[Owasp-austin] Security Certification Question

Snider, Matthew Matthew.Snider at cliftoncpa.com
Thu Apr 28 11:16:50 EDT 2011


RE:  I wish to do security related certification i am good in linux,ruby moderate c programming CISSP, OSCP ,SANS there are a lot of cretifications which one should i go for i am mostly interested in malware level coding and analysis!
I am a second year undergraduate in Information technology.

please help! i have been already using backtrack linux for the past 2 years!


Hello,

Saw your post on the OWASP mailing list, so I thought I'd share my two cents.  Given your background and career aspirations, I would say the CISSP is way too much for what you're looking to do.  CISSP is all-encompassing, folks like to say it's a mile wide but only an inch deep.  So to do that cert you'll have to learn about fences, lighting, fire extinguishers, cryptography (DETAILS!  It's hard), business continuity and DR, etc.  In addition you'll need five years of professional experience to qualify as a CISSP.  You can pass the test and become an "Associate of ISC2" but that's not a CISSP.  Down the road as your career progresses I would say definitely go for the CISSP, in my opinion it's the gold standard of security.

If you're just trying to get a security cert that you can put on a resume, maybe CompTIA Security+ would be a better option. It's broader than just malware but much more manageable than the CISSP without the experience requirements.

If you are really interested in malware analysis, etc, then I'd look to SANS.  They have two courses which could be relevant:

 Reverse-Engineering Malware (Forensics 610)
http://www.sans.org/selfstudy/description.php?tid=4607


If you're really strong on the coding side, another option is Advanced Exploit Development (Security 710).

http://www.sans.org/selfstudy/description.php?tid=4777

The thing about SANS though, since you're a student, is that SANS is very expensive.  But like the CISSP, it to me is the gold standard.  I've never taken a SANS course but I have wanted to for the last 10 years at least.  Maybe there are student discounts?


One other avenue to consider is linux certification--the LPI is pretty good I think.  It's not security-specific, but linux is a good place to be right now career-wise.
http://www.lpi.org/eng/certification/the_lpic_program


Anyway, hope this helps.  If you have additional specific questions please let me know and I'll try to assist.  Good luck!

Thanks:)
Matt Snider



Matt Snider, CISSP, CISA, CCENT
Manager, IT Assurance Services
Clifton Gunderson LLP
11044 Research Boulevard, Suite C-500
Austin, TX  78759
512.342.0800 / FAX 512.342.0820
Direct: 512.340.7428
Matthew.Snider at cliftoncpa.com

www.cliftoncpa.com





**** Clifton Gunderson LLP Internet Email Notice ****
The information contained in this e-mail is confidential and is for the use only of the intended recipient. If you are not the intended recipient, any disclosure, copy, distribution or other use of this  information is prohibited. If you have received this communication in error, please notify us immediately by telephone and delete or discard this message immediately. IRS rules, which govern the way we conduct our tax practice, dictate that we give you the following notice: Any tax advice included in this communication (including attachments) is not intended or written to be used, and it cannot be used by any taxpayer, for the purpose of avoiding penalties that may be imposed on the taxpayer.


More information about the Owasp-austin mailing list