[Owasp-austin] Security Certification Question

Snider, Matthew Matthew.Snider at cliftoncpa.com
Thu Apr 28 14:00:40 EDT 2011

RE:  I wish to do security related certification i am good in linux,ruby
moderate c programming CISSP, OSCP ,SANS there are a lot of cretifications
which one should i go for i am mostly interested in malware level coding and
I am a second year undergraduate in Information technology.

please help! i have been already using backtrack linux for the past 2 years!


Saw your post on the OWASP mailing list, so I thought I'd share my two
cents.  Given your background and career aspirations, I would say the CISSP
is way too much for what you're looking to do.  CISSP is all-encompassing,
folks like to say it's a mile wide but only an inch deep.  So to do that
cert you'll have to learn about fences, lighting, fire extinguishers,
cryptography (DETAILS!  It's hard), business continuity and DR, etc.  In
addition you'll need five years of professional experience to qualify as a
CISSP.  You can pass the test and become an "Associate of ISC2" but that's
not a CISSP.  Down the road as your career progresses I would say definitely
go for the CISSP, in my opinion it's the gold standard of security.

If you're just trying to get a security cert that you can put on a resume,
maybe CompTIA Security+ would be a better option. It's broader than just
malware but much more manageable than the CISSP without the experience

If you are really interested in malware analysis, etc, then I'd look to
SANS.  They have two courses which could be relevant:

 Reverse-Engineering Malware (Forensics 610)

If you're really strong on the coding side, another option is Advanced
Exploit Development (Security 710).


The thing about SANS though, since you're a student, is that SANS is very
expensive.  But like the CISSP, it to me is the gold standard.  I've never
taken a SANS course but I have wanted to for the last 10 years at least.
Maybe there are student discounts?

One other avenue to consider is linux certification--the LPI is pretty good
I think.  It's not security-specific, but linux is a good place to be right
now career-wise.

Anyway, hope this helps.  If you have additional specific questions please
let me know and I'll try to assist.  Good luck!

Matt Snider

Manager, IT Assurance Services
Clifton Gunderson LLP
11044 Research Boulevard, Suite C-500
Austin, TX  78759
512.342.0800 / FAX 512.342.0820
Direct: 512.340.7428
Matthew.Snider at cliftoncpa.com


**** Clifton Gunderson LLP Internet Email Notice ****
The information contained in this e-mail is confidential and is for the use
only of the intended recipient. If you are not the intended recipient, any
disclosure, copy, distribution or other use of this  information is
prohibited. If you have received this communication in error, please notify
us immediately by telephone and delete or discard this message immediately.
IRS rules, which govern the way we conduct our tax practice, dictate that we
give you the following notice: Any tax advice included in this communication
(including attachments) is not intended or written to be used, and it cannot
be used by any taxpayer, for the purpose of avoiding penalties that may be
imposed on the taxpayer.
Owasp-austin mailing list
Owasp-austin at lists.owasp.org

More information about the Owasp-austin mailing list