Boards.ie

LLcoolJ27 · 13-05-2012, 22:57

Hi all

I'm in the middle of studying for the CISSP exam which I hope to do in December 2012. Is there anyone else in a similar position?

It would be useful if a few more people could get involved in some kind of study group every week? Maybe a room could be rented somewhere and one person could do a lecture each week and help each other (especially with harder domains).

I understand there's bootcamps out there to do this but two/three heads are better than one (when people can't afford to pay out 5k or more for a bootcamp).

Would anyone be interested in this? I definitely would get alot out of this and maybe others would too?

Let me know if there's anyone interested so we can set something up!

Speak soon!
Laura

**JimmyCrackCorn** · 14-05-2012, 03:26

Best of luck im buried in the CEH exam with the CISSP next on my list.

LLcoolJ27 · 14-05-2012, 10:31

Thanks alot, and the best of luck in the CEH.
I do penetration testing, let me know if you need some help with content. That might be my next exam too!

infodox · 14-05-2012, 15:29

Best of luck to ye both, and have either of you got the exam papers or whatever for CISSP/CEH? They are on my (eventual) to-do list (OSCP first anyway) and I would love to see what exactly is expected in them. I had the leaked CEH v7 course materials a while back, but cannot remember much except it was not as "practical" based as the OSCP stuff.

**JimmyCrackCorn** · 15-05-2012, 03:48

I do asset management for a living or something like that.

kyub · 15-05-2012, 13:49

Lads, PLEASE take this post into consideration. I wouldn't touch CEH with a barge pole. Please do your research on the EC-Council (and their background as a marketing company who saw the security industry boom) and read reviews before doing it. It scares me the amount of steam EC-Council have gained and the amount of people that are doing their courses and looking to get their certifications purely because someone else says they have one or they see it on a blog or a recruitment website.

Personally, I would (and will be) go with:

http://www.elearnsecurity.com/course...ting/index.php

These guys are up and comers but getting really great reviews from folks that can be trusted like this one. They do a really great beginners pentesting course and then the advanced one.

Following this, I would move over to the OSCP and pretty much anything Offensive Security do. Once you're comfortable and/or certified

then you can move into code stuff if you're not proficient already. I've spent a ridiculous amount of time researching certification and this is my current plan. See my waffle about other certifications here:

http://www.boards.ie/vbulletin/showp...9&postcount=14

infodox · 15-05-2012, 22:05

The ElearnSecurity stuff is good, I keep asking for free trials... VERY comprehensive stuff.

And yes, the EC-Council does seem to have more than its fair share of scumbaggery and such occurring, however, professionally speaking the CEH can make a difference as it IS recognized.

The ideal is a SANS qualification, though it (as kyub states) WILL cost ya.

I still have a soft spot for OffSec courses, and my goal is OSCP then OSCE. Only doing OSCP first to "have" it, and to see how hard the time-limiting stuff is.

Oddly enough, there is a MAJOR gap in the market for web app security courses. None of the courses seem to cover it very well... Right, who wants to help start one?

BTW, CISSP still requires 5 years industry experience, no?

kyub · 15-05-2012, 22:24

I totally agree on the CEH. As much as I can't stand EC-Council or their courses but the CEH is recognized and you'll see it bandied about all over the place.

And yeah, to get the actual CISSP certification requires 5 years industry experience, but you can still do the course and get an "Associate of ISC2" status which carries a bit of weight too.

**JimmyCrackCorn** · 15-05-2012, 23:17

Laura you have a point. I've had this discussion before.

I needed to start somewhere it was easily doable and is a hr checkbox.

Offensive security certifications are respected by those who know what they are but as a hr checkbox not recognised. Also a very very good standard of exam.

For what I've paid so far in time effort and money. The motivation to start moveing means ceh is worthwhile to me.

I'm not expecting miricales nor do I consider ceh to be technical enough but it's a start.

markofu · 16-05-2012, 11:46

+1 against CEH (sorry), they've deservedly come in for a lot of crap recently and it's not respected by those in the know.

Re. Sans Certs, they're excellent but yep, they're definitely very pricey. They've run a few over the years (GCIA, GSEC & GCIH) in Dublin but attendances began to dwindle because they're so pricey. Some of the instructors are unbelievably good though. AFAIK, Bob McArdle has tried to run the GCIH SEC504 mentor course in 2010 and 2011, in Dublin, but never had enough attendees.

Regarding CISSP, I know a lot of folk that have it but it was never for me, I wanted something more practical. CISSP is required on well over 90% of infosec jobs that I've seen and gives a very good broad knowledge afaik and some good folk (such as Wim Remes) have recently been elected to the board so I'm hopeful that ISC2 will improve from here.

Owasp do web app training at their annual conference in Dublin afaik and Sans do two web-app courses (SEC542 and SEC642) with the latter being a new addition and considered 'advanced'.

OCSE and OCSP are rated very highly and are purely practical.

The problem I see is that once you get these certs/qualifications, you end up being a lot more knowledgeable and better than many of the current pen testers out there (who quite often don't know more than how to run Nessus) and the pen testing business in Ireland is generally tied up amongst a few companies (imho) with no room for others. To be honest, for interesting pen testing work, I suspect you'll be looking outside of Ireland (though I may be mistaken).

Here's a blog I did with @securityninja on education/learning in the infosec industry that you "might" find interesting

- http://www.securityninja.co.uk/appli...-from-markofu/. HTH!

Disclaimer: I am a fan of Sans, have spent a fortune on certs there (http://blog.markofu.com/2012/04/doing-gse.html) and write questions for GIAC so I am biased (don't hold that against me)!

13-05-2012, 22:57	#1
LLcoolJ27 Registered User Join Date: Aug 2008 Posts: 22 Adverts \| Friends	CISSP meetup in Dublin Hi all I'm in the middle of studying for the CISSP exam which I hope to do in December 2012. Is there anyone else in a similar position? It would be useful if a few more people could get involved in some kind of study group every week? Maybe a room could be rented somewhere and one person could do a lecture each week and help each other (especially with harder domains). I understand there's bootcamps out there to do this but two/three heads are better than one (when people can't afford to pay out 5k or more for a bootcamp). Would anyone be interested in this? I definitely would get alot out of this and maybe others would too? Let me know if there's anyone interested so we can set something up! Speak soon! Laura

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

14-05-2012, 03:26	#2
JimmyCrackCorn Moderator Join Date: Jan 2010 Location: Bondi Beach Posts: 1,345 Adverts \| Friends Mod: Modified Cars	Best of luck im buried in the CEH exam with the CISSP next on my list.

14-05-2012, 10:31	#3
LLcoolJ27 Registered User Join Date: Aug 2008 Posts: 22 Adverts \| Friends	Thanks alot, and the best of luck in the CEH. I do penetration testing, let me know if you need some help with content. That might be my next exam too!

14-05-2012, 15:29	#4
infodox Registered User Join Date: Dec 2011 Location: On a wet, windy rock in the atlantic. Posts: 109 Adverts \| Friends	Best of luck to ye both, and have either of you got the exam papers or whatever for CISSP/CEH? They are on my (eventual) to-do list (OSCP first anyway) and I would love to see what exactly is expected in them. I had the leaked CEH v7 course materials a while back, but cannot remember much except it was not as "practical" based as the OSCP stuff.

15-05-2012, 03:48	#5
JimmyCrackCorn Moderator Join Date: Jan 2010 Location: Bondi Beach Posts: 1,345 Adverts \| Friends Mod: Modified Cars	I do asset management for a living or something like that.

15-05-2012, 13:49	#6
kyub Registered User Join Date: Jan 2003 Location: derp Posts: 1,817 Adverts \| Friends	Lads, PLEASE take this post into consideration. I wouldn't touch CEH with a barge pole. Please do your research on the EC-Council (and their background as a marketing company who saw the security industry boom) and read reviews before doing it. It scares me the amount of steam EC-Council have gained and the amount of people that are doing their courses and looking to get their certifications purely because someone else says they have one or they see it on a blog or a recruitment website. Personally, I would (and will be) go with: http://www.elearnsecurity.com/course...ting/index.php These guys are up and comers but getting really great reviews from folks that can be trusted like this one. They do a really great beginners pentesting course and then the advanced one. Following this, I would move over to the OSCP and pretty much anything Offensive Security do. Once you're comfortable and/or certified then you can move into code stuff if you're not proficient already. I've spent a ridiculous amount of time researching certification and this is my current plan. See my waffle about other certifications here: http://www.boards.ie/vbulletin/showp...9&postcount=14

15-05-2012, 22:05	#7
infodox Registered User Join Date: Dec 2011 Location: On a wet, windy rock in the atlantic. Posts: 109 Adverts \| Friends	The ElearnSecurity stuff is good, I keep asking for free trials... VERY comprehensive stuff. And yes, the EC-Council does seem to have more than its fair share of scumbaggery and such occurring, however, professionally speaking the CEH can make a difference as it IS recognized. The ideal is a SANS qualification, though it (as kyub states) WILL cost ya. I still have a soft spot for OffSec courses, and my goal is OSCP then OSCE. Only doing OSCP first to "have" it, and to see how hard the time-limiting stuff is. Oddly enough, there is a MAJOR gap in the market for web app security courses. None of the courses seem to cover it very well... Right, who wants to help start one? BTW, CISSP still requires 5 years industry experience, no?

15-05-2012, 22:24	#8
kyub Registered User Join Date: Jan 2003 Location: derp Posts: 1,817 Adverts \| Friends	I totally agree on the CEH. As much as I can't stand EC-Council or their courses but the CEH is recognized and you'll see it bandied about all over the place. And yeah, to get the actual CISSP certification requires 5 years industry experience, but you can still do the course and get an "Associate of ISC2" status which carries a bit of weight too.

15-05-2012, 23:17	#9
JimmyCrackCorn Moderator Join Date: Jan 2010 Location: Bondi Beach Posts: 1,345 Adverts \| Friends Mod: Modified Cars	Laura you have a point. I've had this discussion before. I needed to start somewhere it was easily doable and is a hr checkbox. Offensive security certifications are respected by those who know what they are but as a hr checkbox not recognised. Also a very very good standard of exam. For what I've paid so far in time effort and money. The motivation to start moveing means ceh is worthwhile to me. I'm not expecting miricales nor do I consider ceh to be technical enough but it's a start.

16-05-2012, 11:46	#10
markofu Registered User Join Date: Oct 2009 Posts: 24 Adverts \| Friends	+1 against CEH (sorry), they've deservedly come in for a lot of crap recently and it's not respected by those in the know. Re. Sans Certs, they're excellent but yep, they're definitely very pricey. They've run a few over the years (GCIA, GSEC & GCIH) in Dublin but attendances began to dwindle because they're so pricey. Some of the instructors are unbelievably good though. AFAIK, Bob McArdle has tried to run the GCIH SEC504 mentor course in 2010 and 2011, in Dublin, but never had enough attendees. Regarding CISSP, I know a lot of folk that have it but it was never for me, I wanted something more practical. CISSP is required on well over 90% of infosec jobs that I've seen and gives a very good broad knowledge afaik and some good folk (such as Wim Remes) have recently been elected to the board so I'm hopeful that ISC2 will improve from here. Owasp do web app training at their annual conference in Dublin afaik and Sans do two web-app courses (SEC542 and SEC642) with the latter being a new addition and considered 'advanced'. OCSE and OCSP are rated very highly and are purely practical. The problem I see is that once you get these certs/qualifications, you end up being a lot more knowledgeable and better than many of the current pen testers out there (who quite often don't know more than how to run Nessus) and the pen testing business in Ireland is generally tied up amongst a few companies (imho) with no room for others. To be honest, for interesting pen testing work, I suspect you'll be looking outside of Ireland (though I may be mistaken). Here's a blog I did with @securityninja on education/learning in the infosec industry that you "might" find interesting - http://www.securityninja.co.uk/appli...-from-markofu/. HTH! Disclaimer: I am a fan of Sans, have spent a fortune on certs there (http://blog.markofu.com/2012/04/doing-gse.html) and write questions for GIAC so I am biased (don't hold that against me)!