Risk

10/5/2015
10:30 PM

10 Security Certifications To Boost Your Career

Earning a security credential can help you open the door to a great job. But you need to know which certification is the right one for you.
7 of 10


EC-Council is a member-based organization that certifies individuals in various e-business and information security skills. Here is a list of all the certifications that EC-Council provides: Certified Ethical Hacker (CEH); Computer Hacking Forensic Investigator (CHFI); EC-Council Certified Security Analyst (ECSA); Licensed Penetration Tester (LPT); EC-Council Network Security Administrator (ENSA); EC-Council Certified Incident Handler (ECIH); EC-Council Certified Security Specialist (ECSP); EC-council Certified Disaster Recovery Professional (EDRP); Chief Information Security Officer (CISO); Certified Secure Computer User (CSCU); Certified Ethical Hacker (CEH) is the most common and widely used certification.

Description  
CEHv8 is a comprehensive Ethical Hacking and Information Systems Security Auditing program, suitable for candidates who want to acquaint themselves with the latest security threats, advanced attack vectors, and practical real time demonstrations of the latest hacking techniques, methodologies, tools, tricks, and security measures. 
Prerequisites     
Candidates must attend official training or have at least two years of information security related experience. 
Exam     
Certified Ethical Hacker (CEH) Exam 312-50 (125 questions, 4 hours, 70% passing score)
Approximate Cost for Exam     
The version 8 exam costs $500 USD for the actual test and $100 USD as a nonrefundable fee for registration, administered by Prometric Prime/ Prometric APTC/VUE. 
URL     
http://www.eccouncil.org/Certification/certified-ethical-hacker 
Available Courses    
CEH Courseware- US Market Only ($825 USD):  course outline, exam. 

Self-Study Material    
iLearn (Self-Paced $664 USD), Live, Online, Instructor-led ($2,895 USD)
Online Practice Tests    
 Online Practice Tests  
Image Source: EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills. Here is a list of all the certifications that EC-Council provides: Certified Ethical Hacker (CEH); Computer Hacking Forensic Investigator (CHFI); EC-Council Certified Security Analyst (ECSA); Licensed Penetration Tester (LPT); EC-Council Network Security Administrator (ENSA); EC-Council Certified Incident Handler (ECIH); EC-Council Certified Security Specialist (ECSP); EC-council Certified Disaster Recovery Professional (EDRP); Chief Information Security Officer (CISO); Certified Secure Computer User (CSCU); Certified Ethical Hacker (CEH) is the most common and widely used certification.

Description
CEHv8 is a comprehensive Ethical Hacking and Information Systems Security Auditing program, suitable for candidates who want to acquaint themselves with the latest security threats, advanced attack vectors, and practical real time demonstrations of the latest hacking techniques, methodologies, tools, tricks, and security measures.

Prerequisites
Candidates must attend official training or have at least two years of information security related experience.

Exam
Certified Ethical Hacker (CEH) Exam 312-50 (125 questions, 4 hours, 70% passing score)

Approximate Cost for Exam
The version 8 exam costs $500 USD for the actual test and $100 USD as a nonrefundable fee for registration, administered by Prometric Prime/ Prometric APTC/VUE.

URL
http://www.eccouncil.org/Certification/certified-ethical-hacker

Available Courses
CEH Courseware US Market Only ($825 USD): course outline, exam.

Self-Study Material
iLearn (Self-Paced $664 USD), Live, Online, Instructor-led ($2,895 USD)

Online Practice Tests
Online Practice Tests

Image Source: EC-Council

7 of 10
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
osetim
50%
50%
osetim,
User Rank: Apprentice
6/12/2017 | 9:47:27 AM
Re: Requesting info
My question too

 
osetim
50%
50%
osetim,
User Rank: Apprentice
6/12/2017 | 9:42:54 AM
Re: About certs
pls can you give advices on any of the certification for begginners pls

 
NaveenK856
50%
50%
NaveenK856,
User Rank: Apprentice
3/27/2017 | 6:33:59 AM
New certification for Software/Application Security Professionals.
Hack2Secure has now Come-up with its first certification on SDLC Known As SWADLP (Secure Web Application development Lifecycle Practitioner ).This certificaton can give a boost to the Security Professionals.
ClarenceR927
100%
0%
ClarenceR927,
User Rank: Strategist
2/3/2017 | 11:23:16 AM
Re: Certifications always pay off...
Agree on CEH not being worth the time.  In the last 5 years I have begun discounting the CISSP also.  I have hired two ex-military CISSPs only to find out DoD paid for a boot camp for them to get the paper. One could not have spelled "CISSP" if you spotted him the 'CIS' and the other was only marginally better. We had to let both go. I had another apply who claimed an MS and PhD from a school that has never existed who failed our background check.  I reported him but as far as I can tell nothing has been done about him. 10 years ago the CISSP meant something but apparently it no longer does.
annabear4ever
50%
50%
annabear4ever,
User Rank: Apprentice
2/3/2017 | 9:24:54 AM
About certs
I got my start in the industry as a broke college student.  I saved up for and studied for the exams myself.  I don't agree that you have to sell everything you own to get these.  Some of the certs might be on the more expensive side, but none of them require that you take a class from a vendor.  Buy a book and read it.  Download the free tools and use them.  You'll learn 50x as much downloading and using the tools for six months and reading a study guide on the side than you ever will in a week long course.  You can even borrow the books from your local library, or buy them used online (watch the versioning).  Best yet... check your local community college!  Most of them are now offering classes for computer security; they're pretty cheap and come with 16 weeks of class!
CraigF
50%
50%
CraigF,
User Rank: Apprentice
9/28/2016 | 7:43:11 PM
Re: Is it just me, or is there a counting problem?
That is because the last two were place together. ;)
Cwal463
100%
0%
Cwal463,
User Rank: Apprentice
7/28/2016 | 12:55:04 AM
Requesting info
I've recently enrolled in cooled for cybercrime but may change it it to security. I found out that college looks good on paper but it's the certifications that matter. Can any one tell me what certs I need and where I can get them on my own time without spending and arm and leg. Please start with the beginning to advanced please. Any help would be greatly appreciated it.
JHWMP01
50%
50%
JHWMP01,
User Rank: Strategist
2/21/2016 | 9:15:04 AM
Alternative Certifications
There's been discussion on the relative real use of EC Council's CEH in real world application. Although DOD 4750 lists this certification, it is by nomeans a must have. Meaning, there are alternatives that match, and in most cases, out perform this over advertized "one-stop" cert in hacking. 

First off, the 4750 is being replaced witht he newer Directive 8140 that highlight areas that certifications should match, therefore a specific certification is not going to be required. With the build up and advertizing funds that EC Council (Malaysia) has dumped into making people think they are the permiere cert, the Pentagon and other DoD/US Government entities that hired and then forced their employees to gain the CEH have found it did not provide them with the actual technical skills to perform the job. The results was a series of foreign hacking successes reported in the news. DoD is now re-evaulting with the lack of skill with CEH. 

This of course is met with vile and anger from those that may hold that particular cert, those that work in the corporate arena and know nothing of US DoD inside talk, or those that think even mentioning this is rude. 

I, however, want to get the word out. The competition is fast rising. One such competator is a company I've seen listed in the newest CompTIA Roadmap 2016 called Mile2. THey have the premiere Certified Penetration Testing Engineer course and certification that is listed as Expert by CompTIA. I would like see more discussion on certification vendors that deliver training that actually teaches the skill set, not fluff and over funding a certification that was stated to be the end-all of ethical hacking, only to end up short and cuased failures. 

Mile2 actually was the training vendor that developed CEH back in the early days after 9/11. They continued to train the most people after they devloped the CEH course for EC Council. Having personnnaly been thorugh both training platforms, I find that the direct approach Mile2 takes with a known list of popular tools that are weaved into Labs that are performed by the student actually teach the necessary skills that are higly important now.

Recently, as of 15 OCT 2015, EC Council decided to do a major over-haul of their CEHv8 exam to v9 that was unannounced and caused a major failure rate globally. Upon complaints, they droped the $350 re-take fee down to $250, but the expense and time that student invested in the v8 material was now null and void and those students who chose to re-take the exam had to spend more funding and time to achieve a pass. That is unprofessional and a backdoor under-the-table tactic. 

CompTIA, SANS/GIAC, Mile2, Cisco, ISC2, Offensive Security (OSCP), and other vendors give out ntoifications and wanring when updates are pending and never would trash their students like EC Council has done. CEH has fallen from grace due to it's own marketing and inferior training. THere are alternative training vendors that met or out perform CEH, I suggest student looking to get into hacking seek out other vendors and stay away from EC Council! You'll only get burned!
etittel@yahoo.com
100%
0%
[email protected],
User Rank: Apprentice
11/9/2015 | 11:57:33 AM
Is it just me, or is there a counting problem?
The title calls out 10 certs, but I count only 9 in the slide deck:

1. SANS/GIAC GSEC
2. ISC-squared CISSP
3. ISC-squared SSCP
4. ISACA CISM
5. ISACA CISA
6. EC-Council CEH
7. EC-Council ECSA
8. CompTIA Security+
9. CWNP CWSP

As such lists go, this one ain't half bad. I've written extensively about this subject for years, and do a biannual survey of Infosec Certs for SearchSecurity over at TechTarget. I'd love to see what the author would come up with for a 10th item, just for completeness' sake.

One more thing: those worried about the cost of the SANS credentials should look into their various scholarship programs. They're running special scholarships for women in infosec right now, and a pilot program for active duty military (Air Force and Army right now, at Joint Strike Base Lewis McChord in WA state) to help them transition into infosec jobs to transition into civilian employment. Their training is terrific and their credentials top-notch, if costly, so those who are interested should inquire about assistance if money is the only thing holding them back.

HTH,

Ed Tittel www dot edtittel dot com writes on security topics for Tom's IT Pro, various TechTarget sites, GoCertify, InformIT and PearsonITCertification. Creator of the "Exam Cram" cert prep series in 1997.
kpalmgren782
50%
50%
kpalmgren782,
User Rank: Apprentice
11/9/2015 | 10:21:35 AM
Certifications always pay off...
Agree with everyone who questions CEH - it is a horrible cert.

 

I hold CISSP, GSIF, GSEC, GCED, GCIH, GSLC, CEH, Security+, Network+, A+, CTT+.  That is 11 total, 5 from GIAC (and CISSP since 1998 - cert # 4181).  I paid for every last one of them.  And every time I did, I advanced my career.

 

Not holding certs in this industry because they are a expensive is a mistake.  Certifications pay for themselves in the long run (yes, even CEH since it sounds cool and can land you an interview).
Page 1 / 2   >   >>
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10869
PUBLISHED: 2018-07-19
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
CVE-2018-10870
PUBLISHED: 2018-07-19
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
CVE-2018-12959
PUBLISHED: 2018-07-19
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
CVE-2018-14336
PUBLISHED: 2018-07-19
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
CVE-2018-10620
PUBLISHED: 2018-07-19
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code t...