Ask Slashdot: Worthwhile Security Training Courses?

ageoffri writes: I'm going to be able to take one, or maybe two, training courses next year and starting to figure out what would be a good course to take. While I'm not 100% sold on the concept of certs as the be-all and end-all of demonstrating knowledge and more importantly application of that knowledge, if someone else is going to pay for them I figure, Why not? Right now I'm leaning towards classes that have certs associated with them since HR drones look for letters. I also wouldn't mind a class that is just fun and interesting even if it isn't directly applicable to what I do currently. My short list is: CCSP by Training Camp (SEC503); Intrusion Detection In-Depth by SANS (GPPA cert); SEC504: Hacker Tools, Techniques, Exploits and Incident Handling (GCIH cert); and SEC550: Active Defense, Offensive Countermeasures and Cyber Deception (no cert). The first two directly apply to my day to day job. The third one just looks like fun, while the last one is also fun sounding, but I doubt I'd have much opportunity to put the skills to use. I'm curious what others here are thinking about for future training and other options to consider. I already have my CISSP, along with an MS in Information Assurance, so the two obvious choices are finished.

General Security

[jon3k]

Generalized security is mostly bullshit. It's all an inch deep over a broad area. For it to be worth a shit you need to be a specialist who understands a particular area and knows enough about it to understand how to secure it.

But as far as what bullshit security certification generates the most cash in your pocket? I'd guess CISSP.

What if they are auditing? or other?

[s.petry]

The real answer is that it "depends". Like "What should I get my degree in if I want to head to Law School?" Well, are you going into criminal law, tax law, constitutional law? Theoretically it should not matter, but in practice a History major makes a better Constitutional lawyer where a Business/Accounting major will do much better in Tax law. So what do you plan to get out of the certification or class?

CEH is one of my favorites because it covers lots of the legal aspects of white hat hacking, while teaching you how to hack. The first is more in depth for the CISSP so should be the easy part. OSCP is similar to CEH in that it focuses on the hacking aspects (pen testing). If you are looking to be more independent you may wish to forgo additional "Security" related certifications and get a RHCE/RHCA to provide some clout in that direction. Then as you note there are numerous non certified training camps which are very good to have if you just want to learn. If you plan on Law enforcement you could focus on forensics, cryptography for intelligence, low level network monitoring (in depth Ethernet, TCP/IP inspection), etc.. etc...

Then there is the DOD/GOV side which has different rules and certifications. You can start by looking up DISA, JAFAN, NISPOM (should most get you to .mil sites).