Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

CISSP meetup in Dublin

  • 13-05-2012 9:57pm
    #1
    Registered Users, Registered Users 2 Posts: 60 ✭✭


    Hi all

    I'm in the middle of studying for the CISSP exam which I hope to do in December 2012. Is there anyone else in a similar position?

    It would be useful if a few more people could get involved in some kind of study group every week? Maybe a room could be rented somewhere and one person could do a lecture each week and help each other (especially with harder domains).

    I understand there's bootcamps out there to do this but two/three heads are better than one (when people can't afford to pay out 5k or more for a bootcamp).

    Would anyone be interested in this? I definitely would get alot out of this and maybe others would too?

    Let me know if there's anyone interested so we can set something up!

    Speak soon!
    Laura


Comments

  • Registered Users, Registered Users 2 Posts: 1,691 ✭✭✭JimmyCrackCorn


    Best of luck im buried in the CEH exam with the CISSP next on my list.


  • Registered Users, Registered Users 2 Posts: 60 ✭✭LLcoolJ27


    Thanks alot, and the best of luck in the CEH.
    I do penetration testing, let me know if you need some help with content. That might be my next exam too!


  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    Best of luck to ye both, and have either of you got the exam papers or whatever for CISSP/CEH? They are on my (eventual) to-do list (OSCP first anyway) and I would love to see what exactly is expected in them. I had the leaked CEH v7 course materials a while back, but cannot remember much except it was not as "practical" based as the OSCP stuff.


  • Registered Users, Registered Users 2 Posts: 1,691 ✭✭✭JimmyCrackCorn


    I do asset management for a living or something like that. :D


  • Registered Users, Registered Users 2 Posts: 2,216 ✭✭✭Kur4mA


    Lads, PLEASE take this post into consideration. I wouldn't touch CEH with a barge pole. Please do your research on the EC-Council (and their background as a marketing company who saw the security industry boom) and read reviews before doing it. It scares me the amount of steam EC-Council have gained and the amount of people that are doing their courses and looking to get their certifications purely because someone else says they have one or they see it on a blog or a recruitment website.

    Personally, I would (and will be) go with:

    http://www.elearnsecurity.com/course/penetration_testing/index.php

    These guys are up and comers but getting really great reviews from folks that can be trusted like this one. They do a really great beginners pentesting course and then the advanced one.

    Following this, I would move over to the OSCP and pretty much anything Offensive Security do. Once you're comfortable and/or certified :pac: then you can move into code stuff if you're not proficient already. I've spent a ridiculous amount of time researching certification and this is my current plan. See my waffle about other certifications here:

    http://www.boards.ie/vbulletin/showpost.php?p=73335019&postcount=14


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    The ElearnSecurity stuff is good, I keep asking for free trials... VERY comprehensive stuff.

    And yes, the EC-Council does seem to have more than its fair share of scumbaggery and such occurring, however, professionally speaking the CEH can make a difference as it IS recognized.

    The ideal is a SANS qualification, though it (as kyub states) WILL cost ya.

    I still have a soft spot for OffSec courses, and my goal is OSCP then OSCE. Only doing OSCP first to "have" it, and to see how hard the time-limiting stuff is.

    Oddly enough, there is a MAJOR gap in the market for web app security courses. None of the courses seem to cover it very well... Right, who wants to help start one? :P

    BTW, CISSP still requires 5 years industry experience, no?


  • Registered Users, Registered Users 2 Posts: 2,216 ✭✭✭Kur4mA


    I totally agree on the CEH. As much as I can't stand EC-Council or their courses but the CEH is recognized and you'll see it bandied about all over the place.

    And yeah, to get the actual CISSP certification requires 5 years industry experience, but you can still do the course and get an "Associate of ISC2" status which carries a bit of weight too.


  • Registered Users, Registered Users 2 Posts: 1,691 ✭✭✭JimmyCrackCorn


    Laura you have a point. I've had this discussion before.

    I needed to start somewhere it was easily doable and is a hr checkbox.

    Offensive security certifications are respected by those who know what they are but as a hr checkbox not recognised. Also a very very good standard of exam.

    For what I've paid so far in time effort and money. The motivation to start moveing means ceh is worthwhile to me.

    I'm not expecting miricales nor do I consider ceh to be technical enough but it's a start.


  • Closed Accounts Posts: 24 markofu


    +1 against CEH (sorry), they've deservedly come in for a lot of crap recently and it's not respected by those in the know.

    Re. Sans Certs, they're excellent but yep, they're definitely very pricey. They've run a few over the years (GCIA, GSEC & GCIH) in Dublin but attendances began to dwindle because they're so pricey. Some of the instructors are unbelievably good though. AFAIK, Bob McArdle has tried to run the GCIH SEC504 mentor course in 2010 and 2011, in Dublin, but never had enough attendees.

    Regarding CISSP, I know a lot of folk that have it but it was never for me, I wanted something more practical. CISSP is required on well over 90% of infosec jobs that I've seen and gives a very good broad knowledge afaik and some good folk (such as Wim Remes) have recently been elected to the board so I'm hopeful that ISC2 will improve from here.

    Owasp do web app training at their annual conference in Dublin afaik and Sans do two web-app courses (SEC542 and SEC642) with the latter being a new addition and considered 'advanced'.

    OCSE and OCSP are rated very highly and are purely practical.

    The problem I see is that once you get these certs/qualifications, you end up being a lot more knowledgeable and better than many of the current pen testers out there (who quite often don't know more than how to run Nessus) and the pen testing business in Ireland is generally tied up amongst a few companies (imho) with no room for others. To be honest, for interesting pen testing work, I suspect you'll be looking outside of Ireland (though I may be mistaken).

    Here's a blog I did with @securityninja on education/learning in the infosec industry that you "might" find interesting :) - http://www.securityninja.co.uk/application-security/random-thoughts-on-education-learning-from-markofu/. HTH!

    Disclaimer: I am a fan of Sans, have spent a fortune on certs there (http://blog.markofu.com/2012/04/doing-gse.html) and write questions for GIAC so I am biased (don't hold that against me)!


Advertisement