Question

Locked

cisa/ceh/cissp after degree?

By taran12 ·
i would be completing my engineering in Information Technology this year.i would like to know which certification would be better for me for getting a job in security domain.As some of these requires experience ,how to start as a fresher in this field?

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

good question.. and a conundrum

by Neon Samurai In reply to cisa/ceh/cissp after degr ...

The conundrum being that everybody wants to hire certified staff but you need the experience to get the cert and you need the job to get the experience. There are ways to work through it.

You can volunteer where possible locally or with organizations like hackersforcharity.org.

You can work your way through it from the bottom up; get into IT, get into security, get your certs as experience pans out. It's not easy but it's possible; thelasthope.org/talks has a "from black hat to black suit" talk that would be of interest too you.

I got my Security+ as a starter cert then admin jobs. I've the experience for CEH now but need the course fees or to decide I've studied enough alone and go write the exam (much cheaper than the full course).

In a lot of places, Sans is the organization to look at after your degree. For enterprise business, the Sans certs are recognized.

This leads to the cert choices though. That depends on what it is you want to do.

CEH is mid level penetration testing and security auditing. Based on required experience, it's between Security+ and CREST. CREST is the certified registered ethical security tester. For CEH, you show up and write the exam; it's more about using the existing tools and the overall process. For CREST, you have to bring your own notebook and tool kit and do a practical exam including probably writing your own exploits.

CISSP is more to do with defensive information security. Your looking at the CIO's view of an enterprises security. I think it's CSSP or similar that is the entry level cert in that particular path. I believe you'll need years experience plus an endorsement from an existing CISSP cert holder for that application.

The sad reality of IT is that finding a company with an IT staff training program is like finding gold in your back yard. Most places expect IT staff to be up to date on there own time and expense.

Back to Security Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums