+ Reply to Thread
Results 1 to 14 of 14
  1. Junior Member Registered Member
    Join Date
    Jun 2017
    Posts
    1
    #1

    Default Certification path advice - CISSP to C|EH / OCSP

    I've recently got back on the certification track after taking and passing my CISSP yesterday, and am keen to keep the momentum as far as keeping learning and working on my certifications (getting back to the technical ones), and am looking for some advice on where to go next, ideally from the people who have both a C|EH and OSCP.

    I've worked as a Firewall and Network administrator now for 10+ years and would like to learn some skills from the other side of firewall, and I have my eye on the OSCP, a cert that seems to carry a bit of respect, and offers a learning track thats really going to give you some real world skills. Ive started to take some small steps (very small steps, Cybrary course) into learning to code in Python, with an eye on the long term.

    The question I have, is it worth me studying for and taking the C|EH to get the basic knowledge, or is this just a waste of time and effort because the OSCP will teach me everything I will learn in the C|EH and more? Appreciate there is the HR department being the 1st line of defence angle as far as the C|EH is concerned, so I'm guessing it should be on the list. But for now, I am keen on personal development. Any advice on this path would be appreciated.

    Cheers
    Reply With Quote Quote  

  2. SS
  3. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,665

    Certifications
    GPEN, GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #2
    Skip CEH and anything EC-Council. Try eLearnSecurity and SANS (if your employer pays for it)
    Goal: MBA, March 2020
    Reply With Quote Quote  

  4. Senior Member shoey's Avatar
    Join Date
    Jun 2016
    Location
    Knowhere
    Posts
    110

    Certifications
    Life
    #3
    I agree with UnixGuy. You will be kicking yourself when you get to the OSCP and realize what the C|EH didn't do for you...

    If you search through the OSCP threads on here you'll find plenty of free resources to study that will better prepare you then speding time/money on the C|EH...
    Reply With Quote Quote  

  5. Member
    Join Date
    Oct 2017
    Posts
    51

    Certifications
    Security+, CCENT
    #4
    CEH is definitely better for you HR wise. I would have actually recommended you get it before CISSP since I heard CEH can help prepare you for some of the PENtester material on CISSP but since you've already gotten CISSP CEH doesn't really do much for you outside of HR. I agree with the rest, go for an ELearn cert first to prep for OSCP if you're just interested in the skill.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jun 2011
    Location
    Maryland
    Posts
    191

    Certifications
    GWAPT, CISSP, eJPT, CEH, Sec+, ITIL-F, BS:IS
    #5
    Quote Originally Posted by HCPS123 View Post
    CEH is definitely better for you HR wise. I would have actually recommended you get it before CISSP since I heard CEH can help prepare you for some of the PENtester material on CISSP but since you've already gotten CISSP CEH doesn't really do much for you outside of HR. I agree with the rest, go for an ELearn cert first to prep for OSCP if you're just interested in the skill.
    If OP does not plan to work for US Gov't then no point at all to do CEH since he already has CISSP. I also suggest what UnixGuy advices. ELearnSecurity such as eJPT or eCPPT.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Oct 2017
    Location
    Asia
    Posts
    312

    Certifications
    CISSP, CASP, CRISC, CISA, ISO27001 LA, CISM (application pending)
    #6
    Congrats to you sir!

    Once I pass the CISSP (on or before 12/31/18 ), I wish to learn pentesting as well. Will the eLearnSecurity course(s) be helpful for a total newbie like me?
    Last edited by Info_Sec_Wannabe; 12-12-2017 at 12:38 AM.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    May 2017
    Posts
    146
    #7
    taking CISSP for me is not newbie

    for pentest i think you can take a look ejpt first

    Quote Originally Posted by Info_Sec_Wannabe View Post
    Congrats to you sir!

    Once I pass the CISSP (on or before 12/31/18 ), I wish to learn pentesting as well. Will the eLearnSecurity course(s) be helpful for a total newbie like me?
    Reply With Quote Quote  

  9. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,369

    Certifications
    CISSP, CISM, CISA, GPEN, GCIA, GCIH, C|EH, and more.
    #8
    I would take advantage of whatever my employer pays for. If you can get into a SANS course I would say take SEC560/GPEN before going for OSCP. But if that route is too pricey then CEH before OSCP wouldn't hurt if you want to learn basics (and I do mean basics). Regardless of how lots of us feel about CEH, it is a nice to have when employers are scanning resumes.
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  10. Senior Member shoey's Avatar
    Join Date
    Jun 2016
    Location
    Knowhere
    Posts
    110

    Certifications
    Life
    #9
    Quote Originally Posted by HCPS123 View Post
    CEH is definitely better for you HR wise. I would have actually recommended you get it before CISSP since I heard CEH can help prepare you for some of the PENtester material on CISSP but since you've already gotten CISSP CEH doesn't really do much for you outside of HR. I agree with the rest, go for an ELearn cert first to prep for OSCP if you're just interested in the skill.
    Not true... A couple of years back several of my compliance buddies switched back to the technical side (i.e. PenTesting), and the companies now mandate you get your OSCP within the first six months. Sure HR still looks for C|EH, but many of those jobs (where I live) also list OSCP... Additionally, any real PenTesting company is very aware of the OSCP (as well as how little the C|EH actually teaches).

    I definitely agree with E Double U that if a cert is free, might as well knock it out...
    Last edited by shoey; 12-12-2017 at 06:55 AM.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Oct 2017
    Location
    Asia
    Posts
    312

    Certifications
    CISSP, CASP, CRISC, CISA, ISO27001 LA, CISM (application pending)
    #10
    Quote Originally Posted by vynx View Post
    taking CISSP for me is not newbie
    Hmm... I'm looking at it from this perspective, CISSP will allow me to understand about how a bunch of stuff works although it is not enough for me to really know the nitty gritty (e.g., what command to use, how to interpret stuff like logs, etc.) or getting my hands dirty so to speak.

    Quote Originally Posted by E Double U View Post
    I would take advantage of whatever my employer pays for. If you can get into a SANS course I would say take SEC560/GPEN before going for OSCP. But if that route is too pricey then CEH before OSCP wouldn't hurt if you want to learn basics (and I do mean basics). Regardless of how lots of us feel about CEH, it is a nice to have when employers are scanning resumes.
    I would like to go for that route as well, but unfortunately, the SANS courses are only limited for the Red Team peeps (I'm currently in our GRC block).
    Reply With Quote Quote  

  12. Senior Member Mooseboost's Avatar
    Join Date
    Jan 2015
    Location
    North Carolina
    Posts
    741

    Certifications
    OSCP, CEH, eJPT, CompTIA CSA+, CompTIA Security+, CompTIA Network+
    #11
    I agree with what a lot of others have said regarding bypassing the CEH. I think the value point is what you are looking to do with the certification. If you are just using the CEH to prepare for the OSCP you are much better off just going for the OSCP and saving the money the CEH would have costed for extra lab time if you felt you needed more preparation.

    The only way I could justify the CEH would be if you are looking to go into DoD/Gov contract work. Mind you, that is not for a pentesting company like Rapid7 doing DoD work but for a company that deals with the DoD and is wanting someone for a security position (Analyst @ Cisco in CNS for example). Outside of that, the OSCP is going to be your bread and butter for getting a position with a pentest firm.

    TLDR; Go for OSCP.
    Last edited by Mooseboost; 12-14-2017 at 12:00 AM.
    2018 Certification Goals: OSCE
    Blog: https://hackfox.net
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    523

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE, CISSP
    #12
    CEH is too expensive to be considered like a preparation tool for other certs... it is more expensive than CISSP. At 200-300$, I would consider it, not at almost 800-900$ like I have seen.
    Reply With Quote Quote  

  14. Junior Member Registered Member
    Join Date
    Dec 2017
    Location
    Orlando Florida
    Posts
    3

    Certifications
    CCNA, Security +, Network + (All expired)
    #13
    Newby on the block, I've been working a network engineer for 10 plus years, I want to start studying for my CISSP what material should I get and any recommendation on how to prepare would be greatly appreciated.
    Reply With Quote Quote  

  15. Senior Member shoey's Avatar
    Join Date
    Jun 2016
    Location
    Knowhere
    Posts
    110

    Certifications
    Life
    #14
    Quote Originally Posted by albarnet View Post
    Newby on the block, I've been working a network engineer for 10 plus years, I want to start studying for my CISSP what material should I get and any recommendation on how to prepare would be greatly appreciated.
    I'd suggest searching the (ISC)2 section for "CISSP PASSED" threads. Many people list their study plans and what they found beneficial. Best of luck!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks