The Certified Ethical Hacker (CEH) certification has become one of the hottest certifications in the INFOSEC field. I have been seeing a lot of job postings requiring or desiring candidates with this certification. Some of the federal contractor jobs are offering $120k+ per year! Employers these days (especially the federal government) want their employees to have a “mind like a hacker.” Having the skills to do penetration testing on your own network has become highly sought after after all the recent high profile data breaches. The OPM data breach was a big wake up call for the federal government and they are hiring thousands of cyber security professionals. Having the skills to use the open source network penetration tools is key.
I recently took and passed the CEH exam and used Matt Walker’s CEH Certified Ethical Hacker All-in-One Exam Guide, Third Edition with awesome results. I considered doing a 5 day boot camp, but decided to try a self study first to see how difficult the material was. I felt like this book covered the material well enough to pass on its own with out having to use additional exam simulators although any extra studying wont hurt your chances. Already having the CompTIA Security+ really helped me understand some of the concepts in this book. I’ve taken a lot of certification exams and have read through many certification books and this is honestly one of the best ones I’ve used so far. The book’s author is really good at keeping the material interesting and entertaining. There were even a few parts that were funny! Enough for it to not seem like such a chore to read through. The material is condensed into easy to comprehend sections. I found the official EC Council material to be very dry and hard to get through. This book does a much better job of keeping the concepts interesting. Even though you wont learn and master everything you need to know to become a true “ethical hacker,” most people will be able to pass the test using just this book. The exam itself seemed much easier than I was prepared for after doing the practice questions in the book. The actual test questions felt very familiar to the style of the book. One thing to keep in mind while studying this material is the practical use of some of the networking tools. Make sure that you are comfortable with the tools in the labs. NMAP sticks out as one of the tools that had a lot of uses on the actual test.
The GIAC certifications from SANS are a relative new comer to the Information Security game, but they have come out with a bang in the past few years and have become VERY popular among employers who are seeking applicants with real technical knowledge. The federal government even qualifys it as a Technical level I certification according to the DoD 8570.1m. I took the GIAC GSEC certification boot camp 4 years ago and it was by far my favorite class so far. The instructors were very well prepared and really knew how to practice the principals, not just teach them. The classes themselves were very long but during the night classes, you actually get hands on with the latest hacking tools. It was very cool to learn how to use some of the tools that the hackers were using against our networks. Some of the students even decided to try these tools on the hotels network that night! The test itself was pretty difficult. I am almost happy to say that because it really proves that you know your stuff. It’s not just a fluff test like some of the other INFOSEC certifications. To be honest though, I failed the test on the first try. I thought I was prepared for how technical the test was, but I was not prepared at all for the in depth questions on using the hacking tools. For my first try I just used the SANS study materials and looking back, I feel like they give you a mountain of information, but with no real way to study it for the actual test. I decided I needed to supplement the SANS materials with an actual study guide. I went online to find the best reviewed GSEC books and came across the SANS GIAC Certification: Security Essentials Toolkit (GSEC) book by Eric Cole.This book really changed the way I attacked the GSEC exam and made a huge difference in my knowledge retention. I also loved how the book actually taught me the principles while preparing me for the test. For someone just getting into Information Security and really looking to build a technical foundation that employers will drool over, this certification is an excellent way to start. After I passed the test, my employer was very impressed. They actually gave me a 8% raise just for passing the test. It was great for them because they could bill customers more for DoD 8570.1m certified employees. Now when they put out job ads, they always include SANS GIAC GSEC as “highly desired”. They will always pay more for someone with this certification because unlike a lot of the other Information Security (INFOSEC) certifications, this one actual shows you have technical working knowledge, not just theoretical knowledge.
The CompTIA A+ is a beginner certification used to get your foot in the door as a new professional. Most of the people going for this exam are newly working in the information security field or are just out of school and are trying to gain an edge in today’s job market. I first got this certification when I was going through college and before I was working full time. I knew that I had to have some certification to set myself apart from the other fresh college grads looking to break into the Information Technology field. Now, to work for any DoD agency or contractor you have to have AT LEAST this certification just to be able to work in the field. As a new employee entering the job market, people that hold this certification and jump into the Information security field right out of school have reported earning anywhere from $35,000 all the way up to $55,000! I purchased the CompTIA A+ Certification All-in-One Exam Guide, Seventh Edition book based on extensive research from other people who have successfully passed the test and couldn’t be more happy. This book teaches you EXACTLY what you need to pass the A+ test. It was very easy to read and was laid out perfectly. I would highly suggest this book if you are looking to get into the Information Security field and need a certification under your belt.
The CompTIA Security+ is a less difficult certification than some of the other certifications but it still holds value in the eye of employers. Employers are more familiar with this certification than a lot of the other ones even though they may be prestigious. The Security+ is also a very valuable certification for information security professionals. Information security professionals with a CompTIA Security+ certification can make around $75,000 a year on average and in many cases experienced professionals will make even more. Federal government employees working an information security job may be required to get this certification according to the DoD 8570.1m. An experienced information security professional and even most novices can pass this certification with a little at home self study. I was able to pass this certification easily by just studying the CompTIA Security + All-in-One Exam Guide on my own time. Many of the questions in this book are the exact same questions asked on the exam. I would definitely recommend this book to other just based on the fact that it gets right down to the information covered on the test and cuts out all the rest of the filler information that you find in the boot camps and other self study books. The CompTIA Security+ is a great starting point for people just getting into the field of information security or for employees that have already established themselves but are looking to move up in salary or position.
The Certified Information System Security Professional (CISSP) certification offered by ISC2 is the most highly sought after certification for employers. ISC2 has done an excellent job marketing this certification as the top credential for information security professionals. Nearly all of the high level INFOSEC jobs within the private industry and federal government require the employee to hold this certification. This certification qualifies you to work at any level in the DoD according to the DoD 8570.1 manual. Since this certification is the most highly sought after, it is also the most highly paid. CISSP’s can easily pull in $100,000 a year and in many cases even more. Holding this certification has given me enormous opportunity in the information security profession and has added to my salary significantly. After passing the test and obtaining the CISSP certification my employer immediately gave me a 18% raise which has become very common. This certification, however, is not an easy achievement. People routinely study for months to prepare for the grueling 6 hour 250 question test. I was one of those people that didn’t have a ton of free time to study since I was working full time. I decided that I would purchase a self study kit and use any free time I had to prepare. After researching self study book for a few weeks and talking to other CISSP’s I decided to use the CISSP All-in-One Exam Guide, Seventh EditionI used the same book publisher for my Security+ certification so I knew the quality and content of this book would be top notch. Many of the CISSP’s consider this book to be the bible of the CISSP. Purchasing this book turned out to be a great decision as I was able to pass the test on my very first try! This book has become the go to book for nearly all CISSP candidates. Every CISSP that I spoke with said that they started out their preparation with this book and all of them said they don’t know if they would have been able to pass the test without it. I can certainly agree with that statement!