Skip to main content

6 Tech Certifications That Will Get You Hired as a Security Pro

I'm not a gigantic fan of Security Certifications, but this is interesting, as it allows you to know your audience, and it allows the audience to know what to look for.

Why am I not a Gigantic Fan of Certifications?

  • Anything that can be bootcamp'ed is worthless.

  • Anything where all the answers can be found in the book for the classware, and you are allowed to take the classware book with you to the test.. worthless

  • Anything that does not require a practical exam.  (Either written or physically typing something) is worthless.  Which is why I am a slightly larger fan of the Gold GIAC certifications.  As they require you to write a practical.  Or the harder Cisco ones, or the Redhat exams.

Personally I'd rather hire someone that can do the job, do it well, and if they don't know the answer, know where to find it.

6 Tech Certifications That Will Get You Hired as a Security Pro |


z9m9z said…
I agree with you about the GIAC certs. I was dismayed when they dropped the practical from the requirements. I feel actually having to *demonstrate* your knowledge instead of just taking a multiple-choice test had a lot of merit.

And I would have left the CISSP out of the list. I know far too many CISSPs who know all of the testable answers (as opposed to the correct ones), and can't manage to apply any of that information.

I decided against going after a CISSP (though I have had the bootcamp training) when a CISSP I work with questioned the need for a practical. "That just proves you can write," he said, something with which he himself has quite a bit of trouble.
Joel Esler said…
I agree on the CISSP point. Like I said, anything you can bootcamp is
worthless. I've seen some really really "unknowledgeable" persons in my
career that have a CISSP. You know, people that claim that they run Windown
98 because it's "more secure".
David said…
I value my CISSP <must be my non-bootcamp requirement for study>. Now, earning my C|EH, well don't get me on a tyrant (login to http://blah to access the portal, WHAT??).
Joel Esler said…
Not sure what was up with the last portion of your note, but okay.
Didier Stevens said…
I've a bunch of certs. I think I took 18 cert exams. My Red Hat exam was the most fun: only hands-on problem solving, and no open book. Until I took The Offensive Security exam for WiFi security. Offensive Security exams are also completely hands-on, but not proctored. You take the exam online, so you can do it from your home, and you can use any info source you want. So it's even closer to real life.
JeffSoh said…
While I get your point about something being "boot camped", and heartily agree a GIAC Gold is far better than Silver, I wouldn't go to the extreme of saying the test-only certs are worthless. With the quality of SANS teaching, and the amount of information presented, you're much better off after having taken the training and studying for the cert, in my opinion. And if you didn't study? Open book or not, you're not gonna pass. There's just way too much information to blow off the classes or the study time and pass a GIAC cert. Again, in my humble opinion (and from the experience of holding three SANS certs)
Joel Esler said…
Okay Jeff I'll agree with that for the most part. My argument is against
certifications like "Security+" where people have just simply posted the
answers online.
markofu said…
Hi Joel,

I sent you an email on this recently :) I've done quite a few GIAC certs, two of which are Gold. I completely agree with you on the value of certifications where the questions are predictive and far too often, many of these folk don't cut it in the real-world.

The Gold element is definitely more difficult in my opinion (though I don't rate my 2002 practical very high :) ) and I cannot recommend the GIAC Gold highly enough and I agree that it marks the person out, which brings me to the GSE.

I hope to be able to sit the GSE next year, though much of that will depend on whether or not there's a European sitting. I just need the GSEC (yeah, I went at it the wrong way) and I'm toying with the idea of doing a GCIA practical if I've time.

I'm not really too worried about the written paper but the practical will be tough, though I wouldn't have it any other way. I think this is what marks the GSE as different - i.e. it's hard and (I believe) people fail. I know whether or not I pass, I will learn and that's what matters to me most!

Enjoying the blog as always :)

Joel Esler said…
Thank you Mark.

Popular posts from this blog

Offset, Depth, Distance, and Within

Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people sometimes misunderstand.  They aren't difficult, and hopefully after this explanation and a few examples, I can clear some of the air around these five modifiers.

The five modifiers that I am talking about are
OffsetDepthDistanceWithinnocaseThese five modifiers are not keywords of themselves, but rather they apply as modifiers to another keyword.  That keyword is "content". The content keyword is one of the easiest pieces of the Snort rules language as all it does is look for a particular string.  So for instance if I wanted to look for the word "joel" within a packet.  A simple:
content:"joel";Would allow me to do that.  The interesting part comes into play when you want to specify where inside of a particular packet you want the string "joel" to be looked for.  If you are running just a plain content ma…

Writing Snort Rules Correctly

Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical.  I don't want to discourage this person from writing articles about Snort rules.  It's great when people in the Snort community step up and explain some simple things out there.  There are mistakes, it comes with the territory.  If you choose to be one of the people that tries to write Snort rules, you also choose to be someone who wants to learn how to do it better.  That's why I write this blog post, not to bash the writer, but to teach.

I noticed this post today over at the "Tao of Signature Writing" blog, and to be honest I glanced over most of it figuring it was a rehash of things I've already read or things that have already been written from countless people about "Here's how you write Snort rules!".  I scrolled down quickly skimming, not reading at all really, and noticed this part:
Now, let us look at the second questio…

Safari 5.1.4 now available

Safari 5.1.4 now available, fixes issues and improves performance | TUAW - The Unofficial Apple Weblog:

Improve JavaScript performanceImprove responsiveness when typing into the search field after changing network configurations or with an intermittent network connectionAddress an issue that could cause webpages to flash white when switching between Safari windowsAddress issues that prevented printing U.S. Postal Service shipping labels and embedded PDFsPreserve links in PDFs saved from webpagesFix an issue that could make Flash content appear incomplete after using gesture zoomingFix an issue that could cause the screen to dim while watching HTML5 videoImprove stability, compatibility and startup time when using extensionsAllow cookies set during regular browsing to be available after using Private BrowsingFix an issue that could cause some data to be left behind after pressing the "Remove All Website Data" button