Security Basics mailing list archives
Re: Doubt regarding Sec+
From: Adam Jones <ajones1 () gmail com>
Date: Tue, 22 Nov 2005 08:41:09 -0800
On 19 Nov 2005 05:39:22 -0000, kota_44 () yahoo com <kota_44 () yahoo com> wrote:
HI All , I have a question regarding Security + exam . I have a about an years experiance on working on Application Security and now to widen my security knowledge base and also to get some relevant Security related certification under my belt I had a doubt of what to start of with so the first exam which many suggested is Sec+ but a large no of others gave a feed back that this one aint having a good value now and not worth the Time and effort and better to start of with something like CEH .
Security+ is intended to give you a decent baseline in network and application security. It documents that you have demonstrated the core knowledge necessary to learn other security topics, and should be competent enough to not screw anything up too bad. In other words i agree that it is a good start. CEH looks like it sets you up to be a pen-tester. IMO it helps you learn processes, not concepts. In addition the term "hacker" in the title seems like it is there just to incite a response. They could just have easily went with "Certified Penetration Tester" and covered the same course material. Having "Ethical Hacker" in your title may be great to impress friends and kiddies, but I doubt too many hiring organizations will find it appealing. If you are looking at something where your work is either a) mostly solo, or b) done on contract (this is 80% of the jobs out there) then CEH is probably a bad idea simply for the reason that the term hacker has become synonomous for bad guy to everyone outside the computing community. In that sense calling someone an "ethical hacker" becomes akin to calling them an "ethical lawyer" or "ethical car salesman".
But other suggested this as a good base for CISSP .
Based purely on name I think the CISSP would be a better second choice. I have not looked at the actual content of the certification, but it will look better on a resume than CEH. This obviously is not the only criteria with which you should be evaluating certifications, but I think it is an important one.
So could you all who probably are familarized or taken Sec + can update me with pros/cons or why one should/ should not take it and its current value and what can be a good alternative to start off if not Sec + .
Overall sec+ is fundamentals. Think of it as security 101. It gets you enough to let figure out where you want to learn more. There is enough information in there to allow you to be competent as a junior administrator with a little bit of software-specific training. It does not really teach you how to implement very much, but does teach you "best practices" CEH appears to be more in-depth in the specific field of penetration testing. It has the benefit of (hopefully) requiring more knowledge about security in general, but loses a lot of credibility with the management types due to the stigma on the name "hacker". CISSP seems like an unknown to me. It looks like a more advanced/practical sec+, but that is only after a relatively brief review of the cert. If I were to give you a suggestion on what to do it would be this: 1) get a sec+. At the least it makes sure that you have studied all the basics. Do your best to ace the test, as barely passing the cert means you didn't really learn the topic. 2) Avoid CEH. I will put in a caveat here that if you do not plan on getting a job where you deal with management, at all, then it probably is ok. I have yet to find any jobs like that, and should one appear you will probably be run over for it by people with more experience anyways. 3) Consider the CISSP. Look carefully at what it actually teaches, and try to find people that have taken it to give you feedback. (hopefully such a person will respond to this thread) Don't get it just to get it, make sure it really is worth the money. -Adam
Current thread:
- Doubt regarding Sec+ kota_44 (Nov 21)
- Re: Doubt regarding Sec+ John Maher (Nov 22)
- Re: Doubt regarding Sec+ Adam Jones (Nov 22)
- Re: Doubt regarding Sec+ Jason Thompson (Nov 23)
- Re: Doubt regarding Sec+ Ivan . (Nov 22)
- <Possible follow-ups>
- Re: Doubt regarding Sec+ cg (Nov 22)