What security certifications are ideal to obtain when pursuing a career in cyber security, more specifically a position dealing with cybercrime?
#cyber-security #cybercrime
8 answers
Joel’s Answer
There are five GIAC certifications related to digital forensics.
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Advanced Smartphone Forensics (GASF)
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Network Forensic Analyst (GNFA)
- GIAC Reverse Engineering Malware (GREM)
Any of these would be beneficial for someone seeking a position in fighting cybercrime.
Joel recommends the following next steps:
Thank you so much Mr Snider. I will certainly look into these certifications and see what each entails and which best fit what I'm looking for.
Armando
ROBERT’s Answer
I would suggest you look into a law enforcement training track. When we have brushed against actionable crime in business we always need to turn it over to police or FBI to take action. From my interaction with law enforcement you will have much more trust & opportunity if you become an officer or special agent first, then specialize in a unit focused on cybercrime.
ROBERT recommends the following next steps:
Thank you for the advice Mr. Sullivan. I actually originally planned on pursuing law enforcement and majored in criminal justice in my undergrad. This is certainly something that I have considered and is of great interest, I will certainly follow up with Mr. Michaels for further insight.
Armando
KC’s Answer
If you're looking for a role in cyber security, certifications certainly won't hurt. However, companies where security engineers are doing the hiring tend to focus more on practical skills and an understanding how how to assess and address risk. Certifications don't necessarily reflect those skills in practice. In fact, most of the brightest people I know in infosec do not have certifications. By no means am I assuaging you from pursuing that. But many security certs require years of experience, so you run into frequent 'chicken-and-egg' issues. Instead, spend your time interacting with others around your geographical area that are security engineers. If you have a local BSides, OWASP, or DEF CON group, reach out to them to help assess the resources available to you based on your interests. Explore, do, challenge yourself! We need you!
Exceptional advice thank you. I certainly want to do what is necessary to obtain those critical security skills. I will definitely be pursuing some certifications, but I understand what you mean when you say that certifications don't necessarily mean you have those fundamental practical skills. My aim is to learn as much as I can from current security professionals and resources in order to develop the essential skills and knowledge that I need to excel in the information security industry. I will definitely look into the security groups that you suggested!
Armando
Stacy’s Answer
Hello Armando,
Here is a link from the College Board website that can give you a head start about some possible career paths that you can choose from. Definitely, if you want to work for the CIA or FBI, you would be required to get a MA (Master's degree).
Hope this helps you a little to figure out your future endeavors (:
Thank you so much it will certainly give me a better idea of what to expect and how I should prepare. I really appreciate it!
Armando
Doris’s Answer
Hi Armando,
Here's another link with great info on getting your OSCP.
https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html
Good luck!
Thank you Mrs. Delgado the link your provided is certainly helpful in giving me insight on what to expect. I am currently focused on obtaining my Security+ , but will be referring back to this link and to better prepare when I am able to pursue the OSCP.
Armando
Thank you Mrs Delgado the link you provided is certainly insightful on what to expect when obtaining the OSCP. I am currently pursuing my Security+, but will be referring back to this when I am ready to obtain my OSCP.
Armando
Jessica Valentine’s Answer
Hi Armando! Look into the Security+ certification with CompTIA and the CISSP (associate level can be achieved prior to the 5 years of required experience.
Thank you for the tips Mrs. Valentine I have actually looked into the security+ and will definitely be pursuing it this year. I will also look into the CISSP and learn more about the requirements and benefits.
Armando
Mariana’s Answer
Hi Armando, GIAC is definitely a great start, but it's somewhat general and broad. OSCP (Offensive Security Certified Professional), it's hands on, with explanation on techniques. The material will lead you to a lab and prepare you for the exam.
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
A couple of books that will help you are Practical Malware Analysis. The Rootkit Arsenal. Reversing Secrets of Reverse Engineering.
Mariana recommends the following next steps:
Hello Mrs. rodriguez thank you for the exceptional advice. I will certainly follow up on each of these and learn as much I can to prepare myself. The OSCP certification is certainly of interest to me and I plan pursuing it and any other essential certifications that will strengthen my understanding of vital security topics.
Armando
Awesome to hear Armando. Happy learning!!
Mariana Rodriguez
Miguel C
Miguel’s Answer
These are all great recommendations. I would suggest acquiring some foundational knowledge on Computer/Digital Forensics and then finding a certification specific to the forensic tool you will use such as EnCase https://www.opentext.com/products-and-solutions/services/training-and-learning-services/encase-training/examiner-certification. The GIAC certifications are good but quite broad. I found a product specific certification provides more value on the use of the tool and the process it is built for which is aligned with industry best practices.
You can create a test lab to practice with open source tools. Many are available https://www.guru99.com/computer-forensics-tools.html