LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Certification (https://www.linuxquestions.org/questions/linux-certification-46/)
-   -   Security Certification (https://www.linuxquestions.org/questions/linux-certification-46/security-certification-189936/)

karans 06-05-2004 05:06 AM
Security Certification
 
Hi All

I am looking for pointers about which security certification would be the best ? I have read about GIAC as well , but any detailed info would be appreciated .

I also read that CISSP == 3yrs in info-sec OR 4yrs after college .

Regards,

linuxmarc 06-17-2004 05:16 PM
The CISSP cert is more fundamentals and doesn't really translate to much in the real world... except for better money. The GIAC I don't believe is as recognized (yet) but is better, IMHO. Issue is if you list the GIAC but not CISSP on your resume, you may get missed in the keyword searches since HR doesn't typically know one from the other.

Crito 06-19-2004 11:24 PM
Two others worth considering are the EC-Council's CEH (Certified Ethical Hacker) and CompTIA's Security+.

KevInOz 07-03-2004 09:42 PM
Here is a pretty decent site for comparing certification exams and certifications:

http://www.cramsession.com/

(Use the grey menu buttons about 1/2 way down the right side.)

I just passed CompTIA Security+ in May 2004. The questions were not hard but the pass score is pretty high compared to other vendor exams; something like 764 on a scale from 100 - 900. I do have extensive experience in developing cryptography so that may have helped some questions seem easier.

I studied using the Microsoft Security+ Study Guide and the Mike Myers Passport Guide. I also used the SelfTestSoftware practice exam. I did find free questions on the web for this exam but I've had a lot of success with the SelfTest products and I like them. YMMV.

ISC2.org offers the CISSP and recently added the SSCP:

https://www.isc2.org/cgi-bin/index.cgi

From what I've read, the CISSP is the "policy level" while the SSCP is the "practioner level". You've read correctly, the CISSP requires 4 years commerical security experience or 3 years + degree. You also have to be sponsored for certification by an existing CISSP, and your experience may be auditted. The SSCP requires one year of commercial experience, and does not require sonsorship or an audit. Also, ISC2 only offers the exams at specific locations at specific times. You can't just rack up to your nearest VuePrometric centre. This may be an issue in India, check the ISC website for the exam schedules.

A co-worker recently passed the GIAC. It seemed closely linked to a week long class that he attended first. I don't have much more detail than that outside of what's on the web.

Which exam is best?

CISSP definitely gets the "hits" on the job sites. Security+ is considered entry level and the SSCP is a bit new to be well known. All the security exams and certifications that I've uncovered focus a majority on network security. I have not found a certification or exam that emphasises cryptography or application security. Maybe the new Microsoft 100-340.

Hope this helps!

- kev

LinuxLala 07-09-2004 06:41 AM
From what I have heard, comptia's security+ exam are good. I mean they are have a good system to measure your skills.


All times are GMT -5. The time now is 07:30 PM.