Government Security
Network Security Resources

Jump to content

Photo

Security Certifications...

security exploit certification
  • Please log in to reply
27 replies to this topic

#16 Fluid

Fluid

    Private

  • Members
  • 6 posts

Posted 29 June 2007 - 02:55 PM

If its no toruble i was wandering if someone can list the Cert companys so ican do some research as the only ones i know are:

Microsoft
Cisco
Comptia

And please state how recognised they are! Thanks!

#17 Glyph

Glyph

    General of the Army

  • GSO Management
  • 1,604 posts

Posted 29 June 2007 - 03:06 PM

The majority of GIAC certs are run thru SANS.
You can find them at hxxp://www.giac.org/overview/

:ph34r:

#18 hack2007

hack2007

    Private

  • Members
  • 6 posts

Posted 12 September 2007 - 06:53 PM

I'm going to be taking the CEH exam pretty soon; it's when I want to take it so I have all the study materials. The CEH videos are good and kind of interactive and you learn about a lot of different things, the videos I have are mainly done on Redhat and it's a bit basic (I'm on lesson 9). It's not all about hacking like people think though so read into it more before taking the course. If you want to videos PM me.

I also have lots of Cisco training manuals, videos, PDF's and other Cisco device simulators for the CCNA and other Cisco qualifications. Again, if anyone wants them then PM me.


Dear Zorin,
Can i get the videos of CEH videos.

#19 spooks22

spooks22

    Private

  • Members
  • 4 posts

Posted 07 April 2008 - 06:46 PM

I'm 17 and still in highschool. I am in the middle of a Sec+ course at my local community college :P , at the end of the course we will be taking the Sec+ cert test. I want to pursue a career in network auditing. Do any of you have any info or experiences that would help me out? Basically, I have almost no idea where to after this. Any help/info would be greatly appreciated.

#20 cptmike

cptmike

    Private

  • Members
  • 4 posts

Posted 13 August 2008 - 04:08 AM

I'm 17 and still in highschool. I am in the middle of a Sec+ course at my local community college :P , at the end of the course we will be taking the Sec+ cert test. I want to pursue a career in network auditing. Do any of you have any info or experiences that would help me out? Basically, I have almost no idea where to after this. Any help/info would be greatly appreciated.



Spooks, et al

My personal opinion is that if you want to catch a thief, you must think like one (at least to an extent). Security is a very broad subject and I would like to think that most people that work inside the security realm are very intelligent (that is except for myself...).

Of all the certs I have, I was proudest of my CISSP. I earned it the hard way. Back then there were no brain crams, etc. It was knowing a wider field of security related subjects in order to pass the 4 hour test. If I remember correctly it was 4 hours and about 600 questions.

What I usually do to keep in the loop on things is look at hacker websites to see whats going on, then I either brush up on the new stuff or learn it. I usually hack my own system to "see" what was done and how. I do my hack work on my own VMs so I can get a "feel" for the techniques that they use for a given hack, exploit, etc.

You can download the stuff from VMWare (The Server is free and works better than MSs Virtual PC).

This means you would ideally know some DBs (Data Bases) like MySql and Oracle and OSs like Windows 200X and Unix / Linux systems like RedHat, Ubuntu, Solaris and Fedora 9.

Then look at the tools and techniques that people use to get into a system. Since there are so many ways to do this it could take a while. The important thing I believe is that you keep an open mind and never stop learning. Thats why I would never consider myself an expert or senior security guy, EVER.

Lastly learn about Risk Management and Analysis, its the basis for talking to the CIO, etc. If you can measure the amount of risk there is and get a sum of money attached to it, then you can get a rough estimate of a budget that any respective company has to invest in security products and processes.

BTW I would love any videos on CHE and Cisco stuff.

The Security+ class and cert is a great start. CISSP and other "neutral" certs are always good and can be used on various jobs. The other advice about LPI and MS is good too. The most important question I ask myself is where do I want to go and what do I need to get there. MS certs are not what they use to be. When I was a MCT it meant something, nowadays it doesnt matter as much.

If you need any VMs or anything let me know. Linux is free subject to GNU. I can send them to you or post the links if needed.

Also if I ofended anyone I apologize as it was not meant that way.

Didnt want to step on a pedestal here.

Slyfox out*
SM CAP GES SET

#21 Securitas

Securitas

    Private

  • Members
  • 1 posts

Posted 05 September 2008 - 01:05 AM

I'm 17 and still in highschool. I am in the middle of a Sec+ course at my local community college :P , at the end of the course we will be taking the Sec+ cert test. I want to pursue a career in network auditing. Do any of you have any info or experiences that would help me out? Basically, I have almost no idea where to after this. Any help/info would be greatly appreciated.



Spooks, et al

My personal opinion is that if you want to catch a thief, you must think like one (at least to an extent). Security is a very broad subject and I would like to think that most people that work inside the security realm are very intelligent (that is except for myself...).

Of all the certs I have, I was proudest of my CISSP. I earned it the hard way. Back then there were no brain crams, etc. It was knowing a wider field of security related subjects in order to pass the 4 hour test. If I remember correctly it was 4 hours and about 600 questions.

What I usually do to keep in the loop on things is look at hacker websites to see whats going on, then I either brush up on the new stuff or learn it. I usually hack my own system to "see" what was done and how. I do my hack work on my own VMs so I can get a "feel" for the techniques that they use for a given hack, exploit, etc.

You can download the stuff from VMWare (The Server is free and works better than MSs Virtual PC).

This means you would ideally know some DBs (Data Bases) like MySql and Oracle and OSs like Windows 200X and Unix / Linux systems like RedHat, Ubuntu, Solaris and Fedora 9.

Then look at the tools and techniques that people use to get into a system. Since there are so many ways to do this it could take a while. The important thing I believe is that you keep an open mind and never stop learning. Thats why I would never consider myself an expert or senior security guy, EVER.

Lastly learn about Risk Management and Analysis, its the basis for talking to the CIO, etc. If you can measure the amount of risk there is and get a sum of money attached to it, then you can get a rough estimate of a budget that any respective company has to invest in security products and processes.

BTW I would love any videos on CHE and Cisco stuff.

The Security+ class and cert is a great start. CISSP and other "neutral" certs are always good and can be used on various jobs. The other advice about LPI and MS is good too. The most important question I ask myself is where do I want to go and what do I need to get there. MS certs are not what they use to be. When I was a MCT it meant something, nowadays it doesnt matter as much.

If you need any VMs or anything let me know. Linux is free subject to GNU. I can send them to you or post the links if needed.

Also if I ofended anyone I apologize as it was not meant that way.

Didnt want to step on a pedestal here.

Slyfox out*



:D The best recommendation I must say! Keep learning-ask-read-try-do mistakes and learn and so on.
Concerning the Certification I will start trough SANS courses mentioned earlier. Taking SEC-401 in october(anyone who's taken it?? and can tell me about it).If you should certificate or not is a matter of having a proof of knowledge and something to sell yourself with. But if you have a lot of experience and already is a "name" to trust maybe theres not much point.
Good luck you all!!

#22 guerillagardens

guerillagardens

    Private First Class

  • Members
  • 58 posts

Posted 13 September 2008 - 06:01 AM

Nobody ever answers though - where are these job adverts or hirers who will take on people who have not had a job in security or in computers?

I haven't had one reply on my question about degree and HND equivalents. I've seen no adverts ever online or anyplace else, and I've looked plenty for years, where anyone is at all willing to take on someone with skills and qualifications, but hasn't had a job in that field.

Surely if you actually work in the field then you will be able to explain how and where you got your first job in it?

#23 chemist

chemist

    Private

  • Members
  • 7 posts

Posted 14 November 2008 - 10:00 AM

Well, the first job is the most difficult. Security is very "no experience is no assignment" and you don't get experience without an assignment. You have to break the circle somewhere.
One possibility is adding a part security to your current job and slowly shift the border towards security related stuff.
Another possibility is getting yourself a job/assignment on your experience in a security group.

Off course it all depends what your current job is and what possibilities there are. You have to create your own oppertunities however, nobody is going to give them to you ....

#24 magic5757

magic5757

    Private

  • Members
  • 3 posts

Posted 23 April 2009 - 06:58 AM

I took the following exams (in the following order)
GCIH
GWAS
GPEN

I took the SANS courses for each one. Ed Skoudis is the best instructor, he taught my GCIH and GPEN class. The GPEN was extrememly valuable. Most of the class was hands on using different hacking tools.

#25 guerillagardens

guerillagardens

    Private First Class

  • Members
  • 58 posts

Posted 31 May 2009 - 10:01 AM

Well yes I know; that's the same for all types of work - there is very little offered to anyone that hasn't been working in whatever field for x amount of time already.

It doesn't bode well for the future of course; but then nothing in this system does. People die, retire, there's no-one trained up properly to take over. The capitalist ship of fools is sinking...

In terms of how dependent economies have all become upon networks, it's bodes all the less well; the only thing that will help it is that the blackmarket needs the legit businesses to feed off of, therefore they are required to in some way be kept afloat.

It's an awful thing to see how polarity-minded critical services can be, the whole 'think like a hacker' thing is pretty lame, not very realistic. Like misinformed people believing lies about drugs: sad. No wonder the infrastructure is swamped, whether with marketing spam & its kipple or simply from being pwned - electrical grids and govt. offices everywhere compromised, really??? - it's not surprising at all.

IT is like another game they invented, to keep things going without using too much actual real-world resources. Fine, ok; but it won't be like that for long. Parallelism is changing the game, in more ways than just password cracking. Cloud computing, mesh wireless, IPv6, widespread wi-max and mobile broadband - are all changing the game. How far does it go, given it is about hacking and information control; it is not a good thing to set a thing up upon false grounds - those who do that usually are the first to claim foul when it's made clear that no they didn't think far enough about what kind of tactics they were saying are ok to use, when it comes to making money. You see?

So yes for my part, it's likely best I do just 'make my own' opportunities. However that does not solve that bigger picture problem. It's too easy for blaggers to seem like experts with such a system in place.
War is war......and the problem with some of the big players in the world, is that they have perhaps mistaken their past tactics as transferable to the digital world. But really, they have more moved things to a leveller playing field in some regards than has ever been possible (in recent times) - however, again to emphasise, that is not a 'play fair' type of playing field. It's not practical to threaten a keep within rules, when the 'enemy' isn't a country and isn't responsive to being bullied with nukes and so forth.

Let's not forget that by its nature security is reliant upon 'bad' people existing and doing or threatening 'bad' things. The unawares think that is what reality is all about, black and white bouncing off one another. It's also reliant on bad or lazy coding (to become less viable, especially the more parallelism comes into play*), and on many networking jobs not being done as good as they should be being done. It relies upon people being employed in areas they don't know that well. It relies on pretending that this society is based on anything ethical to begin with.! when only parts of it are.

I'm not really a coder so don't take this the wrong way, but to a skilled young programmer - what stops them from working for the malware writers, when there are no vulnerability research posts going? Or are things already that bad that it's taken for granted, because it means jobs for the few already employed in those areas.
What will we offer them: a suit, an inefficient fuel-burner to succumm any day to peak oil, a flat or a out-a-catalogue lifestyle in a faux land.......I'm sure anyone would take the version that offers the more freedom if they are intelligent people.


*though of course, that is not to say that that too will also become heavily reliant on libraries that aren't checked too well, and could be accomplished (not near its true potential obviously) using polling algorithms for job and thread scheduling that already exist being applied generally

#26 guerillagardens

guerillagardens

    Private First Class

  • Members
  • 58 posts

Posted 08 June 2009 - 10:45 AM

Off course it all depends what your current job is and what possibilities there are. You have to create your own oppertunities however, nobody is going to give them to you ....


Just to check if we're on the same page there - what exactly do you mean? Cause realistically, the only way to make your own opportunities is either to become self-employed, or to wreck things then offer to fix them for a fee. What one did you mean?

#27 SL4Y3R

SL4Y3R

    Private

  • Members
  • 10 posts

Posted 22 July 2009 - 03:36 PM

Not to recommend illegal acts, ;) but if your tight on money for buying study material and video's you can always hit up pirate bay. I've found alot of CISSP and Security+ ebooks on there. If you feel like you'll get arrested for that, PM me and I'll send them to ya. I have about 3 diffrent Security+ guides, and review questions, and the CISSP All in One manual, along with some video's on both. I also have Network+ guides too if interested. I'm currently Security+ and plan to go for CISSP when i meet requirments,being only 19 i lack 5yrs experience by far :P, preparing to take Linux+ exam next week which should be cake. Best of luck to you in your persuance of certification. It's really a must have in todays economy now :( .

-Peace

#28 TVM75

TVM75

    Private

  • Members
  • 1 posts

Posted 18 February 2013 - 07:13 AM

Can you please advise me as to the next steps into the security field?

 

I have worked within the IT profession for a while now in various architectural roles and had also taken the various MS certs, Security+, and the ISEB CiSMP certification.

 

I've been cleared but I need to work within security and eventually specialise in forensics.







Also tagged with one or more of these keywords: security, exploit, certification