Your daily source of Pwnage, Policy and Politics.

[display_podcast]

Episode 300 – Switching Jobs & InfoSec Certifications

InfoSec Daily Podcast Episode 301 [ 40:20 | 18.49 MB ] Play Now | Play in Popup | Download (19)

ISDPodcast Episode 300 for January 13, 2011.  Tonight’s podcast is hosted by  Rick Hayes, Keith Pachulski, and Varun Sharma.

Announcements:

Appalachian Institute of Digital Evidence (AIDE)

When: February 17 – 18, 2011
Where:  Marshall University Forensic Science Center, Huntington, WV

http://aide.marshall.edu/default.htm

SANS Community

Jason Lawrence, Management 414: SANS +S Training Program for the CISSP Certification Exam

When: Wednesday, February 23, 2011 – Wednesday, April 27, 2011
http://www.sans.org/mentor/details.php?nid=23493

Use the Discount Code: isdpod15 for a 15% discount.

@BSidesAustin

When: March 11-12, 2011Where: The Walton-Joseph Building, 706-708 6th Streethttp://www.securitybsides.com/w/page/33728032/BSidesAustin2011

Indiana Linux Fest
When: March 25-27, 2011Where: Wynhdam Indianapolis West Hotel Indianapolis, INhttp://www.indianalinux.org/cms/
CFP is currently open!

@THOTCON

When:  Friday, April 15th, 2011
Where: Chicago, IL
http://www.thotcon.org

@BSidesLondonWhen: Wednesday 20th April, 2011
Where: The Skills Matter eXchange, 116-120 Goswell Road, London, EC1V 7DP
http://www.securitybsides.com/w/page/27749044/BSidesLondon

@DerbyConWhen: September 30th – October 2, 2011
Where: Louisville, KY
http://www.derbycon.com/

@daveshackleford
‘Get Secure or Die Tryin’
#BSidesSFvote http://bit.ly/blEH3E
Flood Relief:
Fifth_Sentinel is asking for donations for Queensland, AU
Official donation site is: http://www.qld.gov.au/floods/donate.html

Intro/Outro Music provided by JimmyZ (http://soundcloud.com/jimmyz)

Stories:News: http://blogs.csoonline.com/1324/bad_job_switches_and_hard_feelingshttp://www.csoonline.com/article/651482/what-it-s-like-to-make-the-wrong-job-switchTom Brennan has a great article and associated follow up to his article was about Erin Jacobs switching jobs and discovering the move wasn’t right for her. One of the main points she tried to make was that she left IOActive on good terms and that one should never burn their bridges.  But when readers started filling in the comments section, the story started to take on a different, more bitter flavor.

Certifications: We often get asked about various certifications and really have tried to inject some humor into our responses.  For a number of reasons I have to say that I look at certifications with disdane as seems that they were always something that was dangled infront of Information Technology, InfoSec professionals and those with no professional experience as a requirement.  I would say that they may have been a requirement for certian jobs or to do specific tasks they may perfered someone with a certification over those without.  That being said, I no longer feel that all of them offer the value that they once did.  And believe me this is coming from someone that was once a cert whore.  If I had to break down the Information Security certificates that I would think add value to your career and are one’s that you might consider then the following list would be my guide.  This doesn’t mean that you’ll get a job immediately in InfoSec if you have these as there are many folks that get a job without them.  Much like having a Bacehlors degree will never hurt anyone looking for a job, but without one you might be excluded from the pile of resumes that gets you in the door.  So here’s my list in no certain order:
General Security (Technical):GIAC Security Essentials Certification (GSEC)
General Auditing:Certified Information Systems Auditor (CISA)
Management:Certified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)GIAC Security Leadership Certification (GSLC)
Penetration Testing:Offensive Security Certified Professional (OSCP)*GIAC Web Application Penetration Tester (GWAPT)GIAC Certified Penetration Tester (GPEN)Offensive Security Wireless Professional (OSWP)*Offensive Security Certified Engineer (OSCE)*
* Knowledge is demostrated in a lab environment
Below is a complete list of all certfications as a comparison.CompTIA: Security+Cisco Systems: CCNA Security • CCSP • CCIE SecurityEC-Council: ENSA • CEH • CHFI • ECSA • LPT • CNDA • ECIH • ECSS • ECVP • EDRP • ECSP • ECSOGIAC: GSIF • GSEC • GCFW • GCIA • GCIH • GCUX • GCWN • GCED • GPEN • GWAPT • GAWN • GISP • GLSC • GCPM • GLEG • G7799 • GSSP-NET • GSSP-JAVA • GCFE • GCFA • GREM • GSEISACA: CISA • CISM • CGEIT • CRISC(ISC)2: SSCP • CAP • CSSLP • CISSP • ISSAP • ISSEP • ISSMP •ISECOM: OPST • OPSA • OPSE • OWSE • CTAOffensive Security: OSCP • OSCE • OSWPMile2: CPTEngineer (CPTE) • CPTConsultantCREST: CREST ConsultantIACRB: CPT  • CEPTeLearnSecurity: eCPPTSCP: SCNS • SCNP • SCNACERT: CSIH

All works represented here are compiled from various sources (email, IRC, forums, and original author/websites). If the original work is copyrighted it is presented under the fair use of a copyrighted work, Copyright Act of 1976, 17 U.S.C. § 107, for purposes of criticism, comment, news reporting, teaching, and research. No use is directly intended as an infringement of copyright. Attribution is always given to the original source, if known. To have any copyrighted material removed, please contact isdpodcast[at]isdpodcast[dot]com.

No comments

Trackbacks/Pingbacks

  1. Tweets that mention InfoSec Daily » Episode 300 – Switching Jobs & InfoSec Certifications -- Topsy.com - [...] This post was mentioned on Twitter by Bill Gardner and others. Bill Gardner said: RT @isdpodcast: [Podcast]: Episode 300 ...