Does anyone have other IT certification along with their CISSP? I was thinking of taking one of the GIAC certifications, but I wanted to get some feedback from the group. I really like monitoring and working with our SIEM. I am leaning towards the GIAC GMON certification. The GIAC exam and training are very expensive.
I've been around this industry for a long while, as in I'm old - so I have a few. MCSE: Security from back in the days when MCSE was quite the sought after cert and when Microsoft allowed you to take it with a focus (security, Exchange etc). I got the Cisco CCNA years ago but let it lapse because my career has not involved heavy exposure to Cisco equipment or being primarily a network infrastructure guy. I have the CEH, which I believe is very valuable because it's all about knowing how to attack in order to be a better defender. Last year I took CompTia's CASP - mostly because I saw that it was one of a small number of security certs that the Department of Defense values highly.
There are a large number of good certifications in our field now, so I think you can look for those which are most relevant to your current job role, or to the sort of role you want to get yourself into.
One good way to save money on study and prep costs is to look out for the 'bundle' promotions that tech sites often offer - where you can sometimes save up to 90% off the standard costs for online security courses. Here's an example of one for ethical hacking and penetration testing:
https://stacksocial.com/sales/pay-what-you-want-pentester-ethical-hacker-bundle
There are lots around like this if you follow some good tech sites - and of course I have zero affiliation or link to that site, I just googled 'ethical hacker course' to find a quick example.
Thanks for the reply. I appreciate your time. I think your point about what I do each day really helped me to decide. I'm going to go for the GIAC GMON. I enjoy working with the SIEM and configuring LogRhythm and Splunk.
@blaytrail wrote:Thanks for the reply. I appreciate your time. I think your point about what I do each day really helped me to decide. I'm going to go for the GIAC GMON. I enjoy working with the SIEM and configuring LogRhythm and Splunk.
Yes do get certified in something your enjoy. I know people who forced themselves to take the CISSP even though they were not really in to cybersecurity. It was a miserable experience for them and they did not test well. This is not a knock on the CISSP, it is meant to say "Don't do it, if you don't enjoy it."
I have CEH, Sec+, Net+, ITIL in addition to the CISSP. I am going to go for GPEN from SANS. I am a senior executive, a CISO. The chances that I will be able to perform a pentest on my agency now or in the future is going to be extremely remote; however, I thoroughly love pentesting and hacking. That is why I am going to pursue it. Even though I may not be able to do it on a daily basis I will become much more intelligent and when writing contracts and selecting pentesting companies, I will be able to tell who knows their stuff and who is just selling something.
Always follow your passion and you won't go wrong (unless it involves stalking or harassing other people!).
@CISOScott And if you do, then there's always the Global Intelligence Agencies*! 😛
"Nice undersea cable, would be terrible if someone drove submarine into it and made Netflix traffic need to go the other way round World..."
I hold a number of past and present certs but only note my ISC(2): CISSP-ISSAP, HCISPP. Why well, outside three dozen others; just clutters things up or makes you appear to be cert hog.
Personally, doing certifications to ensure a thorough knowledge base can be useful. Racking up certs that you will never use professionally or as a way of bypassing experience are what hurts the overall industry in the first place.
With that my "I love me wall", if I hung certificates would include:
Wireshark
GIAC
CompTIA
and EC-Council, etc.
@Early_Adopter I'm waiting for purposeful GPS re-routing hacking. Say a realtor or new condo developer has an open house or a bunch of new condos they need sold. They hack the GPS systems to re-route traffic past their locale for more drive-by traffic. OR pay/bribe a Maps provider to re-route traffic based on a fake accident or fake traffic delay.
It's coming.....
Nice! Once you mediate reality the solipsists are basically your personal drone army.
Pretty sure 'Pokemon, Go!' could probably help you there - profile the parents, and target their children with rare Pokemon. In some places all perfectly legal. You could even funnel them based on likely housing upgrade paths, and choose the best condo equidistant from both sets on inlaws, work, and the golf course... Enemy condos are provided with the most boring Pokemon. Pokemon out of fashion? New skin for the game.
Come to think of it my Wife is a realtor, best not tell her, I reckon she's just about evil enough. ..
"Sorry love, ow ow... I didn't mean... you ... just ... erm talking on the forum..."
Silence, fade to black...