Certifications

On LinkedIn and other professional sites there has been conversations about what Cyber Security certification is the best.  I will give my two cents on this topic.  There are two main types of certifications the first is exam based (multiple choice questions) and the second is practical (hands on keyboards, doing the work).  I have both kinds but I am most proud of my practical.

The CISSP is a very wide river that is not very deep, you will have an overview understanding of security terms and business events.  In other words you will know the difference between Hashing, Encoding, and Encryption but not how to implement or what they look like in daily practice.  You will also learn what a Cold, Warm, and Hot site is in regards to business continuity planning, which is great for picking up the people you are attracted to… NOT.  It is however, good to know in a business setting if you are in cyber, IT, business planning, etc.  I sat my exam in 2015 as a requirement to keep the job I had at the time.  Reading the book and taking practice exams was my only preparation and I passed it in 2 hours and 5 minutes.

The CEH, in my opinion, is for those that want a ethical hacking cert but don’t want to get their hands dirty or really know how to perform penetration testing.  This is a cert that I will forego and not worry about.

The eWPT, or WAPT, from eLearnSecurity is a practical cert.  Meaning you have to study in the lab then take a 7 day hacking test and write a professional report about all the findings you discovered in those 7 days.  This is like a simulated penetration test as you are given rules of engagement, scope, and a time frame.  This certification covers Web Application Penetration Testing.

The eWPTX is the extreme version of the eWPT and covers WAF bypass techniques, exploit writing, etc.  This is another 7 day penetration test that requires a professional report to be written and turned in at the end.

The OSCP, I am studying for this one, is the most valued practical penetration testing cert a pen tester can have.  At least that is my opinion as it seems to be the most recognized and sought after cert by both pen testers and companies.

I only covered the ones I hear or see the most and I am sure there are many more out there worth having.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s