-1

The company I'm working in propose among others the following courses related to security

  • ISO 27001 Lead Auditor
  • ISO 27001 Lead Implementer Certified
  • Certified Information Systems Security Professional (CISSP) Exam Preparation Program

I don't work directly with security but I want to take one of these courses mostly to widen my horizon and to get necessary knowledge for the future prospectives.

I'm more interested in technically related subjects than in organizational or management stuff.

Which course should I take?

Oleg Pavliv
  • 117
  • 3

2 Answers2

4

This question is subjective because it really does depend on the direction you want to go. My advice would be to go for the CISSP because it is a very broad and it would give you a survey of the different areas of security. ISO27001 is a standard and very focused around certain areas, you wouldn't lean that much. Plus, it's really, really boring. Not that the CISSP material is excitement personified, but it's not too bad, especially if you really are new to security. Plus, the CISSP really does open doors in your career in ways that ISO27001 won't.

One thing about the CISSP though, you need to have 5 years or so experience in security to get the full CISSP certification, without that you would only get an associate (or something like that) certificate until you can prove a certain level of experience.

GdD
  • 17,291
  • 2
  • 41
  • 63
2

There are many security related certifications that are more technical than management related.

These are some:

CompTIA Security+
GIAC Security Essentials
Certified Ethical Hacker (CEH)

Security+ is a more "neutral" security cert in that it is vendor agnostic, unlike something like a VMware or Cisco certification. It focuses on cryptography and a broad base of security related subjects such as viruses, physical security, and network access control. Anyone that has been around any of the "hacking" environments or studied it should have a relatively easy time passing this exam. There are training courses out but I wouldn't spend much extra money on them. Just get the book. Also being CompTIA you have to have the CE (continuing education) part of it now that you have to have so many Continuing Education Units (CEU) or the cert expires after I believe 3 years.

The GIAC is also an entry level security cert and has some similar features of Security+ but it is highly more expensive. It also has a continuing education requirement.

Certified Ethical Hacker is a lot more to do specifically with its namesake, hacking, and how to beat hackers at their own game. It deals with cryptography, penetration testing, firewalls, SQL injections and a plethora of other hacker related topics. It's more than Security+ but cheaper than GIAC and I would recommend attending a class for this one. This also has a continuing education requirement.

Travis
  • 331
  • 1
  • 5