I have completed the following security training and certification courses:
Certified Information Systems Security Professional (CISSP)
I think the CISSP provides a great set of security fundamentals across ten different domains. My primary criticism of the CISSP is people tend to perceive it as a certification that's a mile wide and an inch thick. I definitely felt that way - I completely overstudied for certain areas, and felt slightly unprepared for others. With that said, it is a good security primer but I don't think anyone - including me - should hang their hat on this certification as the be-all and end-all of security knowledge.
I did a podcast episode featuring a little deeper dive into the CISSP to help potential students decide if it's the right cert for them.
Offensive Security Certified Professional (OSCP)
The OSCP is, according to the certification Web site, "the world’s first completely hands-on offensive information security certification. The OSCP challenges the students to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam."
In short, if you want to learn how to actually hack systems, this is the training and cert for you.
I created a nine-part podcast series all about my experience taking the training and test, in hopes that it will help others "try harder!" (the OSCP motto) and conquer the OSCP.
Offensive Security Wireless Professional (OSWP)
The OSWP, according to the certification Web site, "is the only practical wireless attacks certification in the security field today. The OSWP challenges the students to prove they have the practical ability to perform 802.11 wireless audits using open source tools through a hands-on, four-hour certification exam."
I really enjoyed this course, although it feels a bit due for a refresh. The content and hands-on hacking primarily focuses on attacking WEP and WPA, and doesn't get into WPA Enterprise, which is more common to see in the corporate world.
I recorded a four-part podcast series on the OSCP to help other prospective students acquire the necessary equipment to practice and pass the certification.
Certified Ethical Hacker (CEH)
The CEH certification helps students understand the mindset and methodology of an attacker, with an introduction to the technical skills required to conduct ethical hacking. The training concludes with a four-hour, multiple choice exam.
I felt the CEH did a good job of providing me with some technical security fundamentals, but that the OSCP provided much more technical, tangible, hands-on skill for my dollar. I did a blog article featuring a review on the CEH, as well as a podcast episode on how to pass the exam. I also did a podcast episode comparing OSCP vs. CEH to help prospective students decide which path was right for them.
Other Relevant Certifications
I have completed several other technical and security-focused certifications to increase my depth and breadth of knowledge. These include:
- Sophos Certified Engineer (2017)
- CompTIA Network+ Certified (2012)
- Watchguard Certified System Professional (2010)
- NetApp Accredited Storage Architect Professional (2010)
- Cisco Certified Network Associate (2008)
- Apple Certified Help Desk Specialist (2007)
- Microsoft Certified Desktop Support Technician (2006)
- CompTIA A+ Certified (2006)