+ Reply to Thread
Results 1 to 13 of 13
  1. Senior Member Pash's Avatar
    Join Date
    Nov 2006
    Location
    United Kingdom
    Posts
    1,615

    Certifications
    Comptia Security+, AWS CSA-A
    #1

    Default A question regarding best security related cert based on current circumstance

    Dear All,

    I am posting here to ask you all "What is the best security related cert I can go for in my current circumstance?". A little info on me to assist with some answers:-

    I am a DevOps Engineer for a payments gateway company (PCI-DSS is big for us). I am a volunteered security champion from the devops team. I love cryptography in general, always have and always will. I work on toolsets that I write in python/golang and I also help setup cloud related platforms, CI and CD platforms and I am heavily involved in the releasing of software into all of our environments, in an automated fashion. I do have an interest in hacking and pentesting in general. I am also a big believer in security to the left movement. DevSecOps is the future for me.

    We have a security team in-house and I asked a colleague of mine which cert he recommends. He recommend the rather hardcore OSCP certification, which I had heard off before from a security meetup. I am not even against looking to switch into more of a security related role in the future. Especially in the payments sector.

    I am just curious to what the security community recommends here.

    Any help is appreciated.

    Many Thanks,
    DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    430

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #2
    Your question and answer had a lack of specificity. Do you want to break into the network and show vulnerabilities?

    Do you want to defend against people breaking into the network (and not showing you weak-points)?

    Do you want to manage the people doing #1 or #2 but attending meetings and keeping other people out of their business?

    Please be specific.
    2017: CCNP (done), FITSI-M (done) CCIE Written
    2018: CCIE R/S
    2019: VCP (DCV/NV), OSCP
    2020-1: MBA
    Reply With Quote Quote  

  4. Senior Member Pash's Avatar
    Join Date
    Nov 2006
    Location
    United Kingdom
    Posts
    1,615

    Certifications
    Comptia Security+, AWS CSA-A
    #3
    I wan't to learn how to attack, to learn how to defend. I write a lot of web front/back end tooling. Behind these tools are sensitive systems/data and I wan't to make sure they do not get compromised.
    Last edited by Pash; 11-02-2017 at 07:01 AM.
    DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
    Reply With Quote Quote  

  5. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,357

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #4
    OSCO is hard core penetration testing and needs contentious dedication.


    Check out eLearnSecurity PTS (eJPT), it will introduce you to a lot of attacks, and you get to learn them hands-on in the labs. if you find it too easy and want to move on, then OSCP can be next!


    For general security knowledge, have you thought about CompTIA Security+ / CASP ?
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  6. Member
    Join Date
    Dec 2015
    Location
    Monterrey, Mexico
    Posts
    32

    Certifications
    COBIT5 Foundation,CSA+,CSSLP, CISM, CISSP-ISSMP, CEH, ITILv3 Foundations
    #5
    Checkout the info on the following certs:
    ISC2 CSSLP
    SANS DEVXXX series
    PCI Professional
    Comptia CASP

    The CISSP-ISSEP sounds like it could apply but as I haven't read the book about that one, I could be wrong. I'm bumping reading that CBK to 2019. And you also need a valid CISSP to take it.
    Last edited by fitzlopez; 11-03-2017 at 12:12 AM.
    Reply With Quote Quote  

  7. Senior Member yoba222's Avatar
    Join Date
    Jun 2013
    Posts
    407

    Certifications
    LFCS, GCIH, eJPT, CCNA, CAPM, Sec+, Net+, A+
    #6
    GCIH seems to fit the bill in my opinion, but only if the company is paying.
    Reply With Quote Quote  

  8. Senior Member Pash's Avatar
    Join Date
    Nov 2006
    Location
    United Kingdom
    Posts
    1,615

    Certifications
    Comptia Security+, AWS CSA-A
    #7
    Thanks for the reading materials and suggestions. I did have a comptia Security+ many moons ago (MCSA 2003 elective) not sure if that is still even valid. I think as it was pre 2010 it might be. I am a security champion at work, have attended DevSecCon in London in 2017. I am pretty aware of most modern security threats. I am not afraid of a grind out study if it will really be beneficial. Ill have a review and think and see what to do.
    Last edited by Pash; 11-03-2017 at 05:51 PM.
    DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Feb 2016
    Posts
    23

    Certifications
    CEH, MCP, Qualys Certified Specialist
    #8
    DevOps Security Engineer role is beginning to spin up. We have an open position and I know that Prezi also has an open head. Instead of learning into another role, try to learn more about cloud security, securing/hardening infrastructure, security features of AWS and Azure, etc.
    I would recommend getting CCSK first instead of hacking related certificates.
    Reply With Quote Quote  

  10. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,339

    Certifications
    A+, Network +, GSEC, GCIH, Lunatic+
    #9
    Quote Originally Posted by yoba222 View Post
    GCIH seems to fit the bill in my opinion, but only if the company is paying.
    I agree, the GCIH is a highly desirable cert with employers, it offers exposure to both pentesting, vulnerability scanning, and incident response. While it doesn't dive too deeply into any one area, it checks the most number of boxes for what your described. Once you have this, you can specialize in the specific area your interested in.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    May 2013
    Posts
    1,207

    Certifications
    GWAPT, GSEC, Associate of (ISC)2, C|EH, CCNA:Security, CCNA:R&S, CCENT, Security+, Network+
    #10
    How well do you know OWASP?

    If you are already in DevOps dealing with web...your experience is going to be most closely related to web app security. I suppose you could branch out and learn more about network / system pen testing...but you will look a lot better if you get very good at web app security. Certs like GWAPT, EWPT, OWASP (https://www.owasp.org/index.php/Cate...n_Requirements) to name a few.
    Reply With Quote Quote  

  12. Senior Member Pash's Avatar
    Join Date
    Nov 2006
    Location
    United Kingdom
    Posts
    1,615

    Certifications
    Comptia Security+, AWS CSA-A
    #11
    Good question. I am a https://www.owasp.org/index.php/Security_Champions on our AppSec team. This OSCP recommendation I received was from our AppSec team leader. I did gulp a little when he said "I would take you very seriously if you had this cert and was a devops engineer" and I was thinking...."I don't know if my wallet can take that or my time". There is a AWS security related specialty exam in beta at the moment, which I will probably do. GCIH sounds good but I am unsure of how much it would cost. I am having a hard time deciding if I am honest. They all look equally interesting and valuable. I think the AppSec consideration is the most important as mentioned, everything is code in the world of 'serverless' cloud. I am seeing a ton of new contracts in the London job market for Devops Security leads etc. Sounds like a good time to get myself into the security world for good.
    DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
    Reply With Quote Quote  

  13. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,624

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #12
    Small certs give will give small results. Go big. OSCP

    GCIH is pretty simple imo and not cheap
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    280

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE
    #13
    You could go for more general security certs.. like CISSP and add some more specific like CCSP or CSSLP. It all depend on where you want to go in your career. If you want to more into Red teaming, look for OSCP.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks