+ Reply to Thread
Results 1 to 15 of 15
  1. Junior Member Registered Member
    Join Date
    Nov 2013
    Posts
    5
    #1

    Default Information Security Certification path CEH OR OSCP OR GPEN?

    Hello folks

    I hope you are doing good. I have good experience with multi vendor security products and routing, switching as well. I am CCIE-SEC, JNCIE-SEC.

    I would like to pursue information security certifications:

    1- To understand concepts of information security in more depth
    2- To get true hands on with how to do attacks on web applications, database etc with tools and with scripting/programming

    I really would appreciate if you could give me your expert inputs what would be the good path to start with. Should I start with CISSP, CEH, OSCP, GPEN, CISA, CISM etc

    Really appreciate and thanks
    Reply With Quote Quote  

  2. SS -->
  3. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #2
    The recommended first information security certification is CompTIA Security+. However, with the CCIE-SEC and JNCIE-SEC, you already have a good technical background in security, so you should start by looking seriously at the CEH for the offensive side of InfoSec. GPEN and OCSP would then come next.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  4. xax
    xax is offline
    Member
    Join Date
    Jul 2013
    Posts
    40
    #3
    Between CEH and OSCP I think that eCPPT is a good cert. I think eCPPT's course has a good material.
    Reply With Quote Quote  

  5. Cyber Ninja III rogue2shadow's Avatar
    Join Date
    Apr 2010
    Location
    MD
    Posts
    1,498

    Certifications
    CISSP, GXPN, OSCE, OSCP, OSWP, CEH, CNDA, CPT, Security+, Network+, A+
    #4
    I agree with JD and xax. The CEH did provide a basic structure for pentesting but didn't go all that deep beyond "here's the methodology -> here's a tool -> here's a screenshot -> next tool" when I took it. The OSCP is definitely a leap into the deep end (from a first time pentesting perspective) but you will quickly gain experience attacking all types of technologies. It is definitely not for the faint of heart and the "Try Harder" slogan is 100% on the money when it comes to being successful in the lab and exam. The lab and exam are hands-on and also require documentation which gives you experience in writing a debrief report for a client post-engagement. I would highly recommend the course after some exploration into the field.

    The eCPPT web material served as an excellent introduction to the OWASP 10 and the Collesium labs definitely helped reinforce the concepts involved with exploiting each vulnerability type.

    If were to do it again, I would probably follow the same path: Sec+, CISSP, CEH, OSCP, GPEN, etc.

    I think overall it comes down to how you learn best, funding, and what the outlook of your cert path is intended to be (pentester vs security analyst vs malware reverse engineer etc).
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Mar 2011
    Location
    Chicago
    Posts
    1,285

    Certifications
    CISSP-ISSAP, HCISPP GPEN, GSEC, GSNA, GCIH, E|CH, ECSA, Security+
    #5
    Having competed two of the three - here's an easy guide.

    C|EH - "The Tour of Tools"
    GPEN - Journeyman level cert. Very good.
    OSCP - Master's level penetration testing exam. Pass this and you have my respect!

    - B Eads
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #6
    Quote Originally Posted by beads View Post
    Having competed two of the three - here's an easy guide.

    C|EH - "The Tour of Tools"
    GPEN - Journeyman level cert. Very good.
    OSCP - Master's level penetration testing exam. Pass this and you have my respect!

    - B Eads
    I agree with your perspective on CEH. Can't speak for GPEN, as I haven't done it (SANS is too expensive). But OSCP is not a Master level course. OSCP is an entry level certification. Its only more difficult than CEH because it requires hands-on demonstration of skills as opposed to just knowledge.

    Don't get me wrong...its a GREAT course, but if you want to get a job as a professional pentester, you better at least have skills at the OSCP level, but really, your kung fu needs to be a lot stronger than that.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #7
    @OP - It looks like you have a solid Juniper and Cisco background, so you know both command-line tools and TCP/IP routing and switching. The only other ingredient you'll need is determination. If you have that, I'd say jump right in with OSCP, and I think you'll do fine.
    Reply With Quote Quote  

  9. Junior Member Registered Member
    Join Date
    Nov 2013
    Posts
    5
    #8
    Thank you very much guys. Really appreciated your inputs. Could you please guide me also which course could grow my skills better in terms of writing scripts on paython etc for doing exploitation/attacks on web application/database etc, instead just using of tools. Also comparing eCPPT with CEH, which course should I go for and then following by OSCP/OSCE.

    Thanks !
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #9
    SPSE - SecurityTube Python Scripting Expert is a good course on security related python scripting.

    Its a toss up between CEH and eCPPT. Both are fairly easy programs. CEH is more well-known. But eCPPT will get you started with hands on. So I guess it depends on what you value more. eCPPT will probably be better prep for OSCP.
    Last edited by NovaHax; 11-11-2013 at 07:45 PM.
    Reply With Quote Quote  

  11. Junior Member Registered Member
    Join Date
    Nov 2013
    Posts
    5
    #10
    Thanks NovaHax. Appreciated. Now I think I can easily decide for the choice of offensive security courses. One more thing I would like to ask,

    CISSP, CISA, CISM, CRISC courses are helpful for what field either for pentester or only security analyst or just for management? I mean after doing the offensive certifications, these certifications make sense?

    Thanks
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #11
    I got CISSP because of the title and added value to my resume. I don't really know if it helped get my PenTesting job, but it certainly didn't hurt. But don't expect to get much technical value out of it. Its a high level management certification. It demonstrates knowledge of security theory...but not much else.
    Reply With Quote Quote  

  13. Member
    Join Date
    Mar 2013
    Posts
    63

    Certifications
    CISSP, OSCP, GWAPT, IAM
    #12
    My vote is also for the OSCP. The course is an awesome value and I learned more from it than any course I have ever taken.
    Reply With Quote Quote  

  14. You can't stop the signal
    Join Date
    Jul 2013
    Location
    USA
    Posts
    261

    Certifications
    CISSP-ISSEP
    #13
    Quote Originally Posted by kashifrana View Post
    Should I start with CISSP, CEH, OSCP, GPEN, CISA, CISM
    1- This depends on what concepts you mean. The basis for everything? Maybe a CRISC. I've heard that hits risk management pretty hard. Resume builder and low level of knowledge across the board? CISSP.
    2- If you're talking only about an offensive perspective (hacking), I would definitely do C|EH -> OSCP if you don't have any basis in hacking methodology or fundamentals. If you do have that basis in hacking methodology, just go OSCP. Now, I've heard great things about eLearnSecurity, as well, you may want to check them out.
    Reply With Quote Quote  

  15. Junior Member
    Join Date
    Nov 2015
    Posts
    14
    #14
    Hi


    Have you completed course in information security(CEH,OSCP,CISSP) , i need your advice on this, I have experience in security products and routing, switching as well. I am JNCIE-SEC, i need to go ahead further on security domain , but confused on deciding which course to take , i based on your experience can you suggest which is apt to take .


    Regards,
    Midhun P.K
    Reply With Quote Quote  

  16. Member
    Join Date
    Jan 2017
    Posts
    96
    #15
    The OSCP is not your typical entry level course.
    This isn't like net+ or security+...id say an advanced entry level course, I theres such a thing.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks