and again - MSIS, MBA, CISSP etc. People are almost forced to do this just to get the foot in the door. They also dress the same The technical rockstar is harder to pin down. They are just very good at what they do, and that isn't about certification per se, it's a breadth and depth within their particular niche.

    The safe bet is to get really, really good at something.
    2017 Goals - MCSA 2008, CISSP, CCNP:R+S, Agile PM
    Reply With Quote Quote  

  14. Junior Member virtualizationG's Avatar
    Join Date
    Apr 2016
    Location
    New York
    Posts
    18

    Certifications
    CISSP,SSCP,VCP5x3, VCP6,VCP6-NSX,A+,Net+,Sec+,Inet+,Server+,ItilV3,CEH, CHFI,CCSP,MCSEx5, CCNAx4,CCNP DC,CCDA,PCIP & LPI to name a few :)
    #13
    I would also agree the CISSP is a bit over valued in this article, however it's on par with the industries perspective. Which in many cases is that of non IT staff and management. They can't value things they don't know exist. In my experience most non IT staffers have no clue what most technicians signatures even mean. The few exceptions are certifications like CISSP and CCIE for example. Not putting CCIE and CISSP in the same category but based on industry metrics they are both considered "Top Tier" certifications to hold in their respective disciplines.
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Feb 2015
    Location
    Tampa, FL
    Posts
    266

    Certifications
    GPEN/GCIH/CEH
    #14
    Yet another generic mostly worthless article. Anyone with half a brain has known these certs have been valuable for the past 5-10 years. And it ignores specializations. I know a guy who works on one security tool who has a CISSP. Does it hold value to him? IDK.
    Reply With Quote Quote  

  16. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,272

    Certifications
    A+, Network +, GSEC, GCIH, Lunatic+
    #15
    Quote Originally Posted by virtualizationG View Post
    I would also agree the CISSP is a bit over valued in this article, however it's on par with the industries perspective.
    I plan on getting a CISSP just because it's widely recognized security certification among the computer illiterate (ie HR), but once I obtain it, I will not be pursuing any more ISC certs, just SANS certs.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  17. Senior Member stephens316's Avatar
    Join Date
    Oct 2009
    Posts
    196

    Certifications
    IASO,GSEC,GCED,GCFE, MCTS:AD,MCSA,,MCP, Sec+ VCA-DCV MCTS-SCCM
    #16
    Quote Originally Posted by Howard the Duck View Post
    What about CEH?

    Not worth the price of training take a SANS Class
    Reply With Quote Quote  

  18. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #17
    If I'm interviewing candidates for a technical role, I'd be much more biased towards GIAC and OffSec certs. The CISSP, CISA, CEH, and Sec+ would mean little to me unless it was an introductory junior role. That said, those certifications certainly don't hurt and shows a degree of ambition and effort.

    More important than certs is mindset and willingness to explore far beyond the textbook. At the end of the day, certs are nice and in many places allows for positive keyword matching with HR resume search systems, but practically I'm less concerned with certs than I am about aptitude.
    Reply With Quote Quote  

  19. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #18
    I just wish HR would stop asking for a Bachelor's in CS or 5 years of experience for an entry-level position.

    It's pathetic.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Mar 2015
    Location
    San Diego, CA
    Posts
    200

    Certifications
    MSISA, CISSP, ECES, CHFI, CNDA, CEH, MCSA: Win7, MCITP:EA, Security+, MCTS, MCPS(x3), SAIC SAST Level 3
    #19
    For someone with a heavy technical background (20 years), but almost no management experience, what certs would be good to get toward priming myself for CISO positions? I'm working on CISSP now. Also working on my Master's in Cyber. I know eventually I'll need to get some management under my belt, just dont want to move away from technical work either. The managers at my workplace that used to be technical jump at every chance they can to work on a technical problem that they should be delegating. I think for some, the management path has lead to a highly paid "email manager/meeting advisor". I guess this is the path though. Anyway, for CISO aside from an MBA and CISSP, what other certs are worthwhile. Does EC-Council's "CISO" cert hold any weight?
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Apr 2014
    Location
    South Florida
    Posts
    857

    Certifications
    CISSP, CISM, CISA, CRISC
    #20
    Quote Originally Posted by dragonsden View Post
    For someone with a heavy technical background (20 years), but almost no management experience, what certs would be good to get toward priming myself for CISO positions? I'm working on CISSP now. Also working on my Master's in Cyber. I know eventually I'll need to get some management under my belt, just dont want to move away from technical work either. The managers at my workplace that used to be technical jump at every chance they can to work on a technical problem that they should be delegating. I think for some, the management path has lead to a highly paid "email manager/meeting advisor". I guess this is the path though. Anyway, for CISO aside from an MBA and CISSP, what other certs are worthwhile. Does EC-Council's "CISO" cert hold any weight?

    People management skills is what you need not more certs..if you look at lots of ciso profiles on linkedin very few have certs. With your years of experience, education and CISSP coupled with people skills is more than enough to become a ciso. good luck.
    Reply With Quote Quote  

  22. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    862

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #21
    Quote Originally Posted by dragonsden View Post
    Does EC-Council's "CISO" cert hold any weight?
    EC-Council holds no weight for me..... EC-Council is really just known for CEH, and that mostly impressed people who don't know a lot about infosec. I guess the C|CISO thing might look good on a resume, and it's not like there are a lot of "CISO" positions out there, so it's not like it's going to hurt you much. If you're looking to learn more about the subject matter itself to be better at the job, there are better opportunities out there (such as anything ISACA-related which covers the same domains but without "CISO" in the cert title).
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Mar 2015
    Posts
    247

    Certifications
    CISSP, CEH, MCP
    #22
    Quote Originally Posted by dragonsden View Post
    For someone with a heavy technical background (20 years), but almost no management experience, what certs would be good to get toward priming myself for CISO positions? I'm working on CISSP now. Also working on my Master's in Cyber. I know eventually I'll need to get some management under my belt, just dont want to move away from technical work either. The managers at my workplace that used to be technical jump at every chance they can to work on a technical problem that they should be delegating. I think for some, the management path has lead to a highly paid "email manager/meeting advisor". I guess this is the path though. Anyway, for CISO aside from an MBA and CISSP, what other certs are worthwhile. Does EC-Council's "CISO" cert hold any weight?
    I am not a CISO or do I have any manager experience, but I've worked for VPs, Directors & Managers. I've worked with managers who will not let go of technology and it can be very disruptive. IMO, a good manager manages (align with the business, advocate for their staff, assist staff in professional development, coordinate resources, etc...). I am sure there are course on general management and leadership, but I believe some people have a natural ability to working with people and some really struggle at it.

    My 2 cents.
    Reply With Quote Quote  

  24. Senior Member IronmanX's Avatar
    Join Date
    Mar 2015
    Location
    Ontario Canada
    Posts
    293

    Certifications
    C|EH
    #23
    Quote Originally Posted by docrice View Post
    If I'm interviewing candidates for a technical role, I'd be much more biased towards GIAC and OffSec certs. The CISSP, CISA, CEH, and Sec+ would mean little to me unless it was an introductory junior role. That said, those certifications certainly don't hurt and shows a degree of ambition and effort.

    More important than certs is mindset and willingness to explore far beyond the textbook. At the end of the day, certs are nice and in many places allows for positive keyword matching with HR resume search systems, but practically I'm less concerned with certs than I am about aptitude.
    SANS probably has the best training out there but is very pricey.
    If your hiring some one with a SANS cert they have most likely had that training paid for by a company.
    Your going to have to pay a premium to steal that employee away.

    I've heard before about the shortage of employees for certain jobs. In my experience it seems like they are looking for some one with experience already doing the job. Of course the problem with that is that person is either working for you already or your competitors.
    Reply With Quote Quote  

  25. Senior Member IronmanX's Avatar
    Join Date
    Mar 2015
    Location
    Ontario Canada
    Posts
    293

    Certifications
    C|EH
    #24
    Quote Originally Posted by g33k3r View Post
    I am not a CISO or do I have any manager experience, but I've worked for VPs, Directors & Managers. I've worked with managers who will not let go of technology and it can be very disruptive. IMO, a good manager manages (align with the business, advocate for their staff, assist staff in professional development, coordinate resources, etc...). I am sure there are course on general management and leadership, but I believe some people have a natural ability to working with people and some really struggle at it.

    My 2 cents.
    There really needs to be a shift away from limiting pay of non management staff to less then their manager.
    We don't see this in sports but we see it in the business world.

    This is basically the Peter Principal. Every one wants to move up the ladder for more money. Every one moves up until they are incompetent in their current role and can not progress any further.

    The way around this? become a consultant........
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks