topic Re: Other IT Certifications in Member Support

Other IT Certifications

blaytrail — Sun, 04 Mar 2018 15:34:24 GMT

Does anyone have other IT certification along with their CISSP? I was thinking of taking one of the GIAC certifications, but I wanted to get some feedback from the group. I really like monitoring and working with our SIEM. I am leaning towards the GIAC GMON certification. The GIAC exam and training are very expensive.

Re: Other IT Certifications

jordanpw — Sun, 04 Mar 2018 16:07:00 GMT

I've been around this industry for a long while, as in I'm old - so I have a few. MCSE: Security from back in the days when MCSE was quite the sought after cert and when Microsoft allowed you to take it with a focus (security, Exchange etc). I got the Cisco CCNA years ago but let it lapse because my career has not involved heavy exposure to Cisco equipment or being primarily a network infrastructure guy. I have the CEH, which I believe is very valuable because it's all about knowing how to attack in order to be a better defender. Last year I took CompTia's CASP - mostly because I saw that it was one of a small number of security certs that the Department of Defense values highly.

There are a large number of good certifications in our field now, so I think you can look for those which are most relevant to your current job role, or to the sort of role you want to get yourself into.

One good way to save money on study and prep costs is to look out for the 'bundle' promotions that tech sites often offer - where you can sometimes save up to 90% off the standard costs for online security courses. Here's an example of one for ethical hacking and penetration testing:

https://stacksocial.com/sales/pay-what-you-want-pentester-ethical-hacker-bundle

There are lots around like this if you follow some good tech sites - and of course I have zero affiliation or link to that site, I just googled 'ethical hacker course' to find a quick example.

Re: Other IT Certifications

blaytrail — Sun, 04 Mar 2018 16:12:57 GMT

Thanks for the reply. I appreciate your time. I think your point about what I do each day really helped me to decide. I'm going to go for the GIAC GMON. I enjoy working with the SIEM and configuring LogRhythm and Splunk.

Re: Other IT Certifications

jordanpw — Sun, 04 Mar 2018 16:21:26 GMT

Cool. Good luck with it - and that's a good, fun area to be in.

Re: Other IT Certifications

mouandaguy — Sun, 04 Mar 2018 20:12:22 GMT

In IT jobs, the most require is the CISSP. Think about.

Re: Other IT Certifications

CISOScott — Mon, 05 Mar 2018 13:58:32 GMT

@blaytrail wrote:
Thanks for the reply. I appreciate your time. I think your point about what I do each day really helped me to decide. I'm going to go for the GIAC GMON. I enjoy working with the SIEM and configuring LogRhythm and Splunk.

Yes do get certified in something your enjoy. I know people who forced themselves to take the CISSP even though they were not really in to cybersecurity. It was a miserable experience for them and they did not test well. This is not a knock on the CISSP, it is meant to say "Don't do it, if you don't enjoy it."

I have CEH, Sec+, Net+, ITIL in addition to the CISSP. I am going to go for GPEN from SANS. I am a senior executive, a CISO. The chances that I will be able to perform a pentest on my agency now or in the future is going to be extremely remote; however, I thoroughly love pentesting and hacking. That is why I am going to pursue it. Even though I may not be able to do it on a daily basis I will become much more intelligent and when writing contracts and selecting pentesting companies, I will be able to tell who knows their stuff and who is just selling something.

Always follow your passion and you won't go wrong (unless it involves stalking or harassing other people!).

Re: Other IT Certifications

Early_Adopter — Mon, 05 Mar 2018 14:42:18 GMT

@CISOScott And if you do, then there's always the Global Intelligence Agencies*! 😛

"Nice undersea cable, would be terrible if someone drove submarine into it and made Netflix traffic need to go the other way round World..."

Re: Other IT Certifications

Beads — Mon, 05 Mar 2018 15:30:34 GMT

I hold a number of past and present certs but only note my ISC(2): CISSP-ISSAP, HCISPP. Why well, outside three dozen others; just clutters things up or makes you appear to be cert hog.

Personally, doing certifications to ensure a thorough knowledge base can be useful. Racking up certs that you will never use professionally or as a way of bypassing experience are what hurts the overall industry in the first place.

With that my "I love me wall", if I hung certificates would include:

Wireshark

GIAC

CompTIA

and EC-Council, etc.

Re: Other IT Certifications

CISOScott — Mon, 05 Mar 2018 15:38:07 GMT

@Early_Adopter I'm waiting for purposeful GPS re-routing hacking. Say a realtor or new condo developer has an open house or a bunch of new condos they need sold. They hack the GPS systems to re-route traffic past their locale for more drive-by traffic. OR pay/bribe a Maps provider to re-route traffic based on a fake accident or fake traffic delay.

It's coming.....

Re: Other IT Certifications

Early_Adopter — Mon, 05 Mar 2018 17:15:56 GMT

Nice! Once you mediate reality the solipsists are basically your personal drone army.

Pretty sure 'Pokemon, Go!' could probably help you there - profile the parents, and target their children with rare Pokemon. In some places all perfectly legal. You could even funnel them based on likely housing upgrade paths, and choose the best condo equidistant from both sets on inlaws, work, and the golf course... Enemy condos are provided with the most boring Pokemon. Pokemon out of fashion? New skin for the game.

Come to think of it my Wife is a realtor, best not tell her, I reckon she's just about evil enough. ..

"Sorry love, ow ow... I didn't mean... you ... just ... erm talking on the forum..."

Silence, fade to black...

Re: Other IT Certifications

Baechle — Mon, 05 Mar 2018 23:18:11 GMT

@blaytrail

In addition to the CISSP I hold the following certifications currently:

CompTIA A+ce
CompTIA Network+ce
CompTIA Security+ce
CompTIA IT Project+
(ISC)^2 ISSEP concentration

I previously held, and let lapse:

Microsoft MCSE
Novell MCNE (SuSE/Intranetware)
Cisco CCNP (I passed the CCIE written exam, but never sat for the lab)
HQ/Compaq ASE
Citrix Citrix Certified Administrator

I keep more technical qualifications current, because the technology changes. I want to actually know something about the things I’m setting policy for (in theory).

Sincerely,

Eric B.

Re: Other IT Certifications

Early_Adopter — Tue, 06 Mar 2018 03:28:29 GMT

Oh back to 'Other IT Certifications':

Current: CISSP, CCSP, Security+,CIPM, CIPP/E, CSM, CPO;

Old: MCSE 2k3 Security and messaging, ITIL, Sidewinder G2 and a load of other vendors certs none of which are as memorable as the Sidewinder.

Next targets: CSSLP, CIPP/US.

Re: Other IT Certifications

Bertikus — Tue, 06 Mar 2018 06:22:22 GMT

I have the SEC + (almost worthless), NEC + (worthless) and the CISSP (I have to say it is the most valuable one of all***********we are being watched***********). I take the CCNA every now and then for fun but it always "times out" after 3 years. I do like working on routers and switches so I may do it again. Find the subject you like and do that cert. If you land a job because of certs, then chances are you will have more fun doing it.

Re: Other IT Certifications

Early_Adopter — Tue, 06 Mar 2018 06:58:23 GMT

Ah, but Security+ was an elective for the old MCSE, and was a very easy lift, turn up and do. Whereas the MS exam options required you to have a decent amount of knowledge, there were I think seven exams required in all? The old one doesn't time out either - we can look forward to being Security+ certified in 50 years time.

Always play strengths and interests.

*I see what you mean... The CISSP is, of course, Awesome. I'm now two inches taller, can spot phishing attacks through bad actor IP curdling and have mind powers...

Re: Other IT Certifications

Bertikus — Tue, 06 Mar 2018 09:21:34 GMT

I'm taller but I didn't get the mind powers (need a mind for that one)