Brian Sierakowski Posted May 26, 2009 Share Posted May 26, 2009 Hey all, Just trying to figure out if Security+ is a good use of time. What happens is I pay out of pocket for certifications, and then get reimbursed from my company some time later. I've managed to keep a nice rolling effect by taking the reimbursement for my last cert and applying it to my new one. So, is it worth it? I'd really like to get into CEH, but while its a MUCH shorter path, its also much more expensive (likely prohibitively so.) If you passed, what resources did you use to study? Any information would be very helpful. Thanks! -B Quote Link to comment Share on other sites More sharing options...
digininja Posted May 26, 2009 Share Posted May 26, 2009 I'd say if you've got the cash go for SANS. Really expensive but really good quality. Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted May 27, 2009 Author Share Posted May 27, 2009 Sans as in this stuff: http://www.sans.org/training/courses.php ? Do you know what average cost is? There's definitely a fairly LOW ceiling on what my company will reimburse, that's why CompTIA has been so attractive, $200-$300 certs with self study. Have you attended any of those courses? Thanks, -B Quote Link to comment Share on other sites More sharing options...
digininja Posted May 27, 2009 Share Posted May 27, 2009 I've done two SANS courses, one where I found local funding through a training scheme and the second as a volunteer so you get in really cheap but have to work the week when you are not training. Both were very good courses, 617 wireless and 504 incident handling and hacking. Quote Link to comment Share on other sites More sharing options...
SomethingToChatWith Posted June 2, 2009 Share Posted June 2, 2009 Sec+ is great to start out with. You can get the 2009 Security+ exam objectives here, detailing all knowledge domains you should study for in order to be prepared to pass the exam, most of which deals with basic cryptography concepts. For studying I'd recommend MeasureUp, though there are some free resources online as well. Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted June 2, 2009 Author Share Posted June 2, 2009 Awesome, thanks! Quote Link to comment Share on other sites More sharing options...
efk Posted June 6, 2009 Share Posted June 6, 2009 I actually just took this test, and I must admit, it's worthless. I would say go for the anything non-comptia. Quote Link to comment Share on other sites More sharing options...
Machstorm Posted June 6, 2009 Share Posted June 6, 2009 I actually just took this test, and I must admit, it's worthless. I would say go for the anything non-comptia. I can tell you are lying because you are using an absolute with no explanation. however, if you do please elaborate. I am Sec+ certified too and I found nothing "Worthless" about it. Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted June 6, 2009 Author Share Posted June 6, 2009 Yeah, I'm not so sure about worthless, but what do I know? I'm studying for the test now, and I'm finding that I don't know a lot of the material, and in general the material is pretty interesting. I just did the section on cryptography, and if they would have made math that cool in school, I wouldn't have avoided it at all cost. Sec+ gets a thumbs up from me thus far :). -B Quote Link to comment Share on other sites More sharing options...
RobLoos Posted June 22, 2009 Share Posted June 22, 2009 I got the same problem. I would love to get some more classes & start work on getting certified but it's WAAAY above my budget. Luckely i'm getting CCNA at my college, it's not a lot but it's something :) Quote Link to comment Share on other sites More sharing options...
Signal Hacker Posted June 23, 2009 Share Posted June 23, 2009 I got my company to bankroll me for the SSCP (Systems Security Certified Practioner) exam. It's from (ISC)2, the same org that does the much-coveted CISSP, which I'll go for once I have the necessary years of working experience under my belt. Honestly, I kinda wish I'd done the CompTIA Security+ instead. Not because I think it's a better exam, I actually think the SSCP is really good for beginning security specialists, especially because you're required to continue your professional education in under to maintain it and you have to have at least 1 year of IT security experience to get it.....the problem is that (ISC)2 doesn't freakin' market the SSCP cert like they do their others, so more companies know what Sec+ is vs. the ones that know about SSCP. To be brutally honest, if you're looking for a job, Sec+ is probably better to have because there's a better chance that whatever security-ignorant HR person is combing through resumés will actually recognize it. I'm in the same boat as far as the CEH. I really reeeeaaaaally wanna attend this hacker boot camp the InfoSec Institute offers (gets you both the CEH and Certified Penetration Tester)....but the classroom course is ~$4000 and the online course is just under $2000, even after my company discounts. Good luck getting that past the training budget coordinator :( Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted June 23, 2009 Author Share Posted June 23, 2009 Ha, dude, we're coming from the exact same page. I'm thinking since I'm going to have 3 certs this year, I'll beg and plead that my reward be funding for CEH. Ideally, I'd like to do Sec+, then do CEH, and then after a few years go for CISSP (once they decide to let me in that is). Above all, being able to whip out your cert and be like "Everyone remain calm, Certified Ethical Hacker here" is basically bad ass. Plus, if you do their classes you get through it in a week, compared to the 2 months I'm taking on Sec+. But, I digress, we'll see what happens when I get there, I haven't heard from anyone that CEH isn't good. Quote Link to comment Share on other sites More sharing options...
Signal Hacker Posted June 24, 2009 Share Posted June 24, 2009 CompTIA certs are nice and cheap...if you have to bite the bullet and pay for Sec+ yourself, but through some miracle get your employer to sign off on CEH....DO IT!!!!!!! I hope both of us have the luck to get our respective companies to pay for it! I've heard some people opine that GPEN (the GIAC Penetration Tester cert) is the superior one...but check any job site for how many employers are asking for CEH vs. how many are seeking GPEN, and there again you have the same situation as I have with Sec+ vs. SSCP. But that's kinda beside the point.....CEH is a good cert, by all accounts I've heard. A cert is only as good as how valuable management-types think it is and how much more they're willing to pay you for having it! Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted June 24, 2009 Author Share Posted June 24, 2009 A cert is only as good as how valuable management-types think it is and how much more they're willing to pay you for having it! Well, there is a small component of how much you actually learn from the course :). I think you want to say a cert is only as lucrative as how management types think it is. It's only as valuable as how much you learn. Not that that isn't stating the obvious for everyone on the board :). Quote Link to comment Share on other sites More sharing options...
Signal Hacker Posted June 25, 2009 Share Posted June 25, 2009 Stating the obvious too, experience is always better than any cert. Which is why I want that CEH/CPT course, since I get a nice lab to actually do this stuff (experience), and not just buy a $50+ book and vomit back up the info on a $400+ exam sheet. SSCP is a good cert, but I can't really say I learned much new that I didn't know already, now I just get to prove I know by placing a pretty little acronym after my name...same with Sec+, as much as I've looked at what it covers and the sample exam questions. My company used to be really really anti-cert, their philosophy being, "The experience you gain here is better than any certification!" But my company is a consulting one, so eventually they had to back down when clients start asking for CISSPs, CCNAs, etc. by name to work their projects. But they're still resistant, so you really have to sweet talk them to get them to pay for anything expensive (over $500). Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted June 25, 2009 Author Share Posted June 25, 2009 Yeah, I feel its foolish for a company to be anti-certification. I mean, this is why we do these things, get certifications, get college degrees, etc. No prospective employer or client has the time to sit down with you for a week or two and find out what exactly you know or don't know. So, whilst people turn up their noses at getting certified as "real world experience is the best," I would rather be the certified idiot who gets the job instead, and then I can learn OTJ. Quote Link to comment Share on other sites More sharing options...
Signal Hacker Posted June 25, 2009 Share Posted June 25, 2009 Can't argue with that :) Quote Link to comment Share on other sites More sharing options...
Myk3 Posted July 23, 2009 Share Posted July 23, 2009 I am currently SEC + certified.. I can say just studying for the exam was nice.. It brought to light a lot of different vulnerabilities that most people are unaware of. (even if they are out dated) My company paid for the training and the test.. They also are sending me to CEH (well there is talks of it) and then down the road to end goal of Licensed Penetration Tester (LPT) Quote Link to comment Share on other sites More sharing options...
Myk3 Posted July 23, 2009 Share Posted July 23, 2009 Can't argue with that :) Just an odd question.. i see you name / picture is "Signal Hacker" was you in the army.. what MOS? I was a 31F Quote Link to comment Share on other sites More sharing options...
CrashZilla Posted July 24, 2009 Share Posted July 24, 2009 I would agree that it is a good place to start but the only reason I got the Sec+ is to add the security+ to my MCSE. I don't know if I would have gone for it if it wasn't just an add on. I think there are better certs out there but they jump in cost pretty fast. I too enjoyed the section on crypto it was something I always wanted to study. Good luck to you in whatever you choose. Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted July 24, 2009 Author Share Posted July 24, 2009 I would agree that it is a good place to start but the only reason I got the Sec+ is to add the security+ to my MCSE. I don't know if I would have gone for it if it wasn't just an add on. I think there are better certs out there but they jump in cost pretty fast. I too enjoyed the section on crypto it was something I always wanted to study. Good luck to you in whatever you choose. I'm about 75% on my way through studying, I'm taking the test on 8/14, so we'll see how that goes :). Quote Link to comment Share on other sites More sharing options...
matt2k4 Posted July 24, 2009 Share Posted July 24, 2009 Did anyone here get the CBT Nuggets video for Security+? If so, was it worth it? Also, what books would you guys recommend? Exam Cram? Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted July 25, 2009 Author Share Posted July 25, 2009 Did anyone here get the CBT Nuggets video for Security+? If so, was it worth it? Also, what books would you guys recommend? Exam Cram? Testout seems to be far and away the best study software. The book that comes in the Sec+ voucher bundle is pretty good too, its made by ILT i think. Quote Link to comment Share on other sites More sharing options...
Signal Hacker Posted July 30, 2009 Share Posted July 30, 2009 Just an odd question.. i see you name / picture is "Signal Hacker" was you in the army.. what MOS? I was a 31F 25A...but National Guard, not active duty. Nowadays, your old MOS (now called 25F) is in pretty high demand with a hefty bonus. Wanna re-enlist? ;) I don't think it's as bad as 25B though...active duty Army is hurting for them so bad that we can't even slot anyone for it for the next year. For any non-military following this convo: 25A - Signal Officer 25F/formerly 31F - Net. Switching Systems Operator 25B - Info Systems Operator Quote Link to comment Share on other sites More sharing options...
Signal Hacker Posted July 30, 2009 Share Posted July 30, 2009 I'm still pursuing the CEH cert. Still don't have a chance in hell of getting the company to pay for the bootcamp (though I did try out for the CEH web course contest TheAcademyPro.com had), so I applied for the self-study option and got my eligibility number...haven't scheduled yet. Got the ExamPrep book, which had better reviews on Amazon than even the official course material . Don't know when the hell I'll get enough to finish studying and take the exam. I'm pretty swamped right now with an ISO 27001 project where I'm the only guy whose ever even touched it and the rest of the team is clueless. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.