[Owasp-scotland] Low Cost Training

Lee Lawson leejlawson at gmail.com
Wed Feb 17 16:02:57 EST 2010 

One of my penetration testers took the offensive security exams and  
gave them the thumbs up. He said the content was thorough and relevant  
so I would go for them as a training tool. Unfortunately, Rory is  
right. Some are better known but lesser regarded as it's down to the  
marketing machines they have.

I would start with the O.S. courses and see about CISSP or SSCP. CEH  
is worth doing only because of the HR process knowing shag all about  
pen testing and looking for that buzzword. CREST will be out of your  
league in terms of cost (£1600 to sit the exam I think) and experience  
(Rory, I hear you are prepping for the app exam, is that right? Me  
too, in which case we should get our heads together and help each  
other study?)


Back to the subject, if you can wangle a few months internship at a  
consultancy then that will really help kick start your career. Have a  
look around.

Lee




Sent from a mobile device.

On 17 Feb 2010, at 20:17, Rory McCune <rorym at nmrconsult.net> wrote:

> Hi Paul,
>
> hmm interesting question.  There's quite a few certs in the
> Information security world, most of which are pretty specialised, so
> to an extent it depends on what area of security you're interested in.
>
> For general Infosec positions the CISSP goes down well with HR types,
> but it's only open to people with a certain number of years of
> industry experience.  They do have a cert the SSCP
> (http://www.isc2.org/sscp/default.aspx ) which is more geared to
> people getting into the InfoSec industry, but it's not as well known.
>
> On the more technical side, in my experience there's less clarity on
> what the best certs are.  For pen. testing the CREST certs are well
> regarded in the industry, but then again they're more targeted at
> people who've been working in that area for a while.  the CEH is
> reasonably well known but isn't always well regarded...
>
> At the end of the day I'd say that the act of having taken the
> initiative and studied / taken the exam  for most certs. would be seen
> as a plus by most employers, although it doesn't always help get past
> HR if they're looking for specific "keywords".
>
> HTH
>
> Cheers
>
> Rory
>
> On Tue, Feb 16, 2010 at 11:26 AM, Paul Miller  
> <paul.j.miller at gmail.com> wrote:
>> Hi. This is my first post to the list so hope I haven't mussed it up.
>>
>> I am a student studying in Glasgow and expect to have some time  
>> towards
>> the end of the year to dedicate to 'personal' studies. I have a keen
>> interest in InfoSec and would like to earn some kind of  
>> certification.
>> Unfortunately, most of the courses I have seen are way to expensive  
>> and
>> don't offer an exams-only option.
>>
>> The courses offered by Offensive Security seem quite thorough and
>> reasonably priced (they may consider a discount for students) but I
>> wonder what value their certifications would have in the eyes of HR?
>>
>> http://www.offensive-security.com/certifications.php
>>
>> Any thoughts on the best way to go?
>> Paul
>> _______________________________________________
>> Owasp-scotland mailing list
>> Owasp-scotland at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-scotland
>>
> _______________________________________________
> Owasp-scotland mailing list
> Owasp-scotland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-scotland

More information about the Owasp-scotland mailing list