There's so many, what are the legit ones?
I'm planing to take it
>>59798926
OSCP
>>59799099
why?
Certs from offensive security and giac are the most respected and will get you the best jobs. (Taking the OSCP later this year)
CISSP is laughed at.
Security+ and CEH are the most looked for (statistically and currently) but not for being good.
I've been through the courses for most industry certs, I CTF regularly, hold certs, have a nicly build hacking lab, and advice students occasionally.
Also am part of OWASP, infosec cons, etc. If you give a shit, feel free to AMA.
>>59800831
But CISSP is the gold standard. Even Charlie Miller has one and he knows how bad it is, but it's still the gold standard. 4 years of proven job experience and someone with a CISSP to vouch for you is probably what makes the cert valuable.
>>59800975
>4 years
>someone to vouch for you
lol it's like they're weeding out the autists who can't hold a job
>>59800975
I agree. Still laughed at the weebs of infosec. I personally don't care, whatever lands you the job and gets you paid the most.
>>59798926
Here you go OP: https://github.com/enaqx/awesome-pentest/blob/master/README.md
Lots of good info all in one place. Will help point you in the right direction
Isn't their some kind of cisco things where if your employees hold certain certificates you can get huge discounts on cisco products, so companies tend to hire people with the csico certs?
Not sure if this applies to security, but the popular routing route.
Many people seem to think CISSP is a technical cert and then whine about it when their new CISSP hire can't configure their firewall. CISSP is a security management cert primarily. Technically you could qualify after passing the exam and just having a background in risk management. But it's a tough cert to get and you will not pass unless you have a very thorough grasp of information security in the widest sense. Information security != IT security. People who denigrate CISSP do not seem to understand this basic fact. The fault lies with sloppy hiring practices, not with people who have the experience, intelligence and tenacity to pass CISSP
>>59798926
anything GCIA
any of the OffSec ones
CISSP is garbage manager-tier shit
>>59801549
>not with people who have the experience, intelligence and tenacity to pass CISSP
>t. butthurt CISSP #9916516
CISSP is shit, the kind of person who maintains a security posture for an org should at the very least know how to config a fucking firewall.
It's not like you're asking to write shellcode.
>>59803388
That's something they will get IT to do.
>>59799090
Hope you realize that you need at least five years of experience in a security field to get the cert.
>>59803489
How can you properly understand security if you can't even configure a secure environment yourself?
At best you'd just be reliant on skiddy tools to find vulnerabilities.
phd, fields medal, turing prize, fsf award
>>59803582
There's no way anyone has enough knowledge to configure a modern 10,000+ client enterprise network in a secure fashion. There are teams of people who do that and each person specializes in something. Those teams work over time to further secure their network as they learn more about their weaknesses.
>>59805343
I agree here, most of the people with a CISSP are not the actual system administrators. The CISSP is for management positions in large organizations. I'm not saying it's a great standard, but it is one. If you want to make it better, contribute, stop complaining.