That is the question. Whether ‘tis nobler in spirit to suffer the slings and arrows of being stuck in an administrative capacity or to take up arms against a sea of job postings requiring proof of your knowledge and, by earning certifications, get them.
Let’s discuss certifications. Which ones are worthwhile? Which of them are hardest? Are any of them going to you help get a better job? Most importantly, which require you to gain the most practical knowledge to pass (therefore benefitting you most in the long run by enhancing your knowledge base of useable techniques)?
The unfortunate truth is that certifications are big business. However, most companies will pay IT professionals more if they have a few. Depending on your area of expertise or the job you are shooting for, there are various paths that you can choose to take. Since my focus is security and, more specifically, offensive security, this is the area on which I have focused in this blog post.
About 8 years ago I got lucky and was put into a position in the Army that eventually moved beyond its initial scope of administration into the field of IT security. I was given a chance to be the Security Officer for a battalion, which led me to the decision to pursue a career in that field. Up to that point I had been the network, system, server, and security administrator for the unit but had not yet been able to spend my time focusing on security. I had earned only the CompTia Network+ certification which was required to have a domain admin account. It was time for me to pick a certification path, and I chose to begin gathering the certifications necessary to advance my career in penetration testing.
The next logical certification for me to pursue at that time was the Security+, also offered by CompTia. This is definitely a beginner cert that mostly requires learning enough to pass a 100 question test, but it was a great introduction into the field. After this certification was complete I had gained enough knowledge about the sector to be able seriously consider the next steps in my path. I can say with certainty that there is no hard and fast route take, as there are a variety of options available. However, these are the steps I took which seemed to best support my goals.
Since Penetration Tester was my ultimate goal I next sought the Certified Ethical Hacker (C|EH) from EC Council. This too is a multiple choice type test that required me to learn some of the basic techniques of penetration testing in order to pass. After this it was logical to pursue the Licensed Penetration Tester (L|PT) certification, also from EC Council. In order to earn the L|PT you must first take and pass the EC Council Certified Security Analyst (E|CSA) exam. The L|PT is a multiple choice exam as well that is essentially an extension of the C|EH and required a minimal amount of studying to enhance what I had learned for the C|EH. To pass the L|PT you must take a practical exam requiring that you perform a full scale penetration test on a virtual system provided to you by EC Council and write a full report. You have one week to complete the report and submit it. This exam greatly helps aspiring penetration testers for the real job which requires frequent technical writing in this same vein.
As it stands, these are the certifications that I currently hold, but I do have two “in the wings” for which I have vouchers. One is the eLearnSecurity Certified Professional Penetration Tester (ECPPT) which is similar to the L|PT in that it requires the use of penetration testing skills in a practical exam. The first part of the exam is an actual pen testing exercise on a virtual network provided by eLearnSecurity. The second half of the test, like the L|PT, requires that you submit a penetration test report to the examiners and with a pass or fail given based on your finding and reporting skills.
The other exam I am taking in the next couple of months is the Certified Information Systems Security Professional (CISSP). This is a certification that I have seen required on a number job postings. While it is not penetration testing specific, it is well respected and known as a tough test that winnows out the less knowledgeable. This exam is likely to be most strenuous I have ever studied for and is known for being brutal. When taking the exam you are given 250 multiple choice exam questions to be answered within a 6 hour timeframe.
A few other certifications that are on my target list and that some of my colleagues hold are listed here. SANS has a plethora of useful certifications available through its Global Information Assurance Certification (GIAC) program. Some of the more sought after are: GIAC Assessing and Auditing Wireless Networks (GAWN), GIAC Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Web Application Penetration Tester (GWAP). Finally, one of the most well regarded of the various “practical” exams is the Offensive Security Certified Professional (OSCP). This one is highly respected because Offensive Security is the organization that produces the Kali Linux distribution.
My path through certification has helped my career immeasurably. With every certification, I have been able to take professional steps that have brought me closer to my ultimate goal. The value of carefully chosen certifications cannot be stressed enough, and it should be noted that many companies are happy to help support employee education by underwriting part or all of the costs for getting and maintaining them. The choices I have made with regards to gathering certifications have greatly influenced my career, leading me to my current position as a Penetration Tester for a major financial services firm. I have no doubt that these next certifications will yield more opportunities for professional growth.