+ Reply to Thread
Page 2 of 3 First 12 3 Last
Results 26 to 50 of 52
  1. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    456

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #26
    Quote Originally Posted by kurzon View Post
    It is a shame for the industry that I must obtain a certificate which I do not intend to follow its path just to pass the HR.

    In my opinion, OSCP+SSCP makes much more sense than OSCP+CISSP.
    Same issue with degrees as well. Sometimes HR doesn't care what the degree is as long as you have one. I fight that battle every time I do a vacancy announcement "and what degree does this need"? "None, the same as the last 13 times." But if a manager lets HR run the show, there's a good chance a Bachelor's degree requirement slips in and next thing you know, a highly qualified candidate can't get past HR but a newb with a degree in English Literature can.
    2017: CCNP (done), FITSI-M (done) CCIE Written
    2018: CCIE R/S
    2019: VCP (DCV/NV), OSCP
    2020-1: MBA
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Oct 2004
    Posts
    20
    #27
    Before we discuss this topic further, I want to make it clear that I will get CISSP, there is no escape from that. I am just sharing my thoughts about the industry.

    Quote Originally Posted by jelevated View Post
    However there are absolutely CISSPs with Dev, opsec, net, red team type experience. And these are the people who get the most interest from hiring managers.
    This is exactly what I'm talking about. CISSP is clearly a managerial certification which is for people who aim managerial positions. If you consider the fact that a certification program should add something to your experience, what is the purpose having CISSP for someone who has red team type experience? Improving the chance of finding a job, and that's it. I'm not running away from any certification cost; I will gladly pay $700 for the OSCP, but I will always feel every $ I paid for the CISSP is just wasted.

    "Here is your precious certificate dear HR, as it belongs to you, not me."
    Last edited by kurzon; 08-25-2017 at 12:53 PM.
    Reply With Quote Quote  

  4. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,357

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #28
    Quote Originally Posted by kurzon View Post
    This is exactly what I'm talking about. CISSP is clearly a managerial certification which is for people who aim managerial positions.
    Again, this is where you're wrong. The CISSP isn't just a managerial certification for people in management. First, it's more of a general security certification that lets HR and hiring managers know that the person has a certain baseline of security knowledge covering many of the security domains. Hence it being an inch deep and a mile wide. Second, it's obviously not just for managers as you'll see every kind of security req asking for it, from security analysts to pentesters and everyone in between.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    May 2016
    Posts
    1,647
    #29
    Quote Originally Posted by kurzon View Post
    It is a shame for the industry that I must obtain a certificate which I do not intend to follow its path just to pass the HR.

    In my opinion, OSCP+SSCP makes much more sense than OSCP+CISSP.
    What's a shame IMO is that you have to get multiple certifications...... One should be enough, too bad that's not the case......
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Oct 2010
    Posts
    861

    Certifications
    CISSP, CEH
    #30
    If you want to stay technical and be the top of your pen testing game. Then get the OSCP then OSCE. CISSP is only popular simply because of the DOD 8570 requirements which then a flood of contractors, military, and government civilians got it. It's a high level (1 inch deep 1 mile wide) certification which most people forget half of what they read the moment the exam is over simply because too much content. General baseline knowledge of security? Eh maybe but it really is too high level. I've talked to too many CISSP only holders who can only talk the high level but can barely crawl when you get into the weeds. You want to know why we have a technical cyber security problem? Keep making certifications and studies like the CISSP and you will find out why we don't have good talent.

    I only recommend CEH to individuals who are new to the industry and want to get their foot in the door. Good content but the exam isn't hard at all.
    Last edited by higherho; 08-25-2017 at 08:54 PM.
    Reply With Quote Quote  

  7. Not a Senior Member
    Join Date
    Apr 2010
    Location
    Alberta, Canada
    Posts
    142

    Certifications
    WGU BSIT, VCP 5, MCITP: EA W2K8, MCITP: Enterprise Technician, A+, Security+, MCTS: Exchange 2007, MCTS: Win 7,MCTS: SCCM,CEH, CCNA,VCAP5-DCA
    #31
    Quote Originally Posted by higherho View Post
    If you want to stay technical and be the top of your pen testing game. Then get the OSCP then OSCE. CISSP is only popular simply because of the DOD 8570 requirements which then a flood of contractors, military, and government civilians got it. It's a high level (1 inch deep 1 mile wide) certification which most people forget half of what they read the moment the exam is over simply because too much content. General baseline knowledge of security? Eh maybe but it really is too high level. I've talked to too many CISSP only holders who can only talk the high level but can barely crawl when you get into the weeds. You want to know why we have a technical cyber security problem? Keep making certifications and studies like the CISSP and you will find out why we don't have good talent.

    I only recommend CEH to individuals who are new to the industry and want to get their foot in the door. Good content but the exam isn't hard at all.
    All the PenTesting Jobs I seen where i live have a mandatory requirement to have CISSP or get it within 2 years of being hired.
    I do agree that most people will forgot what they learned in CISSP
    OSCP is pretty much required
    I do agree to get the OSCE
    Reply With Quote Quote  

  8. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    56

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #32
    Quote Originally Posted by kurzon View Post
    This is exactly what I'm talking about. CISSP is clearly a managerial certification which is for people who aim managerial positions. If you consider the fact that a certification program should add something to your experience, what is the purpose having CISSP for someone who has red team type experience?
    Allow me a moment to call BS right there.

    Look, studying for the CISSP and taking the exam is boring. It's dry, there is no hands-on, most of it is reading and memorization. It does not go very deep, the exam is expensive, and the renewal fees are a crock. I get it. The CISSP is NOT FUN.

    With that said, unless you find the delusional dream job of being the lone nerd in the basement, you WILL interact and communicate with IT security managers. You will work with these "CISSP" level managers to understand your assignments, to help them understand the technical aspects, the requirements, the output, the remediation, and whatever consulting you need to provide for your engagements. The CISSP gives the holders a common language to use, be it describing threat actors, attack surface, separation of duties, risk, quantitative vs qualitative analysis, and a general understanding of all things security. Its good to understand and be able to hold a consistent conversation on all things security. If the management audience is talking the CISSP language, so should you. Put your reports/docs/presentations/emails in the terms and format they understand. It gets everybody on the same page and shows that you have a well-rounded foundational understanding of IT security. It should be a requirement (or comparable cert) for getting into the field.

    Also picture the ideal job. Will somebody hire you to just be a "hacker", where you rely on leet skillz to impress your boss, or will you first and foremost be a security professional who helps the business make smart decisions as they weight pros and cons of a risk?
    Last edited by Hornswoggler; 08-27-2017 at 03:29 PM.
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jun 2012
    Posts
    133

    Certifications
    CISSP, CCENT, CASP, Linux+, LPIC-1, A+, Net+, Sec+, Project+, MTA Web/Database/Server Admin Fundamentals
    #33
    You know, I hated studying for the CISSP, but now that it's over I'm glad I did it. Yes, there's a heavy level of content directed towards management, but this is important for regular employees to understand too. It's easy for people to roll their eyes at a security policy if they have no idea about the reasoning behind it.

    Also for a pen tester I'd make it a requirement to have a CISSP. It would be a complete waste of time and money to find vulnerabilities if the person preparing a report can't convey them in terms that management can comprehend, or even worse offend someone high up by misunderstanding their role in the organization.
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Oct 2004
    Posts
    20
    #34
    Guys, I completely understand how you justify CISSP, but isn't it what SSCP for?

    Quote directly from ISC2 SSCP brochure (http://www.usf.edu/continuing-educat...brochure.pdf):
    "From graduation to retirement, (ISC)2’s got your back. If you are an SSCP looking to advance your career beyond the technical aspects of information security and into a managerial position, then the CISSP should be your next career goal. CISSPs are key decision makers who develop policies, standards, procedures and manage the overall implementation of them across the enterprise."

    ISC2 must be promoting SSCP better to the industry. Learning about corporate security practices; understanding policies, procedures, regulations etc; being able to talk the same language with the upper-management, they are all provided by SSCP.

    I am not a lone nerd in a basement "unfortunately" , I have been working in the largest IT and telecommunications companies in my country for more than 10 years, and doing network and security tasks every day including preparing procedures and presenting them to the upper management.

    Believe me, no manager is actually looking for a CISSP level technical employee. They just "think" that they need it, only because of the popularity of the CISSP name and also because they do not have any idea about SSCP.

    I insist, CISSP is (should be?) waste of time and effort for a technical level employee.
    Reply With Quote Quote  

  11. Not a Senior Member
    Join Date
    Apr 2010
    Location
    Alberta, Canada
    Posts
    142

    Certifications
    WGU BSIT, VCP 5, MCITP: EA W2K8, MCITP: Enterprise Technician, A+, Security+, MCTS: Exchange 2007, MCTS: Win 7,MCTS: SCCM,CEH, CCNA,VCAP5-DCA
    #35
    At the end of the day..you need the CISSP. I do agree SSCP is what is needed for the technical team, but everyone is looking for the CISSP, due to branding. The recruiters, and HR Department screen for CISSP, not SSCP.

    The reciters HR Department is the one that will be getting the resume into the Hiring Manager Hands (who might not care if you have the CISSP, or SSCP or neither), but the recruiters and HR department do.

    So you can try to fight and justify why NOT to do the CISSP, but if you want the best chance to get the better or higher paying position...just get the CISSP done.
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Oct 2004
    Posts
    20
    #36
    @asurania, That is true. And as I stated above, I will get CISSP, it is my goal for the next year.

    In the meantime, I will be fighting for the SSCP in every interview.

    I believe this topic is not about my certification choices anymore. I will try to have OSCP this year, and CISSP during the first quarter of 2018. I just keep writing to discuss the value of the CISSP over SSCP.
    Reply With Quote Quote  

  13. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    56

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #37
    SSCP doesn't have the recognition. Maybe it's the better fit but I don't think you can turn around the industry hiring practices overnight.
    Reply With Quote Quote  

  14. There is no spoon. p@r0tuXus's Avatar
    Join Date
    Nov 2016
    Location
    KCMO
    Posts
    519

    Certifications
    ITIL-F, A+, S+, CCNA
    #38
    Quote Originally Posted by Hornswoggler View Post
    SSCP doesn't have the recognition. Maybe it's the better fit but I don't think you can turn around the industry hiring practices overnight.
    The CISSP exam costs are easily more than twice the SSCP. So the fact that more hiring managers will want the CISSP holders than SSCP, only makes ISC2 more money. I wouldn't hold your breath on the organization sounding the horn for SSCP with those kinds of profits at stake.

    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
    Reply With Quote Quote  

  15. 518
    518 is offline
    Senior Member
    Join Date
    Mar 2011
    Location
    Somewhere in Germany
    Posts
    150

    Certifications
    CISSP|CCNP|CASP|CCNA|CCNA-Sec|CCNA-Voice|Sec+|Net+|A+
    #39
    Quote Originally Posted by kurzon View Post
    @jelevated, CISSP is not the direction I want to take. I have zero interest in managerial positions.

    Here are two example ads that I might be interested.

    https://ca.indeed.com/viewjob?jk=281e1e6467be002a

    Cyber Security Analyst
    would you look at that, both jobs has "CISSP" acronyms on it.

    I dont understand how CISSP is perceived as "Managerial" position. Most technical cybersecurity job I see asks for CISSP. Bombadier works with US Defense companies, expect them to prefer "CISSP."

    if my job doesnt asks for CISSP, I would have taken OSCP instead...I still plan to.
    Reply With Quote Quote  

  16. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    994

    Certifications
    Sec+, MTA, MCP
    #40
    Honestly.....

    I would get both. the OSCP and the CISSP. That way you have all bases covered. You have the tech knowledge with the OSCP.... and the manager knowledge to talk about company risk assesments, and thinking like a manager. You don't have to be a manager or want to be one to have the CISSP. I used to work with a NOC that had his CISSP.
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Mar 2011
    Location
    Chicago
    Posts
    1,325

    Certifications
    CISSP-ISSAP, HCISPP GPEN, GSEC, GSNA, GCIH, E|CH, ECSA, Security+
    #41
    We lost the SSCP vs CISSP (plus concentrations) battle years ago. Today its just a HR filter and more concerned with the number of certified people than anything else.

    The old adage still rings true: The CISSP is worth more to those without than to those with the certification.

    - b/eads
    Reply With Quote Quote  

  18. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    994

    Certifications
    Sec+, MTA, MCP
    #42
    Quote Originally Posted by beads View Post
    We lost the SSCP vs CISSP (plus concentrations) battle years ago. Today its just a HR filter and more concerned with the number of certified people than anything else.

    The old adage still rings true: The CISSP is worth more to those without than to those with the certification.

    - b/eads
    Plus they give anyone a CISSP!!!
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  19. Senior Member mbarrett's Avatar
    Join Date
    Apr 2016
    Location
    DC
    Posts
    355

    Certifications
    CISSP CEH CCNP Security
    #43
    Quote Originally Posted by 518 View Post
    I dont understand how CISSP is perceived as "Managerial" position. Most technical cybersecurity job I see asks for CISSP. Bombadier works with US Defense companies, expect them to prefer "CISSP."
    Government jobs look to CISSP because it's on the list of certs in compliance with the government requirements for IT jobs, such as DoD Instruction 8570.1m. This is a hard & fast requirement.
    Commercial companies might be listing that in their non-Infosec job ads, but I think it might be more of a nice-to-have thing, I don't believe it holds as much weight - especially with the hiring managers & technical people.
    Last edited by mbarrett; 08-28-2017 at 06:38 PM.
    Reply With Quote Quote  

  20. Well ain't that shiny! TLeTourneau's Avatar
    Join Date
    Mar 2011
    Location
    MN, USA
    Posts
    582

    Certifications
    CISSP, MCITP:EA, SA, EDA7, MCTSx4, MCSA 2008, CCNA (expired), Security+(expired), Project+, CIW JavaScript Specialist, CIW Web Foundations Associate
    #44
    Quote Originally Posted by kurzon View Post
    Guys, I completely understand how you justify CISSP, but isn't it what SSCP for?

    Quote directly from ISC2 SSCP brochure (http://www.usf.edu/continuing-educat...brochure.pdf):
    "From graduation to retirement, (ISC)2’s got your back. If you are an SSCP looking to advance your career beyond the technical aspects of information security and into a managerial position, then the CISSP should be your next career goal. CISSPs are key decision makers who develop policies, standards, procedures and manage the overall implementation of them across the enterprise."

    ISC2 must be promoting SSCP better to the industry. Learning about corporate security practices; understanding policies, procedures, regulations etc; being able to talk the same language with the upper-management, they are all provided by SSCP.

    I am not a lone nerd in a basement "unfortunately" , I have been working in the largest IT and telecommunications companies in my country for more than 10 years, and doing network and security tasks every day including preparing procedures and presenting them to the upper management.

    Believe me, no manager is actually looking for a CISSP level technical employee. They just "think" that they need it, only because of the popularity of the CISSP name and also because they do not have any idea about SSCP.

    I insist, CISSP is (should be?) waste of time and effort for a technical level employee.
    Ok, I'll have to let our IS managers know that they are not looking for their technical staff to have a CISSP - they will be amazed to find that out.
    Thanks, Tom

    B.S: IT - Network Design & Management
    M.S. - CSIA (Started 3/1/2017)Progress T1: C688, JIT2; T2: TFT2, C700, VLT2; T3: C701, C702; T4: FXT2, LQT2, C706
    Black = Not Started, Blue = In Progress, Red = Complete
    Reply With Quote Quote  

  21. 518
    518 is offline
    Senior Member
    Join Date
    Mar 2011
    Location
    Somewhere in Germany
    Posts
    150

    Certifications
    CISSP|CCNP|CASP|CCNA|CCNA-Sec|CCNA-Voice|Sec+|Net+|A+
    #45
    Quote Originally Posted by mbarrett View Post
    Government jobs look to CISSP because it's on the list of certs in compliance with the government requirements for IT jobs, such as DoD Instruction 8570.1m. This is a hard & fast requirement.
    Commercial companies might be listing that in their non-Infosec job ads, but I think it might be more of a nice-to-have thing, I don't believe it holds as much weight - especially with the hiring managers & technical people.
    believe me, I said that same thing to myself: I dont need a cissp to use security related COTS tools. but time and time again, those hospitals, banks, and utility companies wants cissp cert security analyst. what do you think I did to get a call for a sec analyst job?

    and lets not get started with 8570, we can have a thread dedicated just for 8570. those so called IA who only does C&A/A&A didnt need CISSP, a CAP would do and it was launched the same year DoD released 8570. not to mention, my CIV/GS counterparts only possess Security+

    It doesn't matter that a "candidate" thinks. hiring manager wants cissp, they are getting a cissp. we can justify cissp all we want (I think this has been beaten to death), but at the end of the day, if you are not the hiring manager, stop justifying that you dont need cissp when applying for the job. you dont like what the job ad says? move on and apply to a different company.

    wait, thought this thread was about OSCP vs CEH?

    I think someone has already mentioned this, and I agree:
    - CEH to satisfy job ad/requirement
    - OSCP to do well on your job
    Reply With Quote Quote  

  22. Junior Member Registered Member
    Join Date
    Dec 2012
    Posts
    5

    Certifications
    CISA, CISM, CISSP, GCFA
    #46
    I think it depends on what role you would like to go for. If you need really hands on skill in pentesting, you should go for OSCP. However, in my case, I am on the IT audit side, I need to have knowledge to audit cybersecurity process, but not actually be the one doing it, so CEH is enough for me. I'm still waiting for the funding from boss to take the exam - a way to please your boss. But I don't see in knowledge wise, CEH will benefit me the most.
    Last edited by hoccniki; 08-31-2017 at 04:29 AM.
    Reply With Quote Quote  

  23. Junior Member Registered Member
    Join Date
    Aug 2017
    Posts
    1
    #47
    Well Said. One Word Gun Shot.

    Quote Originally Posted by jelevated View Post
    CISSP for the name, OSCP for the brain.
    Reply With Quote Quote  

  24. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    994

    Certifications
    Sec+, MTA, MCP
    #48
    CEH - get this only if you have to get it to be in compliance with your job, boss, etc....
    OSCP - Get this if you want good hands on with pentesting.
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  25. Member
    Join Date
    Aug 2017
    Posts
    66

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #49
    I have the CEH and it was a waste of money in terms of knowledge. You get to play with a ton of toys, but it's an easy multiple choice test and I found the EC Council instructor to be boring. However, it does check the 8570 box if you need it and gets you past HR. It would be worth it just for those two things.

    The OSCP will teach you a ton about pen testing and will impress a hiring manager. I work at a major company that pays our pentesters 6-figures and some of those guys struggled through the OSCP. It's not an easy certification, but it's very rewarding when you are done.

    The most important thing you can do for your career is network. Get out and meet people in the field you want to be in. You never know when they may think of you for a job opening.
    Reply With Quote Quote  

  26. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    994

    Certifications
    Sec+, MTA, MCP
    #50
    Quote Originally Posted by m4v3r1ck View Post
    I have the CEH and it was a waste of money in terms of knowledge. You get to play with a ton of toys, but it's an easy multiple choice test and I found the EC Council instructor to be boring. However, it does check the 8570 box if you need it and gets you past HR. It would be worth it just for those two things.

    The OSCP will teach you a ton about pen testing and will impress a hiring manager. I work at a major company that pays our pentesters 6-figures and some of those guys struggled through the OSCP. It's not an easy certification, but it's very rewarding when you are done.

    The most important thing you can do for your career is network. Get out and meet people in the field you want to be in. You never know when they may think of you for a job opening.
    Yup you are right. also network and make associations at work. You never know when your co-worker may help you get a job one day.
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 3 First 12 3 Last

Social Networking & Bookmarks