General discussion

Locked

Which certification for an Ethical Hacker

By Aldanatech ·
Which certification do you think would be most appropriate for an Ethical Hacker (someone hired to legally test a system's security). Would it be a Security+, a CISSP, or a CEH? Would it be a combination of each, and if so, in what sequence?

This conversation is currently closed to new comments.

23 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

At ease

by mrcarpenter In reply to Which certification for a ...

From my experiance expecialy with all the new teck data and programs out there these days it will not make to much differance what kind of credentials you carry until you get known. It is to easy to falsify any form of ID or credentials.To out your prospects at ease you will need to have an contact page fro them to get into and do thir won PI work about you to verify who you really are.

Collapse -

CISSP Code of Ethics

by Joe Werner In reply to Which certification for a ...

The CISSP has a fairly comprehensive Code of Ethics. Aa a certified CISSP, you must subscribe to and observe this code. This could be valuable in reassuring a potential employer as to your ethical status. Check it out at https://www.isc2.org under Information, Ethics.

CISSP is also a comprehensive exam of the security field, helping to demonstrate that you have knowledge of more than just hacking. As a prospective employer or client, I might value the hacking skills, but would want to find a broad background and understanding as well.

Collapse -

more than just computer skills

by net-engr In reply to CISSP Code of Ethics

IMHO, I agree with both the SANS and CISSP approach. What you want to prove to potential employers:

1) you can interface with business/management
2) you have social skills and understand how to use them (as social engineering is just as big a part of hacking as computer skills)
3) you have computer (hacking) skills or at least an understanding thereof.

The CISSP will demonstrate #1 and #2. SANS will show #3.

The most lucrative work (and best references) come from involvement at the MIS-director or above management level. Often, computer security investigations by organizations outside of the company's own MIS/IS/IT dept. is handled above the MIS/IS/IT director level to maintain independence. The best jobs are ones that the CIO or other executive brings in ***with the knowledge and agreement of the MIS/IS/IT director***!!!. Otherwise, you can get caught in a political mess when it comes to presenting the results. Ultimately, most MIS/IS/IT directors are happy to have your results when they are in on the project as your results will often justify additional IT investments for the company.

Often a good way to start is with a local university. Do some security consulting for them first with the understanding that you want to use them as a reference. Build on that.

Bottom line: ethical security consulting is really as much or more about business acumen than hacking skills if you want the results of your investigation to do more than gather dust on someone's desk!

(BTW, most (non-IT) executives won't recognize the security cert.s yet. Bring along bullet point summaries of the cert. qualifications with the cert. logos to meetings with potential clients.)

Good luck!

Collapse -

I agree, but one more thing....

by BlueKnight In reply to CISSP Code of Ethics

I agree with Joe on the CISSP cert. One other thing you might want to consider in addition to certification would be joining the local chapter of the HTCIA (High Technology Crime Investigation Association). Visit http://htcia.org/ for info.

You will have to be sponsored by a current member to join, but these are the folks with many good contacts, a lot of good information to share, and being a member of such an organization would help you to be accepted for that kind of work. Your ethical hacking knowledge would also be helpful to other members of HTCIA also.

Collapse -

Get ordained

by SirLanse In reply to Which certification for a ...

Get ordained as a priest or a minister in a
real church. Then I might trust you with my
computer systems. Or **** just be honest enough
to pass a background check.

Collapse -

Background Check

I think, if you're going to make the shift to security, you'd be best to get certification advise from folks in the security industry - not technologists. That's 'cause you're talking about more than just a niche certification, you're talking about a whole career change.

The folks you'd want to talk to (here, in Texas):
1. State Board of Private Security - These guys license Security Guards and P.I.'s.
2. Dept. of Public Safety - These guys license non-federal cops.
3. National Security Agency - These are the folks who will ultimately grant or withold a security rating.

While a Microsoft, Oracle, Cisco, Novell, CompTIA or other certification would give you some credibility with the technology - hackers usually don't need to be technological wizards. They use most of the same technologies the rest of the world uses.

What's *unique* about hackers, or embezzlers, or terrorists, or whatever other kind of crook (or cop) is a willingness to go to lengths others would not.

For instance, a "hacker" trick is to steal someone's wallet or purse and use the info contained therein to hack away. Are you willing to take that step?

If so - there may be a job in security that's just waiting for you.

Collapse -

Persistence

by phate5180 In reply to Which certification for a ...

It's all about persistence and motivation. I just started fresh out of college and working for a company that does such testing and I don't have any of those certifications. I found a local company that provides these services, went into my interview with the attitude that I won't take "no" for an answer and I landed the job. I am actually in the process of getting my Security+ by the end of the summer. For the CISSP I believe you need 3-4 years on the job experience to qualify for the test itself. It makes sense to do it in this order because Security+ is comprised of five domains, where CISSP has ten domains.

Collapse -

You must be an MBA ...

by KaceyR In reply to Which certification for a ...

- Disclaimer: I put no value of any kind on any of certifications touted by our industry.

The idea of a certificate for ethical hacking is at least ludicrous and at most completely stupid.

If certifications were to exist that would grant any hacker a nod from management, every dangerous hacker on the planet would get one. If you don't see this, then remove your blinders.

This idea should be relegated to the ranks of "Official Bikini Inspector".

Collapse -

umm. MBA=no...

by pporcella In reply to You must be an MBA ...

...so you "disclaim"(think) certs are of no value? Hmmm...I disagree. IMHO,It means someone went the lengths to at least prove they know the basics. It's all up to them to prove hands on if they know the stuff. Paper Certs vs Hands On is a valid argument...but all up to the employer ultimately to give the prospect a shot, then the prospect has to put his certs where his mouth is...how many "basic" managers would really know what a hash is anyway? IT managers sometimes know the criteria.It's not necessary for them to know everything about the how-to's...otherwise you would make the manager the security professional...just my 2 cents

Collapse -

Abso-friggin-lutely

by bkwade In reply to umm. MBA=no...

How many job ads have you seen that say no certification required; we'll take your word for it? Not many I'll bet. They do serve a purpose...well, most of them do anyway. They are at least a way to judge a person's ability to learn & regurgitate if not an accurate representation of their skills but ****, even Babe Ruth crawled before he could walk.

I can also, however, totally see the point of paper certs being BS sometimes. As an IT educator, I regularly see people who are getting certs that I wouldn't let tie my shoes, much less work on my beloved machines. Unfortunately, they make the grades to pass the classes although they obviously lack the skill set God gave a brick. Not much we can do about that though what with the legal issues and such that are involved. Probably indicative of our entire education system as a whole (hole?).

Back to IT Employment Forum
23 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next

Related Discussions

Related Forums