Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Worthwhile Security Training Courses?

Posted by timothy on from the just-fill-out-this-form dept.

ageoffri writes: I'm going to be able to take one, or maybe two, training courses next year and starting to figure out what would be a good course to take. While I'm not 100% sold on the concept of certs as the be-all and end-all of demonstrating knowledge and more importantly application of that knowledge, if someone else is going to pay for them I figure, Why not? Right now I'm leaning towards classes that have certs associated with them since HR drones look for letters. I also wouldn't mind a class that is just fun and interesting even if it isn't directly applicable to what I do currently. My short list is: CCSP by Training Camp (SEC503); Intrusion Detection In-Depth by SANS (GPPA cert); SEC504: Hacker Tools, Techniques, Exploits and Incident Handling (GCIH cert); and SEC550: Active Defense, Offensive Countermeasures and Cyber Deception (no cert). The first two directly apply to my day to day job. The third one just looks like fun, while the last one is also fun sounding, but I doubt I'd have much opportunity to put the skills to use. I'm curious what others here are thinking about for future training and other options to consider. I already have my CISSP, along with an MS in Information Assurance, so the two obvious choices are finished.

10 of 70 comments (clear)

  1. OSCP by bluefoxlucid · · Score: 3, Informative

    Get the OSCP.

    --
    Support my political activism on Patreon.
  2. Easy! by slashdice · · Score: 2
    Slashdot Deals: 98% off on Cyber Security Professional Training & Certification Bundle.

    DO NOT USE THAT ONE!!!!!

    --
    Copyright (c) 1990 - 2014 Dice. All rights reserved. Use of this comment is subject to certain Terms and Conditions.
  3. work on doctorate? by i.r.id10t · · Score: 2

    You have a masters... will work pay for you to keep taking courses to get a PhD ?

    --
    Don't blame me, I voted for Kodos
  4. General Security by jon3k · · Score: 3, Interesting

    Generalized security is mostly bullshit. It's all an inch deep over a broad area. For it to be worth a shit you need to be a specialist who understands a particular area and knows enough about it to understand how to secure it.

    But as far as what bullshit security certification generates the most cash in your pocket? I'd guess CISSP.

    1. Re:General Security by nharmon · · Score: 2

      So the question should really be what to take after being BS-certified by Microsoft and CISSP.

      I think "MS in Information Assurance" was referring to a Master of Science degree, and not a Microsoft cert. But don't let me get in the way of you telling off someone about their reading skills. :)

  5. Good idea by viperidaenz · · Score: 2

    I heard it's a great time to get in to security research

  6. What if they are auditing? or other? by s.petry · · Score: 3, Interesting

    The real answer is that it "depends". Like "What should I get my degree in if I want to head to Law School?" Well, are you going into criminal law, tax law, constitutional law? Theoretically it should not matter, but in practice a History major makes a better Constitutional lawyer where a Business/Accounting major will do much better in Tax law. So what do you plan to get out of the certification or class?

    CEH is one of my favorites because it covers lots of the legal aspects of white hat hacking, while teaching you how to hack. The first is more in depth for the CISSP so should be the easy part. OSCP is similar to CEH in that it focuses on the hacking aspects (pen testing). If you are looking to be more independent you may wish to forgo additional "Security" related certifications and get a RHCE/RHCA to provide some clout in that direction. Then as you note there are numerous non certified training camps which are very good to have if you just want to learn. If you plan on Law enforcement you could focus on forensics, cryptography for intelligence, low level network monitoring (in depth Ethernet, TCP/IP inspection), etc.. etc...

    Then there is the DOD/GOV side which has different rules and certifications. You can start by looking up DISA, JAFAN, NISPOM (should most get you to .mil sites).

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  7. courses by An+ominous+Cow+art · · Score: 3, Informative

    I took the SANS Intrusion Detection and Hacker Exploits courses 10+ years ago and they were very good. It was a long time ago, though, and I don't know what the courses are like now.

  8. SANS is great content, if expensive by Tool+Man · · Score: 2

    I've taken the intrusion detection and incident handling courses, with certs in both (still have the latter). When considering them, try to align with what you figure you'll be doing job-wise, if you know. The intrusion detection stuff was great for grubbing through packets to figure out what's going on, where the hacker tools and incident handling gives you some hands-on playing and knowledge you'll want for incident response. I wasn't doing any network monitoring in my role though, so didn't keep up the intrusion analyst cert, but I did love the course.

  9. Everything at OpenSecurityTraining.info... by BIOS4breakfast · · Score: 2
    ...assuming you're the kind of person who wants to know how systems work, as opposed to how to run tools.

    OST doesn't cater to all topics (yet), because it's volunteer driven. Its primary volunteers thus far have come from a deep system security background. Its assembly, OS/BIOS internals, exploits, and malware curriculum tracks are the most developed, and far deeper than anything you'll (ever) find at SANS, since OST is not commercial and therefore doesn't have to pander to popularity and buzzwords and try to deal with the never-ending churn of trying to put butts in seats.

    OpenSecurityTraining.info/Training.html