Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Education Security

Ask Slashdot: Worthwhile Security Training Courses? 70

ageoffri writes: I'm going to be able to take one, or maybe two, training courses next year and starting to figure out what would be a good course to take. While I'm not 100% sold on the concept of certs as the be-all and end-all of demonstrating knowledge and more importantly application of that knowledge, if someone else is going to pay for them I figure, Why not? Right now I'm leaning towards classes that have certs associated with them since HR drones look for letters. I also wouldn't mind a class that is just fun and interesting even if it isn't directly applicable to what I do currently. My short list is: CCSP by Training Camp (SEC503); Intrusion Detection In-Depth by SANS (GPPA cert); SEC504: Hacker Tools, Techniques, Exploits and Incident Handling (GCIH cert); and SEC550: Active Defense, Offensive Countermeasures and Cyber Deception (no cert). The first two directly apply to my day to day job. The third one just looks like fun, while the last one is also fun sounding, but I doubt I'd have much opportunity to put the skills to use. I'm curious what others here are thinking about for future training and other options to consider. I already have my CISSP, along with an MS in Information Assurance, so the two obvious choices are finished.
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Worthwhile Security Training Courses?

Comments Filter:
  • OSCP (Score:4, Informative)

    by bluefoxlucid ( 723572 ) on Thursday October 22, 2015 @02:42PM (#50782995) Homepage Journal
    Get the OSCP.
    • by Anonymous Coward

      +1 - Doing the class right now and having fun and learning a lot. You can take the class and test online, saving your company travel $$ too. Prices are very low - a lot of bang for the buck. As a CISO, I would look quite favorably on someone having the OSCP cert.

    • by s.petry ( 762400 ) on Thursday October 22, 2015 @04:28PM (#50783837)

      The real answer is that it "depends". Like "What should I get my degree in if I want to head to Law School?" Well, are you going into criminal law, tax law, constitutional law? Theoretically it should not matter, but in practice a History major makes a better Constitutional lawyer where a Business/Accounting major will do much better in Tax law. So what do you plan to get out of the certification or class?

      CEH is one of my favorites because it covers lots of the legal aspects of white hat hacking, while teaching you how to hack. The first is more in depth for the CISSP so should be the easy part. OSCP is similar to CEH in that it focuses on the hacking aspects (pen testing). If you are looking to be more independent you may wish to forgo additional "Security" related certifications and get a RHCE/RHCA to provide some clout in that direction. Then as you note there are numerous non certified training camps which are very good to have if you just want to learn. If you plan on Law enforcement you could focus on forensics, cryptography for intelligence, low level network monitoring (in depth Ethernet, TCP/IP inspection), etc.. etc...

      Then there is the DOD/GOV side which has different rules and certifications. You can start by looking up DISA, JAFAN, NISPOM (should most get you to .mil sites).

      • The CEH is certainly something that looks good on the CV, but I have never met a pen tester or IT Security manager who actually held it in high regard. The OSCP is by all accounts an order of magnitude more difficult, more relevant and more respected. I'm not opposed to multiple choice exams (I have several of the certs mentioned here and am quite proud of it) but for me it just doesn't add up that you can demonstrate a practical skill such as hacking through this form of test.
  • by i.r.id10t ( 595143 ) on Thursday October 22, 2015 @02:43PM (#50783007)

    You have a masters... will work pay for you to keep taking courses to get a PhD ?

  • Offensive Security

    https://www.offensive-security... [offensive-security.com]

    and a masters in CS

  • http://www.aspectsecurity.com/... [aspectsecurity.com]

    I've taken this class. Can't recommend it strongly enough.

  • General Security (Score:4, Interesting)

    by jon3k ( 691256 ) on Thursday October 22, 2015 @03:08PM (#50783255)
    Generalized security is mostly bullshit. It's all an inch deep over a broad area. For it to be worth a shit you need to be a specialist who understands a particular area and knows enough about it to understand how to secure it.

    But as far as what bullshit security certification generates the most cash in your pocket? I'd guess CISSP [isc2.org].
    • If you bother to read the summary: "I already have my CISSP, along with an MS in Information Assurance, so the two obvious choices are finished."

      So the question should really be what to take after being BS-certified by Microsoft and CISSP.

      • by jon3k ( 691256 )
        Yeah way too many words, not that interested. But with that said, I'd say specialize in something. Just getting "security training" with no particular objective or aim is kind of a waste of time.
      • by nharmon ( 97591 )

        So the question should really be what to take after being BS-certified by Microsoft and CISSP.

        I think "MS in Information Assurance" was referring to a Master of Science degree, and not a Microsoft cert. But don't let me get in the way of you telling off someone about their reading skills. :)

        • Never heard of a master degree in Information Assurance. Looks like an East Coast thing. I was puzzled why another commentator referred to a master degree when no master degree was mentioned in the summary. I thought it was an obscure Microsoft (MS) certification.
          • Never heard of a master degree in Information Assurance.

            We are all ignorant of something. That's ok. The important thing is not to be quick in jumping to conclusions without first checking our assumptions.

            With that said, calling it an "East Coast" thing means what? You never knew about the degree, but you think you can call it names or something? Dude, expand your horizons. Ignorance is not bliss.

            • A Google search came up with a bunch of East Coast schools with that degree program. Since I'm on the West Coast (California, in particular), it's an easy assumption to make.
  • by Anonymous Coward

    It's called hacking, once you get a few hundred under your belt, then you can call yourself a security professional.

  • courses (Score:4, Informative)

    by An ominous Cow art ( 320322 ) on Thursday October 22, 2015 @04:52PM (#50783975) Journal

    I took the SANS Intrusion Detection and Hacker Exploits courses 10+ years ago and they were very good. It was a long time ago, though, and I don't know what the courses are like now.

    • by Anonymous Coward

      It's still excellent, but very expensive. I have SANS certs I am probably going to let expire because it's too hard to monetize the cert if you are not doing consulting or something where people actually look for certs...

  • by Tool Man ( 9826 ) on Thursday October 22, 2015 @06:00PM (#50784337)

    I've taken the intrusion detection and incident handling courses, with certs in both (still have the latter). When considering them, try to align with what you figure you'll be doing job-wise, if you know. The intrusion detection stuff was great for grubbing through packets to figure out what's going on, where the hacker tools and incident handling gives you some hands-on playing and knowledge you'll want for incident response. I wasn't doing any network monitoring in my role though, so didn't keep up the intrusion analyst cert, but I did love the course.

  • ...assuming you're the kind of person who wants to know how systems work, as opposed to how to run tools.

    OST doesn't cater to all topics (yet), because it's volunteer driven. Its primary volunteers thus far have come from a deep system security background. Its assembly, OS/BIOS internals, exploits, and malware curriculum tracks are the most developed, and far deeper than anything you'll (ever) find at SANS, since OST is not commercial and therefore doesn't have to pander to popularity and buzzwords and tr

  • Follow the new mil security and gov educational funding over the past decade. A lot of fancy public/private sector entry level university academic offerings quickly divert cyber or security course selection into only what the US gov or mil needs. The talking to good people with years of broad math, science, engineering skills and offering them the option to enter gov/mil contracts seems to have been replaced.
    Pack entry level classes with students interested in security and pick the best in the open se
  • I just spoke to a recruiter in my company's MSSP division. Recommendations:

    CISSP (you're all set)

    Tack on some SIEM certs or experience for good measure.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling