Security Certifications...

Discussion in 'Other IT certifications' started by dmarsh, Aug 11, 2007.

  1. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    I was considering looking into maybe doing some security certifications. I'm a software architect/developer by trade so security is generally but one of my concerns, but I may specialise if theres the demand.

    I'll probably start with the Security+.

    After that it becomes a bit more tricky, theres CEH and CISSP.
    Both require recertification which I'm not really keen on, i'm fine with the idea of keeping my skills up to date but don't really want to have to constantly prove it to every tom dick and harry by giving them more money or going to their conference etc. If I maintain one program will another accept it as credit etc ? It currently looks like a minefield, I also don't want to invest in a cert that becomes irrelevant in one years time when a new one comes out.

    The IACRB have a number of certs, are these recognised ?

    I'm curious what other peoples thoughts are on this, what do you reccomend ?
     
  2. bowulf

    bowulf Bit Poster

    11
    0
    14
    I have one security certification (TICSA), and I am not sure it means that much. I very well could have taken that minefield you spoke about. If you feel the studying for the exam would provide some beneficial knowledge, then by all means go for it. If you are going to get the cert to prove something to others or to pad your resume/CV, it probably is not worth it. I have studied for the CISSP and got disillusioned with the value of it. The security environment is really hard to define by a certification exam beyond broad terms. I would much rather read a good book about PKI or implementing secure directory services than some cursory glance at 100 different security topics. I would suspect the same to be true for those with a more programming slant as well.

    That's just my perspective.
     
    Certifications: Master CNE,VCP,MCSE,MCSA,MCTS,TICSA,CCNA
    WIP: ITIL, MCITP-W2K8 (EA)
  3. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,140
    555
    383
    I've only just started out with security certs this year, so I may not be the best person to advise. However a friend of mine wrote a blog about security certs, while it is primarly aim for the US audience, it may help you.

    To see Wayne's blog, click here.

    Hope this helps :)

    -Ken
     
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
  4. DarbyWeaver

    DarbyWeaver Bit Poster

    11
    0
    26
    Security Certs:

    Here's my take:

    Security+ is a good general exam that fills a lot of soft spots.

    Kewliscious!!!


    Now...

    I'm a Cisco and MS kind of guy so for me...

    MCSE+Security and CCSP - kind of natural.

    I do Messaging and it is out there so... MCSE+Messaging...

    Which leads me to VoIP...

    So UCSE...

    and later I'll finish my CCVP - nice since QoS is a nice security tool too.

    Then if pointed me to a Packeteer and a Load Balancer = F5.

    Then...

    TICSA easier and CISSP - boring come to play...

    Then...

    I'm a Sniffer kind of guy...

    So I completed the Sniffer Certified Professional, Expert and Master certifications in juicy areas like Application Analysis, TCP/IP, Windows, and Wireless LANs...

    The CWNE is on my agenda...

    Everyone loves to hack websites and ecommerce...

    So MCIW is on the way...

    And you know they love SQL Exploits...

    So -> OCP, MCDBA, Sybase, etc.

    Everyone knows AS/400 is where the money is so.... AS/400 and DB2...

    Then most exploits are in Linux/Unix...

    So... gotta get these too, CLP, SCO, Solaris, RHCE etc.


    See my point...

    Security is everywhere...

    I even tied it to Crystal Reports, ITIL, and BICSI...

    Yeppers...

    Love it or leave the industry...
     
    Certifications: CCNP CCDP CCSP CCVP CCNP-Wireless
    WIP: CCIE RS/Wireless
  5. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    Well I was after maybe one or two suggestions, you have suggested 24+ certifications ! This is patently ridiculous, I don't think many people could really do all these subjects justice in a sensible amount of time even if they could pass the exams. Then theres the cost of the exams and training materials.

    Certifying on multiple databases or unix based platforms would not be strictly necessary from a security standpoint, neither would knowledge of voice technology for most people. Why don't you suggest I do a course in self defence while you're at it ?

    http://www.theregister.co.uk/security/security_report_windows_vs_linux/

    While I appreciate the article is a little old now, the arguments are still valid, at best no real comparison can be made.

    I'm well aware that security is everywhere but trying to list every cert on the market is not helpful, in fact even your friend Michael Boson states that too many certs on a CV is not necessarilly a good thing. Even just in the security field if you read Kens link you would see there are 100 odd certifications, I was hoping for clarification not a muddying of the waters.

    No I don't have to love your rather unhelpful post, and no I won't be leaving the industry.
     
  6. mattwest

    mattwest Megabyte Poster

    514
    8
    62
    Oh dear..... I sense a frank exchange of views coming.... i'll see how it pans out before i chip in!! :blink :)

    Play nice.....
     
    Certifications: See my signature...
    WIP: Maybe re-certify my CCNA
  7. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    Any responses directly related to the original intent of this thread would still be greatly appreciated ! :D

    Just in case anyones in any doubt let me try and restate my question :-

    1. The IACRB have a number of certs, are these recognised ?

    2. Other than Security+, what one or possibly two security specific certs could I take that :-

    A. Require less than a years worth of part time study.
    B. Have regonition in the marketplace and a future.
    C. Do not cost in excess of £500 each to self study and take the exam.
    D. Do not require security clearance or proof of years of work as a Pen Tester.
    E. Ideally do not require recertification either through exams or a closed points system.

    I would prefer the certs to directly relate to either Pen Testing, Application Security or Reverse Engineering.

    I hope thats made it clear enough for everybody now, thanks for listening !
     
  8. mattwest

    mattwest Megabyte Poster

    514
    8
    62
    ...<sigh>... I was only playing... serves me right for being in a surprisingly good mood late on a Sunday evening! Anyway please ignore my post for being irrelevant. I'll try and post something constructive later as i do have just a couple of security certs...
     
    Certifications: See my signature...
    WIP: Maybe re-certify my CCNA
  9. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,140
    555
    383
    I have never heard of them (but that doesn't mean anything), and looking at their website it looks like it's primarly for the US. Looking at your locationit is hampshire, UK. If you see here, they only have testing centres in the US.

    You haven't stated what language(s) you use (not sure if it really applies to you) and it also depends on what environment you work in, plus added to the rest of your stated conditions it makes it alot harder to try to help you :( If you could provide more info, it may help us help you :)
    For example, there's no point us recommending a MS course if you don't work with their technology, etc...

    -Ken
     
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
  10. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    Hi Matt ! The intention was to inform that your views are most welcome :D

    Yes I know I thought maybe a course in the US might be fun. :D

    Well maybe I've narrowed the field too much now ? They are not set in stone, just a general indication of what my thoughts are. I generally program in C++/Java, I have been known to program in around 14+ languages, plus various frameworks and middleware. I just wanted to ensure I had a good grasp of security basics as well as maybe some depth in one area like application security.

    Appologies if my previous posts seem a little off, just wanted to get the thread back on track ! :oops:
     

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.