House of Hackers

ehmo

Useful certs?

Guys, what do you think about this certs? Are they useful for something?

CISM http://www.isaca.org/Template.cfm?Section=CISM_Certification
CISA http://certification.about.com/od/certifications/p/CISA.htm
CISSP https://www.isc2.org/cgi-bin/content.cgi?category=538

Share

Reply to This

Replies to This Discussion

Coco Permalink Reply by Coco on May 10, 2008 at 5:51pm
CISM it's for security managers, general security policies, security implementation stuff
CISA it's good for Security auditors, Penetration Testers. But not in the technical way this cert is good, but planning the audit, and all the procedures.
My chief from work has CISSP it's a general security related cert. also for security managers
.If you are more interested in the technical aspect of security i suggest C|EH (certified ethical hacker) from Ecouncil
Also the certs from SANS institute are good in the technical way of speaking.

Reply to This

roxberry Permalink Reply by roxberry on June 3, 2008 at 7:10pm
I have CISSP and CEH. CISSP is useful as it requires 120 CPEs every 3 years on an "official" basis. It gives me cred to tell my boss that he needs to send me to conferences or training. CEH just started a CPE like system. Tests were generally easy, experience requirement was useful but doesn't mean you are proficient. As far as "gravitas", I think some people notice, but generally I could put any letters after my name and it would impress them. On that note, if someone has a CISSP, I know that reasonably I can talk to them about security issues - if they're not certmongers, they generally care about the state of infosec.

Reply to This

System Daemonologist Permalink Reply by System Daemonologist on October 29, 2008 at 6:34pm
Is there one for Web App only?

Reply to This

Grayn0de Permalink Reply by Grayn0de on November 11, 2008 at 1:36am
I don't know of any, myself... but ECCouncil's C|EH, E|CSA, and LPT would be a good start, for sure. The C|EH has a decent chunk of web app pentesting stuff. I would suggest those and a good amount of web app dev skills and web/db server administration (you can get individual certs in some of this) experience. Once you have the foundations, the web app pentesting is pretty much the same thing as os/application/network pentesting.

Now, keep in mind, I say all of this from a research standpoint, as I hold no certs and am still fresh on the infosec scene. I am only just now about to move up from minor sec admin/analyst tasks (policy/procedure, firewall, enterprise security, etc...) to QA/Web Sec and server auditing. :)

Reply to This

System Daemonologist Permalink Reply by System Daemonologist on November 16, 2008 at 9:32pm
Thanx for your answer... I'll look at it.

I do have experience for all of this, but never did look at cert before.

Reply to This

RSS

About

pdp pdp created this Ning Network.
Create a Ning Network! »

© 2009   Created by pdp on Ning.   Create a Ning Network!

Badges  |  Report an Issue  |  Privacy  |  Terms of Service

Sign in to chat!