Security certification path

[Blackoutt]

Hey guys!


I'm studying security for some years and I see a need for security certs to get decent jobs and other opportunities. I know, cert is not all you need but is something.


I wanna know your opinion about this subject, what is a good path to get some certifications to get recognized in this aspect, and not lose money with junk certs.


I was thinking CISSP, CASP (Sec+ needed I think) and ECSA (CEH needed), not specifically in this order.

EDIT: OK, CEH is some junk but is needed, today I found the ECSA slides and other things, lets see if is same as CEH.

EDIT 2: How can I forgot OSCP!!!!

[white-knight]

From what i've seen and read Sec+ and CE|H is good for getting you in the door with HR and so on. I also see lots of places wanting the OSCP more often.   


So i would get them three or at least 2 CEH and OSCP , then once you get a job go for the higher certs like CISSP since most companies will pay for the training and so on... No reason to spend money you might not have till you know the cert will get you where you want to be..   


Just my opinion tho

[Blackoutt]

Good point white-knight, but in my reality (not sure if is here or just my opinion) CISSP is lower grade and OSCP is higher, in price and in knowledge required.

I know some CISSP professionals but don't know personally not even one OSCP professional. Everyone says that OSCP is one of more dificult cert to get.

I don't have money to get OSCP now, I think I will start with CEH and after that go for ECSA (here we have a company who is ec council partner and we have discount). With these two I have a good chance to get promoted and have a little more money to spend in certs. When I have money I'll look for OSCP and maybe CISSP.

Not sure about any of these, but this is the plan

[iTpHo3NiX]

Get a bachelors in computer science [and information systems/technology] then worry about certs

[Blackoutt]

Get a bachelors in computer science [and information systems/technology] then worry about certs

I'm in the last year of my university course.


I'm getting a degree in Information Security (and something about network engineering at same time, this course have 2 degrees, don't now how this work for sure).

[iTpHo3NiX]

Well good on ya then. A degree will get you hired and the company will pay for your certs. Just get the CompTIA certs as those are the main ones recognized by organizations, Net+ Sec+ and of course A+ also Microsoft and Cisco certs are the way to go.

[Blackoutt]

CompTIA certs are enough? Looks like too shallow

I don't like Cisco but is true, there's no way to get a good job without it...

And Microsoft is OK, I'll look for them.

[iTpHo3NiX]

The reason why is usually the person hiring you (HR Dept) won't even know the difference between a CEH Cert and an A+ Cert. In the industry however the CompTIA, Microsoft and Cisco are the recognized certs

[viktory]

CEH is a meme

Score yourself an OSCP and you will be truly respected by any and all security firms.

[x40a0e]

IMHO any place that thinks of CEH as a good cert to have wouldn't be an ejoyable place to work. I read through a book on it and it was a worthless vocabulary test. Go for OSCP for sure.