TechRepublic|Forums|Security

Security

Question

  • Creator
    Topic
  • February 25, 2010 at 3:36 am #2205369

    cisa/ceh/cissp after degree?

    Locked

    by taran12 · about 14 years, 1 month ago

    i would be completing my engineering in Information Technology this year.i would like to know which certification would be better for me for getting a job in security domain.As some of these requires experience ,how to start as a fresher in this field?

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Answers

  • Author
    Replies
    • February 25, 2010 at 3:36 am #2812574

      Clarifications

      by taran12 · about 14 years, 1 month ago

      In reply to cisa/ceh/cissp after degree?

      Clarifications

    • February 25, 2010 at 9:59 am #2813146

      good question.. and a conundrum

      by neon samurai · about 14 years, 1 month ago

      In reply to cisa/ceh/cissp after degree?

      The conundrum being that everybody wants to hire certified staff but you need the experience to get the cert and you need the job to get the experience. There are ways to work through it.

      You can volunteer where possible locally or with organizations like hackersforcharity.org.

      You can work your way through it from the bottom up; get into IT, get into security, get your certs as experience pans out. It’s not easy but it’s possible; thelasthope.org/talks has a “from black hat to black suit” talk that would be of interest too you.

      I got my Security+ as a starter cert then admin jobs. I’ve the experience for CEH now but need the course fees or to decide I’ve studied enough alone and go write the exam (much cheaper than the full course).

      In a lot of places, Sans is the organization to look at after your degree. For enterprise business, the Sans certs are recognized.

      This leads to the cert choices though. That depends on what it is you want to do.

      CEH is mid level penetration testing and security auditing. Based on required experience, it’s between Security+ and CREST. CREST is the certified registered ethical security tester. For CEH, you show up and write the exam; it’s more about using the existing tools and the overall process. For CREST, you have to bring your own notebook and tool kit and do a practical exam including probably writing your own exploits.

      CISSP is more to do with defensive information security. Your looking at the CIO’s view of an enterprises security. I think it’s CSSP or similar that is the entry level cert in that particular path. I believe you’ll need years experience plus an endorsement from an existing CISSP cert holder for that application.

      The sad reality of IT is that finding a company with an IT staff training program is like finding gold in your back yard. Most places expect IT staff to be up to date on there own time and expense.

  • Author
    Replies
Viewing 1 reply thread