What Certs would you recommend for getting work in the Security Sector?

[Xinapse]

After Security+?

[jk2447]

I suppose it depends on where specifically you want to be. CEH might be able to get your foot into the door of a junior testers role, maybe. CISSP is the defacto security cert if there is such a thing as most disciplines hold it in high regard. There are a lot of hoops to jump through before you can qualify to take either of those certs. You could do an MCSE: Security or CCNA: Security if you wanted to be a technical specialist.

My advice would be to go onto a job site and see what they are asking for and also look into the various roles in the field as in my experience they vary massively from extremely technical, to all paperwork and iso's.

[wagnerk]

Are you looking for certs or certs and education? And also what part of security?

JK has already listed a few and there are also:

1. The associate of SSCP or CAP from ISC2 as you don't have the experience (based on your post, but I could be mistaken)
2. M889 Computer Forensics and Investigation and M886 Information security management from the OU
3. Various "Responding to computer misuse" courses
4. Security5 from the EC-Council
5. GSEC from GIAC

If you already work in IT, possibly getting your professional registration (eg ICTTech from the ECUK) may assist.

[Xinapse]

Are you looking for certs or certs and education? And also what part of security?

JK has already listed a few and there are also:

1. The associate of SSCP or CAP from ISC2 as you don't have the experience (based on your post, but I could be mistaken)
2. M889 Computer Forensics and Investigation and M886 Information security management from the OU
3. Various "Responding to computer misuse" courses
4. Security5 from the EC-Council
5. GSEC from GIAC

If you already work in IT, possibly getting your professional registration (eg ICTTech from the ECUK) may assist.

Thanks for your reply, it will be in addition to a Computer Science degree.

[Xinapse]

I suppose it depends on where specifically you want to be. CEH might be able to get your foot into the door of a junior testers role, maybe. CISSP is the defacto security cert if there is such a thing as most disciplines hold it in high regard. There are a lot of hoops to jump through before you can qualify to take either of those certs. You could do an MCSE: Security or CCNA: Security if you wanted to be a technical specialist.

My advice would be to go onto a job site and see what they are asking for and also look into the various roles in the field as in my experience they vary massively from extremely technical, to all paperwork and iso's.

I eventually want to work in penetration testing.

[jk2447]

I eventually want to work in penetration testing.

A very tough nut to crack. Make sure you master a language or two on that degree and have good *nix skills.

[Monkeychops]

If it's a pen tester you're aiming towards then you probably want to go for the more technical/hands on certs rather than the infosec management ones.

That said a CISSP is not usually a bad thing to have, the ISEB CISMP is a good starter-ish cert in that kind of area as is the SSCP (the mini CISSP ).

CeH is very much seen as an entry level cert in the world of testing, it will probably help with a foot in the door though.

The target certs for testers are the Check Team equiv which are harder to get, you've got the choice of Tigerscheme or CREST which have Check equiv certs if you're not working for a Check company.

The SANS certs are also pretty good, and I believe the Offensive Security stuff is decent as well.

A very tough nut to crack. Make sure you master a language or two on that degree and have good *nix skills.

Not as tough as people may think, and certainly don't need to be a master of any languages to get into the field ;) You do need to be a little proficiant with Linux though.

Yes it's a pretty technical role, but there's a lot of people skills involved as well if you want to progress above just a standard tester.

There's all the pre and post engagement stuff to think about which requires a lot of communication with various people, also a fair amount of diplomacy involved

If you are not in an IT role yet then that's your first point of call, ideally you need to have some understanding of how things work in the world of corporate IT.

I was a tester for a while and whist not specifically a tester now am still heavily involved in the area, any questions just fire away.

[wagnerk]

Just adding for the CISSP, SSCP, CAP you do need the experience otherwise you only gain the "Associate of..." ISC2 credential.

[Monkeychops]

Just adding for the CISSP, SSCP, CAP you do need the experience otherwise you only gain the "Associate of..." ISC2 credential.

Yup, the ISEB CISMP whilst a pre req is advised that you have experience it's not a hard pre req as it is for those above.

As said anythng specific you want to ask fire a pm my way.