By Henry Dalziel
If you are looking for a certification in information security then you might be feeling a little confused since there are nearly a dozen internationally recognized certs to choose from. The heavy hitters, or rather the better known security certifications out there tend to revolve around those offered by EC-Council, namely the Certified Ethical Hacker (CEHv8) and CompTIA’s Security+ but there are others!
We have arranged the vendor-neutral certifications into separate sections so you can review the various training and self-study options (along with the associated fees) and we have also put a little test together for you to try! If you pass the real-life multiple choice practice test then you are certainly in a very good place and should consider getting certified. Each test, available in all our four certs, lasts only five minutes and there are ten timed questions. If you need help please contact us by email.
Update/ relevant post (June 11th 2013) “Information security certifications. Love ‘em or hate ‘em?” See what others are saying and how they voted regarding whether an information security certification is worth it.
Compare the available study options, fees etc of popular courses, download some basic facts or just take a 5 minute practice test to see how good you are!
OK, so back to the post! What are other information security certifications?
1. CPTC – Certified Penetration Testing Consultant
2. CPTE – Certified Penetration Testing Engineer
3. CompTIA – Security+
4. CSTA – Certified Security Testing Associate
5. GPEN – GIAC Certified Penetration Tester
6. OSCP – Offensive Security Certified Professional
7. CEH – Certified Ethical Hacker
8. ECSA – EC-Council Certified Security Analyst
9. CEPT – Certified Expert Penetration Tester
Unless otherwise stated these certifications are assessed by multiple choice and they require continuing education.
CPTC and CPTE (first and second on our list)
Taking each of these certifications in order: CPTE and CPTC are very similar – but the CPTC is slightly more geared towards the business end of penetration testing. Mile2 offer both of these security certifications and we have already spoken at length on the differences between CPTE and CPTC. We also have a download that examines CPTE in more detail. In summary Mile2 is becoming rapidly popular due to the US military adopting several of their courses and the fact that they have excellent instructors. For more information please click on the above links within this paragraph.
CompTIA Security+ (also known as SY0-301) (third on our list)
The Security+ is an excellent all-round certification in information security. Having been around for a long time now – CompTIA , as a charity and vendor-free organization, remains a highly venerated IT training body. We have a detailed review and a huge amount of information related to Security+ including: “Why study CompTIA Security+?, How to break into Information Security field, (detailed) Security+ syllabus, exam structure – how is it graded?, practice online exam center (Virtual Test Center), an overview of required acronyms, expected salaries and opportunities in 2013, the CompTIA course pathway, 300 interview questions and 13 interview no-no’s! You can get all of that in a nice pdf format here. Worth re-iterating that we also offer for free a Security+ practice exam with model answers!
However – if you don’t have time to drill down into all of that data here is a list of the modules you would have to learn if you decide to sit for the Security+ exam and certification.
1.0 Network Security
1.1 Explain the security function and purpose of network devices and technologies
1.2 Apply and implement secure network administration principles
1.3 Distinguish and differentiate network design elements and compounds
1.1 Explain the security function and purpose of network devices and technologies
1.4 Implement and use common protocols
1.5 Identify commonly used default network ports
1.6 Implement wireless network in a secure manner
2.0 Compliance and Operational Security
2.1 Explain the security function and purpose of network devices and technologies
2.2 Carry out appropriate risk mitigation strategies
2.3 Explain the security function and purpose of network devices and technologies
2.4 Explain the importance of security related awareness and training
2.5 Compare and contrast aspects of business continuity
2.7 Explain the impact and proper use of environmental controls
2.8 Execute disaster recovery plans and procedures
3.0 Threats and Vulnerabilities
3.1 Analyze and differentiate among types of malware
3.2 Analyze and differentiate among types of attacks
3.3 Analyze and differentiate among types of social engineering
3.4 Analyze and differentiate among types of wireless attacks
3.5 Analyze and differentiate among types of application attacks
3.6 Analyze and differentiate among types of mitigation and deterrent techniques
3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities
3.8 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning
4.0 Application, Data and Host Security
4.1 Explain the importance of application security
4.2 Carry out appropriate procedures to establish host security
4.3 Explain the importance of data security
5.0 Access Control and Identity Management
5.1 Explain the function and purpose of authentication services
5.2 Explain the fundamental concepts and best practices related to authentication, authorization and access control
5.3 Implement appropriate security controls when performing account management
6.1 Summarize general cryptography concepts
6.2 Use and apply appropriate cryptographic tools and products
6.3 Explain the core concepts of public key infrastructure
6.4 Implement PKI, certificate management and associated components
CSTA – Certified Security Testing Associate (fourth on our list).
CSTA is maintained by a British organization called 7Safe. CSTA is a four day course and has a syllabus somewhat like the Certified Ethical Hacker by EC-Council. 7Safe have a network of authorized training centers. CTSA is interwoven within lab testing – i.e. the course is very hands-on and practical.
It will be interesting to see the uptake for CSTA. Our hunch is that it will have a difficult time against the strongly established CEHv8 (Certified Ethical Hacker) and Security+. The premise for this security certification is to think and behave like a hacker so that the student will better learn and prepare against attacks. This is all excellent but it just seems very familiar to CEH. Anyways – good luck to them and we will certainly be keeping a close eye on their progress and course acceptance. In their own words, “The CTSA course is suited to system administrators, IT security officers and budding penetration testers.”
We understand that the CSTA is a progression path towards an ultimate goal of becoming a CREST Registered Tester.
OPEN – GIAC Certified Penetration Tester (fifth on our list)
GIAC claims to be the most “methodical pentesting course” that trains the student to seek and destroy security vulnerabilities within weak configurations, unpatched systems, and/ or inherited legacy botched architectures. SANS places emphasis on training the student to work with flawed legacy systems which certainly has appeal in a job interview, especially if the position is to rectify a “broken” network or computer system.
Certainly a very in-depth course GIAC is seeking to covers all elements of successful network penetration testing by training students to improve their enterprise’s security stance. According to the course summary, students learn how to perform detailed reconnaissance, scanning, experimenting with numerous tools in hands-on exercises and exploitation. Similar to CPTC (mile2′s consultancy/ business-leaning cert) GIAC also includes a professional auditing module: i.e. the training includes a module designed to help students understand how to write report that will maximize the value of the penetration test from both a management and technical perspective.
GIAC as you would expect also includes lab work to help the student work with exploitation frameworks and all necessary pentesting tools.
OSCP – Offensive Security Certified Professional (sixth on our list)
The mighty BackTrack pentesting distro is connecting to this IT security certification – meaning that it is the same organization – Offensive Security. (If you are interested in linux pentesting distros we put together a really great list here – which includes our favorite: Backbox).
Relatively new to the stage the “Offensive Security101″ training course seems to be maturing well and gaining acceptance. It certainly was a smart move to create such a popular linux distro and then add IT security courses to it – because, naturally, all the tools contained within the distro are precisely what the (and all information security courses) require you to be proficient with.
This course gives a solid understanding of the penetration testing process. If we understand correctly the course is mainly aimed at the CBT market. The registration entitles you to downloadable “Offensive Security 101″ course videos. For an additional fee you can opt to take their online lab (30 day access) and certification challenge (similar to mile2′s CBT course program).
CEH – Certified Ethical Hacker (seventh on our list)
Yup ok, we are obviously kinda biased to this course since we offer it as a boot camp – but it is a solid, popular and “industry accepted” certification. The exam contains 150 multiple choice questions which must be answered within 240 Minutes with a passmark of 70%
Take our free test if you are interested to see how you would perform in a CEHv8 online practice exam. You can take the practice exam as many times as you wish and our system will even monitor your progress and offer model answers. We also have a huge CEH info pack which contains the following information:
1.0 Why study CEH (Certified Ethical Hacker) in the first place?
2.0 How to break into Information Security Field
3.0 The CEHv8 Syllabus
4.0 Exam Structure – how is it graded?
5.0 Practice Exam (Virtual Test Center)
6.0 150 CEH Acronyms (required for the training course)
7.0 Salaries and Opportunities
8.0 EC-Council Certification Pathway
9.0 InfoSec Interview questions (300 possible questions!)
10.0 Thirteen Interview No-No’s!
Regarding as being content heavy – the CEH still holds sway on our opinion. We think that EC-Council have always believed that to beat a hacker, you need to think like one – and that in our opinion sums up the course perfectly. CEH immerses the student in a hands-on fashion where they are taught how to work, test and audit like a professional ethical hacker. The course starts by instructing students how to breach perimeter defences and then effectively scan and attack networks. True to the principle that you gotta think bad to do good (i.e. think like a hacker) – students will also learn how to escalate privileges, create a secure shell and what steps can be taken to secure a system. In addition, participants will learn about Intrusion Detection, Social Engineering, DDoS Attacks, Buffer Overflows, Virus Creation and more.
ECSA – EC-Council Certified Security Analyst (eighth on our list)
EC-Council are extremely involved in the community. They organize the Hacker Halted conferences in the US and Asia and have been pioneering some really great IT security certifications. Their courses are either offered online, via their iClass course delivery or Live Instructor Led (i.e. in person). Following from CEH is the ECSA – or CSA.
The ESCA is designed to perform better audits of security systems, in other words, what are the result of the pentest? The ECSA is very similar to mile2′s CPTC in that the course is client focused in being able to present accurate data and post-testing suggestions to employer and/ or clients.
ESCA does follow on from CEH (and indeed EC-Council suggest that you first finish Ethical Hacker) because the post-reporting can only be achieved with an understanding of the processes in the first place. In summary, the ESCA’s purpose is to add value to an experienced security professional by assisting them to analyze the outcomes of their penetration tests.
CEPT – Certified Expert Penetration Tester (ninth on our list)
Like the rest, this certification is assessed by multiple choice (100 questions with a passmark of 80%). This certification is different to the rest because it relies more on programming and understanding the actual code. You really must speak C++, Python and understand compilers/ assemblers before taking this course. Here is a summary of the CEPT syllabus and modules that a student must complete to pass the certification. There are nine modules:
1. Penetration Testing Methodologies
2. Network Attacks
3. Network Recon
5. Reverse Engineering
6. Memory Corruption/Buffer Overflow Vulnerabilities
7. Exploit Creation – Windows Architecture
8. Exploit Creation – Linux/Unix Architecture
9. Web Application Vulnerabilities
It is quite a mammoth task to compare and outline 100% accurately all these courses, especially when you factor in bias and industry reputation. It is very easy for this discussion to enter a “is it worth it” angle – but instead we tried just to stay within an academic or better said, training dimension. We are interested in what you actually learn and what the syllabus contains.
In summary – and this is a real basic summary! – we think that CEH is widely known and for HR – it is fast becoming a check-box that helps to get that interview. CPTC and CPTE are similar in that they have a more consultancy and business role to them – which is great if you are already qualified but missing that business client-side to your resume. GIAC looks at penetration testing from a very methodical approach and Security+ is the all-round winner in due to its’ longevity and proof of concept with its’ solid syllabus.