Security Cert

[Jason1977]

What is the easiest one? I am looking to just get one under my belt and I am nervous about it....Any suggestions? i got the Exam Cram books for Security+ not sure if thats the best way to go or not? any suggestions?

[MrLinus]

Why go with the easiest one? I'd imagine that the Security+ is the easiest (I think most of their exams are entry level). But why go with the easiest instead of going with the one(s) with the best return on investment?

Might want to look into the following:

From ISC2: CISSP and SSCP (managerial/theoretical inclined; not technology specific)

From SANS: GIAC family of certs (technically inclined)

[Jason1977]

Simply because i am not a good tester...Never have been and i am very worried about failing it...and not passing...

[MrLinus]

The SANS ones might be good since they require a white paper in addition to the exam. AFAIK, most certs out there (for security and otherwise) are multiple choice so it's not that difficult (in a sense). I hate testing to but I've survived a few certifications now. Go ahead and try the Security+ but I'd humbly suggest considering others since in the long run I don't think it will be a benefit by itself.

[Jason1977]

Yeah, i appreciate your perspective. I was going to try and boost my confidence level with an easier one then get some more and i was thinking of GIAC or SSCP

[Juridian]

I'd go with the GIAC GSEC certification. It covers a broad area of security, covers some of the cissp cbk, etc.

[SDK]

I'm have a CompTIA a+ and I'm will get Comptia Network+ soon. Those 2 certifications will allow me to get a MCSA without any exam... Security+ gives you a MCSA and MCSE automatically

http://www.microsoft.com/learning/mcp/partners.asp

[droby10]

Originally posted here by SDK
I'm have a CompTIA a+ and I'm will get Comptia Network+ soon. Those 2 certifications will allow me to get a MCSA without any exam... Security+ gives you a MCSA and MCSE automatically

http://www.microsoft.com/learning/mcp/partners.asp

me thinks you are misinterpretting the wording of "an elective credit" for meaning "scott-free". essentially, by having those certs, you get to skip the P.E class if you want. but you're still required to take history, math, english, etc. in the cases where you would be receiving a "specialized credit" it's a simple replacement based on the most parallel material. if you think you're going to get a mcse without a hard case of active directory, which is a completely void topic (let alone the lack of focus on ldap) in the comptia certs...you've got a rude awakening ahead.

[SDK]

Maybe.. I send the question to M$ MPC to be sure yesterday. I'm waiting their answer.

[Tiger Shark]

SDK:

To receive an elective credit toward the MCSA certification

That's the key phrase..... "an elective credit _toward_". It doesn't mean you get the MCSA "because" you have one of the combinations..... It means you get credit _towards_ it.... You still have other stuff to do.

I have yet to come up with a way around these "certifications". I have taken many "tryout" tests for the different certifications. They all seem the same. There is a _heavy_ emphasis on the "keywords".... The questions are entirely an issue of "do you know what the industry, (in this test), calls the different things you are implementing without knowing the official name for it"? Here are four possibilities....

I really don't give a rats.... thingy... what you want to call it..... To me it's a logical thing I do within my knowledge of the operating system..... But it's my knowledge of the OS and the threat that is important..... The questions they ask tend to be so "theoretical" as opposed to questions like:-

"What are the steps required to remove the "Allow Parent Paths" setting from an IIS web server"? (silly example but valid to show the point.... I can't tell you right off the top of my head, but I can tell you where to go looking for that setting and how to deny it.... The tester would have to read that and determine if I was even going in the right direction..... Or whether I have no clue as to what I am looking for.... That's pretty important to an employer..)

The problem is that the certifying agency doesn't want the tester to have to read, they want the computer to decide whether or not you picked the right(?) answer from a "four pick".... It's cheaper you see..... Which, in my mind is BS... utterly.....

It allows the "certifying agency" grind out Certification X at minimum cost to themselves.... Magic... Totally magic..... No skill required..... Just be able to "spout" the right "keyword" for the right issue and we'll throw you a "cert"..... (no offense meant to those with their certifications... but look at them and determine whether I'm "pretty close"....).

Practical experience is never taken into account.... You can actually run a whole bunch of "cert's" and have never worked on a real world network in your life. Don't get me wrong, the theory is incredibly important when you are faced with a genuine issue, if you don't know how it "should" work you'll never know why it isn't working.... But let's be honest here.... Being able to say... "Well, it's a TCP/IP problem", isn't quite the same as understanding that two network cards have the same MAC address...... (again, silly example....).

To end my "rant" I'll stand by my decision to tell our HR dept. to remove all requirements for degrees or certifications from all the job descriptions for the positions in my department....

I don't know how to make it "right".... I just know it needs to be "fixed".....