When and if you ever get any training I am sure you'll tell us.
Until then
Sorry just as your possession of an IT certificate does not mean that you know any thing at all about true security, which you do not, my decision not to waste money on a meaningless certificate does not make me a rookie. I have over 50 years experience working with computers going back to the late 1960s learning programming on an IBM 1620 and later the college replaced the 1620 with an IBM 1130.
Top Certs for Security Workers with U.S. Clearances | Articles
Game Over
ClearanceJobs’ Top 10 List
Unsurprisingly, CompTIA Security+ came in as the most commonly-held cert among the surveyed population. Equally unsurprisingly, the CISSP shows up as the highest-paying cert, with average compensation for holders at $143,000 and up. Here’s how things shook out:
1) CompTIA Security+
2) Six Sigma
3) Project Management Institute Project Management Professional (PMI PMP)
4) CompTIA Network+
5) Information Technology Infrastructure Library (ITIL)
6) Certified Information Systems Security Professional (CISSP)
7) Cisco Certified Network Associate (CCNA)
8) ScrumMaster
9) Amazon Web Services (AWS)
10) Microsoft Certified Solutions Expert (MSCE)
Someone once said, "CCNA is N+ on steroids". N+ will give you a solid foundation for CCNA
8 Most Difficult IT Security Certifications
8. Systems Security Certified Practitioner (SSCP)
The SSCP certification from (ISC)2 is the only entry-level security certification on this list. It's roughly on the same playing field as CompTIA Security+ (at least according to the Department of Defense). But, it's on here precisely because it's an entry-level exam that goes deep.
It has seven domains intended to validate what you learned in the first year on the job as a security professional. Again, that means you should first be in a security role, which is something you typically graduate into as an experienced IT professional. In other words, your first IT job ever probably won't be in security.
You're required to have a minimum of one year of experience. Then you must pass a 3-hour, 125-question, multiple choice exam, with a score of 70 percent or better. Once you're a SSCP, you also must re-certify every three years by earning 60 Continuing Professional Education (CPE) credits.
SSCP certification is one of the US Department of Defense (DOD)-approved baseline certifications for both Level I and Level II Information Assurance Technical (IAT) certifications.
7. CCNA Security
Unlike the first certifications, CCNA Security is vendor-specific and focused on security of Cisco networks. CCNA Security is also approved for both DOD Level I and Level II IAT baselines and typically carries more weight with private employers than both the SSCP and Security+ certs, CCNA Security tends to be a better "door opener" than either the SSCP or Security+.
Some people have expressed surprise at the depth of knowledge required when sitting for the exam. As one person put it, "The exam is fair, but difficult." Cisco exam objectives are a great starting point to study for the CCNA Security, but hands-on experience is the best way to pass this tough exam.
To become CCNA Security certified, you must first have a Cisco CCENT, CCNA Routing and Switching, or CCIE certification and then pass a 90-minute, 60-70 question CCNA Security (210-260) exam.
6. GIAC GSEC
The Global Information Assurance Certification Security Essentials (GSEC) is an intermediate-level infosec certification that is DOD-approved for Level II IAT security technicians. If you have networking experience, you may find the GSEC topics familiar. It has a lot of definitions, and a ton of incident handling. It's also deceiving because it's open book.
This exam is open book, but don't let that fool you. You really need to know your stuff — and not just security-wise. Even though the cert has "security essentials" in its name. Security means you've got to know it all. Security certs can throw anything at you.
The GSEC exam is a 5-hour, 180-question, open-book exam. The exam is proctored and candidates pass with a grade of 74 percent or better. The GSEC exam tests the candidate's understanding and problem-solving skills with scenario-based questions.
The GSEC is valid for four years and can be renewed with 36 Continuing Professional Experience (CPE) credits.
Note: Again, though this certification is called "security essentials," it actually also implies "networking essentials." We recommend that you brush up on material from CCNA, CompTIA Network+, and IPv4 subnetting.
5. White Hat Hacking
White hat hacking is focused on the prevention of most common attacks and securing systems and networks.
White hat hacking is designed to ensure a strong understanding of hacking practices including footprinting and reconnaissance, scanning networks, SQL injection, worms and viruses, DoS attacks, social engineering, and honeypots.
With the increasing number and awareness of cyber-attacks, white hat hacking resonates with many employers.
4. Certified Information Systems Security Professional (CISSP)
The Certified Information Systems Security Professional (CISSP) from (ISC)2 is arguably the current gold standard of infosec certifications.
It's an advanced-level certification for IT security professionals and is recognized and valued by both industry and government employers worldwide. Like CASP, CISSP is approved as a DOD baseline for Level III IAT security technicians. That's where the comparison ends.
CISSP certification is designed for security professionals who develop information security policies and procedures. This is the most advanced certification we've discussed so far, and for many candidates, it may require up to a year to prepare for the exam.
The certification exam is a 6-hour, 250-question monster. And in order to take the exam, you must prove that you have worked at least five years as a security professional. That's important. They have fairly strict requirements for counting security experience. There's a little wiggle room in the five-year experience requirement with a four-year degree, but it has to be the right type of experience.
Without the requisite experience, you can pass the exam, but you'll remain an (ISC)2 Associate until you reach the minimum number of years. And not all experience is counted.
You must also be endorsed by an (ISC)2 sponsor. If you don't have a sponsor, that's alright. You just need to perform a couple extra steps to be endorsed by (ISC)2.
As you can see, there a lot of hoops to jump through to become a CISSP. Once you're a CISSP, you must re-certify every three years through at least 120 hours of continuing professional education, and you must pay a yearly $85 fee to maintain your certification.
It's intensive but definitely worth it.
3. CCIE Security
Of course a CCIE is on this list. Every CCIE is going to be tough, and CCIE Security is among the toughest out there. To pass this exam, you sit for a 2-hour exam — and then pass the 8-hour lab. To put this one in perspective, the average CCIE takes the 2.3 times to pass the lab. But if you can get through it, then you'll be among the 4,000 people in the world who have passed this exam.
2. Offensive Security Certified Professional (OSCP)
The second most difficult IT security certifications is the Offensive Security Certified Professional (OSCP). As the name suggests, this cert is designed for security practitioners who are involved in the penetration testing process and lifecycle.
Why is this certification difficult? Well, to even be eligible for the exam, candidates must first complete the OSCP-hosted "Penetration Testing with Kali Linux" training course. If you're interested, Keith Barker covers that some of the ground in his CBT Nuggets course Penetration Testing with Linux Tools.
The OSCP certification exam itself is the famous (or perhaps infamous) 24-hour marathon exam where you have to bag as many machines as you can in a massive virtual environment. The candidate must then submit a comprehensive penetration test report at the conclusion of their exam.
This certification is a true test of the candidate's penetration testing process expertise. It's close to the most arduous exam we've encountered, except for this next one.
1. GIAC Security Expert (GSE)
At latest count, there were only 228 GSEs in the world. You can go for the GSE after passing GSEC, GCIH, and GCIA with gold in two, but most GSEs have 8 GIAC certs. The cert itself is a multiple choice exam, research paper, and a two-day hands-on lab.
An interesting aside: The first hands-on
Bookmarks