CISSP is like studying law ... you have to swot a shitload of stuff while the practicals like GIAC or Offensive Security aim for a deep understanding of complex interaction and long term experience within hands-on security. Imho its easier to get ready for a governance position than a practical security engineer position.
@g milne well I don't think of CISSP as horseshit. What I said it's like study law. You have to get an understanding of a shitload of material (I mean the quantity by this term). While the other ones are practical and thus you have to get a deep understanding of the logical ongoings within IT systems. I see it as extensive vs. complex while none misses the other part. And each has its authorization.
I’ve got Net+, Sec+ and CySA+...passed all three exams first time I took them. Scheduled for CISSP in September! I have over 9 yrs of IT experience. I have several friends that have passed CISSP on the first try. They all say don’t answer the questions from a “technicians” point of view, answer them from a “Managers” point of view!
Exactly, look at the CISSP from an InfoSec manager's perspective, not an IT tech perspective. I passed on my 1st try at 100 questions with around 3 weeks of cram studying. Kelly Handerhan's "Why you will pass the CISSP" and Kirk and Spock CISSP TH-cam videos are a much watch for any prepping for the CISSP.
The major problem with this is, most companies have outdated hardware and security practices. and when you inform them that they are still using a decade old system, They respond with, we can not afford to update. But yet they want their company to depend on such security backbone systems. And not if, but when it breaks, guess what, youll be the one to blame. Most if not all of the pencil pushers dont know about networking, so to them they dont care. They just want it to work, they dont care how, but they also wont update the system to todays standards. So when you walk into a company and they are still using windows XP, and wont update, when they are still using 1980's hardware and wont update, when they tell you, "Just make it work".... There is only one thing to do, Walk out and never come back.... If companies want proper security, they are going to have to learn the hard way. Update your security system infrastructure or im out the door. plain and simple.
@@Ogzay202 www.google.com/amp/s/www.techrepublic.com/google-amp/article/its-2019-and-one-third-of-businesses-still-have-active-windows-xp-deployments/ they claim a 3rd of companies still have a few machines with xp on them. What people don't realize is things like oscilloscope's from 15 years ago are running on xp. ATM's and so on.
Wrong answer You will need to support the company and it's goals. There are many ways to deal with risk. Sometimes the cost is mitigating the risk is higher that the expected loss. I wouldn't walk out. If the pay was good enough, I would stay and help them better themselves in whatever way the company can. Defense in depth is a good way to look at it.
It does not matter which is tough, it matters which is most widely valued in the market, I personally think CISSP is the most valuable information security certification. I have seen many of my colleagues getting 40 to even 100 percent increase in their salaries after this beast certification!
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
OSCP is generally considered to be an entry level pentest qualification. It's very common to complete it with less than 1 yr of pen experience, there are tons of way harder exams around.
They should've said OSCE3 rather than OSCP or since OSCE3 technically consists of 3 exams they couldn't said one of them or even better, OSEE. Weird that they said OSCP as #2 hardest exam when Offsec has multiple more advanced ones that are supposed to stem from foundational knowledge within the OSCP.
There is a point in time where i just look at the cost to be called a "professional" vs my skill as "someone that can do stuff i guess" and realized that in the end it is not the difficulty that pushes many many people away it is the over all cost of becoming a "professional" and yet many many companies don't use "professionals" because it boils down to cost again. this is why cloud is winning and private servers is slowly becoming a thing of the past for many companies of all sizes.
You can clear CISM & All Network exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
You have a point. Automation in IT ...in the next 10 years is going to WIPE IT Operations off the map!!! Why ask a certified cisco guy to implement a command when you can automate using chef?
I just passed the CISSP on the first try - you must think, as he said, like management while having enough technical experience to know how that colors the responses. It was exhausting, but worth it. Deep prep and practice is a must.
Roger that, and congrats on your CISSP. I took the CISSP back in 2015 and up to that point, it was the hardest exam I ever took. I would say 90% of it was focused around the "management perspective" of Cybersecurity, but there were a lot of technical based questions, that if you didn't understand the configuration or system in question, you couldn't answer the management type question. Prior to taking my exam, I had been in Cybersecurity for approx 20 years by this point, got all the lower-tier certs in the field, but yes, the CISSP was tough, IMO. I took the 6-hour sit in a classroom being watched the entire time, exam. I have my OSCP as well, but this was def a more technical exam. Also, it wasn't that "tough" other than the 24 hour period you have to do all that you can do.
@@Mak100ish The CISM and the CISSP are similar in ways, but the CISM is def a more "management" type exam/questions. Both are excellent certs to have in Cybersecurity, but I've often read that the CISSP is more sought via automated CR/Resume searches. I have my CISSP, debating getting my CISM. Unsure it is really needed once you have one or the other. Good luck in your studies! Go get it!
It's not. All the CompTIA security certs are considered basic/rudimentary knowledge. Friends of mine working as pentesters have said OSCP is really just the beginning
Makes them money. To be fair, over time it’s become better, but it still doesn’t test technical competency. You can pass and not know how to secure RHEL.
@@for2utube Yes. I took the new 601 Sec+, which aspires a tad more toward covering more of the CISSP's said mileage than its 501 predecessor. It's more difficult, but it's still principally conceptual. It allows one to speak the language and grow within the industry accordingly. That said, it was not only my first CompTIA cert but my first IT-sec cert of any kind; and I passed it first attempt. However I did leverage studying a bit during the lockdowns of 2020...for 501; and then switched course in December 2020 for 601. This was and is advised against by most instructors for the exam. But, upon careful reflection, I didn't want to be an extra iteration of the exam behind come time to recert (especially given a variance of nearly 50% between the 501 and 601).
I did CISSP, read the book 3 times and took several courses failed first attempt and passed the second one, but these others look like real monsters. I did CISM after it and now studying CCSP. Hopefully I get a good job one day or eventually migrate to a proper country
@@francis2k488 Worked several years in a managed service provider which had several clients, so did so much diverse tasks I was able to get the experience requirement.
@@dieglhix, I get it now. I am in the same position as you(previously worked with an MSP for over 6 years). I currently work as a cyber security analyst and still do some GRC work. Thanks for sharing your experience. I am currently studying for the CISSP exam and hope to do CCSK alongside.
@@francis2k488 There is a very nice CISSP course here in TH-cam, it's called Skillset CISSP. It was made in 2016 but it's still pretty good aside from lack of GDPR stuff.
CISSP is not hard at all. It is just bulky. On case of CCIE, yes it is hard, but CCIE is all about netsec not sec itself. CyberOPS is not ready yet. Oscp is also hard, but OSCP is not the hardest cert given by OfSec. For sec specialist it is crucial to know linux and network on a very good level. I am not talking about vendors, i am talking about permissions, services, firewalls, protocols, how to attack, maybe some tools. It is also nice to have some knowledge on managerial aspects.
LORD NIGHTSHIELD I agree with this. There’s a bunch of stuff to learn in CISSP. Did you know for Instance flip-flops are found in Static RAM, capacitors in dynamic ?! 😜 but if you can remember junk like this then you’ll be fine
ross alexander I cannot imagine anyone failing CISSP due to not knowing that. 1/ low level question highly unlikely to come on exam. You are supposed to have a good understand of broad subjects, not be a specific expert in one field. 2/ if it comes (still unlikely) it would just be one missed question.
randomgeocacher I think you misunderstand me. I did not say you will fail if you don’t know that! I was demonstrating one insignificant little fact you learn as part of the CBK the point being there’s a heck of a lot of wide ranging knowledge to take in
(Edit: apparently some testing centers have changed format which efficient use of time/effort harder. Unfortunately.) How to pass CISSP and other many-questions style exams: 1. Know the subjects. 2. Complete all easy questions quick. 3. Revisit all hard questions (questions you didn’t understand etc) a couple of times. 4. Make a couple of safety checks, just double check everything. Now you are done, hours ahead and likely will succeed. I think there is a big myth about “the special nature” of CISSP questions promoted by authors of books/course/training exams. All of that weird mind tricks and hidden traps in the questions, I didn’t find any such crap in the actual exam. 90% were plain questions just checking if you knew the subject matter, and maybe 10% were hard in some manner (needed you to make an intelligent decision from the scenario presented). I didn’t find any question where once you understood it the answer wasn’t obvious. So it is a big exam on a huge subject matter, but there is imho nothing strange or hard about the questions.
Tony Martins hrrm, iirc it was their facility in Stockholm I took my certification many years ago. Makes you wonder if it is a change or if testing facilities differ per country.
The Community College at which I work is developing a Cyber Security program that will result in either a certificate or an Associates Degree in Cyber Security or Networking. The two will overlap significantly. By the time the student receives their Certificate or Associates Degrees which FOUR certifications should HOLD? I figure one certification test per semester is a good goal for most students. We have a Pearson Vue testing center on campus as well.
It's an interesting field, the problem with it that 100% protection from breaches is impossible and if management doesn't understand that simple principle when you DO suffer a large breach you're screwed. It's like a lot of IT jobs, you only get noticed when things go wrong, you don't get noticed for the 99% of things you keep right unless you have good managers.
Pretty much every day I’m waiting for “the big one” and know that in the end I’m just there to get blamed for getting pwned. Upside is we get paid really well, deal with the devil and all that.
@@Drum8888 the most important thing you need to make management understand is that with breaches it's not a question of "if" but rather a question of "when". You need to prepare for that "when" as best as you can so when it happens your systems and processes are prepared and you are able to react swiftly and minimize the damage.
CISSP exam was written by demented lawyers... A total mind f--- from beginning to end.. Studied my a-- off for 12 months and still struggled through it.
LOL quite true. I'd prepped for at least two years, was prepared for the most rigorous of difficulty, and instead was faced with "what is the *best*" options about word salad questions.
Question- honestly - is CISSP applicable (in a broad sense)outside of US? I would like to tackle it, but only if it is in demand abroad - specifically Latin America and non EU Eastern Europe? Debating…
This is an area of it were there really isn't a door open enough to put a foot in. A lot of companies don't care about the certifications, they care about time spent using them. There really isn't an entry-level to this market, and that can be frustrating. I'm currently learning that.
OSCP holder here. The exam is not a "massive virtual environment", the *course labs* are the massive labs, because they are meant to be a free range to experiment with a multitude of techniques. The exam lab is a small number of machines. I'm not sure if I'm allowed to disclose the exact number but I will say it's in the single digits.
Also, the proctoring includes not just your webcam, but screen-sharing software. This is because you are allowed to turn off your webcam when taking breaks, but the screen share is to make sure you aren't working on the lab after you said you were on break. The concern is that people have been cheating the OSCP by having someone more skilled stand over their shoulder and tell them what to do. The webcam is to make sure you are alone.
I had to get OSCP to get a job, so in the UK it's classed as an gateway cert. Then you need to sit through CREST exams to do certain work, and they are harder.
The CompTIA track is the least challenging and gives you rudimentary knowledge. EC-Council CEH is about on par with CompTIA Pentest+. Sure they require a little work but you're only starting out. You also should be very comfortable with Windows administration, Linux administration and networking and be learning shell scripting and Python...
As someone who has the OSCP and various Cisco certs, I would happen to agree you. That said, the 48 hour OSEP exam might be up there now although I get different opinions about that one too. The CCIE looks to be one of the toughest exams around.
Considering the following certifications: CISSP vs OSCP vs GPEN vs GIAC + GSEC + GCIA = GSE vs OSEE where would you personally rank each course in comparison to others?
OSCP is not their hardest cert. It is the entry level of the OffSec pen testing certs. Sure it's 24 hours but they have 2x 48hr cert exams and a 72hr one that requires attendance at a course during Black Hat in Vegas...
funny that you mention the OSCP as second hardest since its the entry level Offensive Security cert there are several specializations and more difficult levels beyond. OSCE OSEE ...
I was going to say the same but I figured that perhaps they classifed this as pentesting certs maybe? Who knows. But I think anyone in the OffSec world knows that OSEE is probably the hardest cert out there. 72 hours of Windows 32 and 64 bit exploitation. Wonder how many OSEEs there are in the world.
@@zephyfoxyTensho you are probably right. As far as I know, there are only a very few labs for OSEE (Blackhat have been booked out within seconds last year ^^)which is mandatory to get into the certification process. Therefore I guess there are only a few 100 holding this cert. I guess I will just ask them :)
he probably means 4 hardest mortals can achieve... why bother with god level certs. the thought of osce probably made him look away from that category to even mention it. i’ll be at the front door end of the year lined up to take my osce.
CISSP was the only exam when I started, I think my number was in hundreds back then and it was hard and done on paper with a very long turn around time to be graded. It also requires that the person show and document experience in the field - seems all that is gone now
All of ISC certs require docs from your employee in order to proove that you are into IT Sec on daily basis, even the easiest ones. For CISSP, you have to work in industry for 5 or 7 years(don't remember). You can though pass it much earlier but you will not get a certificate. My colleague passed CISSP and waited more than a year for cert in order to meet ISP requirements. If someone has a friend who already did something from ISC, he or she can invite you to ISC platform and it is also a chance to proove your it sec profession without providing docs from employee.
Thoughts on Security+? I have about two weeks left of it in my college course(workforce return to education offering) and I am already intimated to sit for the exam.
@@JerseyJeff84 so I just got back from the exam. I seriously thought I was going to fail because I just started studying hard this week. I was basically guessing (guess I'm a good guesser?), but it helped that I knew the performance based. I am happy to say I passed! Yay!
It's really not that hard man. I had no experience in IT and passed the first try. I'm not a genius or anything. I'm military and retrained into IT/Comm career field and the last portion on the school was you had to pass Security+ and only have 2 weeks to study/take/pass. Just give yourself time, take it seriously, and sit down and study, you'll be fine. Trust me.
Just passed the sec+ 601 exam. It was tough even when i have some skills in it sec from college and work. Think also the english language level was a factor of the difficult
Almost 10 years after passing and I still remember how annoying taking the CCIE Sec was. Totally worth it, but it SUCKED. You gotta embrace the suck to pass. :)
A majority of the GIAC guys I've seen were either Pen Testers for private/contract companies or (I was in the Army as a Cyber guy) all the Red Team guys had GIAC certs under their belts. So usually these cyber guys are on the offensive/grey hat/white hat side of the house...from my experience.
I don’t argue that CCIE security is hard as nails. But what is the value of it if you are not using Cisco’s security products? What if I am using products from Palo Alto, F5 and Microsoft to secure my company?
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
@@plogoo1 I'm at a cross roads. Just finished the course (on demand) but it took me 3 1/2 months to get through. Honestly don't think I can index books and take cert in the little remaining time 2 weeks I have left. Learned a valuable lesson though. Never take an on demand course with sans if you want to get the cert. Clock starts on day 1, not when you finish.
For those of us who want to start a career on IT, which certs are better? CompTIA, Cisco or Microsoft? I had to take a crash course on System Admin (very basic) in order to get a job and my trainer told me that Microsoft's certs have a better value today as most of IT services are moving to cloud so you can get networking or security certs that are related to that cloud environment. Any tips or advice will be greatly appreciated.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
@@winds1010 Pretty much the same, just better at Python and C++, marginally. Got a free pass for the first year thanks to Covid, won't be as lucky this year.
Can attest, I hold the CISSP and sat for the OSCP and after 22 hours straight, I couldn't crack the final box to pass. Hundreds of hours went into practicing on their VPN and still, couldn't pass it.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
@@cbtnuggets by the way John is not my real it's just a fake account that I made for privacy....... Other than this Thank you CBT Nuggets you guys are just awesome.... ❤️
So what career steps can you take while you are waiting for that 5-year experience to enter Cybersecurity? I'm studying for my A+ right now but I don't want to be on the helpdesk for more than 2 years. Are there any options outside of second-line support and system admin that I can aspire to while I gather the experience for the 5 years minimum exp?
@@forextradealgorithm1386 Hey. To be honest, I'm no longer looking to enter cybersecurity. I did 1 year in help desk and now I am in a NOC role and will probably try to land a role in devops in another year or so. But in my opinion, if you want to land a role in cybersecurity, it would help to have some networking fundamentals and some coding or scripting skills if you don't already.
@@j6873 ayy much appreciated for your input on this... Was currently studying for the CCNA then hopefully get into cyber security.... So hearing you say that bout networking makes me feel happy Good fortunes in your endeavours. And thank you once more.🙏
I have dozens of certs and the CASP was terrifying. You must be knowledgeable in several different areas that just aren’t normal. You get questions ranging from "what are the CLI commands to make this firewall do " to "what are the five things wrong with this HTML code". The study guide at the time didn't seem to help with the questions that I received on the exam. If you have a lot of general experience and are looking for a challenge, then give the CASP a try.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
CISM by ISACA is more management based then the CISSP. CISSP is a mix of technical and management but they drill into your head to "think like a manager" for the test. I found the CISSP to be easier than the CISM because the CISM was so boring to try to study for.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
OSCE, and yes, definitely harder than some of the ones listed here, but OffSec has so many high-level pentesting certs that they'd practically dominate the list, so I guess they wanted diversity?
I don't believe there is a certificate more difficult than CCIE, because CCIE is a combination of theory and practical, and practical means implementation and troubleshooting, and troubleshooting means you must be expert in every technology with hands-on, and the scope of the certification is quite big, you can pass CISSP in 4 months, but you need 2 years to pass CCIE. but there might be certificates much more worthy than CCIE
I did my CISSP back in 2010 I think, when they use to send out examiners instead of doing it online, I brought the Sybex book I think it was (remember Sybex books were so popular in the day) read that for 6 weeks then had a crack at it, after 4 hours walked out and though I had failed but I passed. It's a hell of an exam, but now it can be done online I am sure there are plenty of lab centers that don't have cameras on and allow people to cheat it like all the MSCE's etc. I found once in Shanghai when I did a MS cert the test center asked for my ID, but didn't care if I took in my bag, phone pen etc. Useless.
The CISSP isn't online... even during COVID - www.isc2.org/Notice/COVID-19-Response-Online-Exams# - You have to submit to multiple palm scans before you can start your test and after you finish your test to verify your identity....
I lost all my respect for CISSP, when I saw a fresh (less than 6 month) CISSP struggle to distinguish between the risk for confidentiality and integrity. And even after I tried to argue with him, would not understand it. Risk for C was low, risk for I was high. He argued, risk for C should also be high, because if someone get's the credentials and then logs into the application to alter the content, there would be high damage.
Roger that, your explanation makes sense. As a CISSP, I have to admit, I have worked with other CISSPs that I was like "WTF are you talking about?" You CAN have a low risk C and a high risk I for a system. Confidentiality primarily covers "if data were to get out, how would it affect the company/organization?" While Integrity deals with "if the data was changed, how would it affect the company/org?" There are many instances where you could have a LHH or LHM for your CIA classification. It all depends on the data you're protecting.
I am CISA , the most accepted and usefull , suggest to get it, rest is not much genaral accepted; Others; cobit 5 and iso/iec 27001 If u have my certificate can have big sallaries
Please how do l get the CISM? Is it through a 2 years associate degree in information systems technology/Cybersecurity or four years degree or just the certifications
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
Working in IT. What I cannot grasp with the IT Security industry is that security is a grass roots thing. Sure companies can hire amazing people who have worked in the industry for decades and have all the certs under the Sun. Its not them thats the problem. Its the the limitations of technology and the sheer ignorance of corporations. Bulliet proof security costs serious money and constant updated staff training from the top down. The end result is corperations just don't take it seriously. Even multi billion dollar corperations. So why make getting to security so damn difficult. Its just plain dumb. You need to open security roles up to the masses. Not make it a niech thing. Available only the select few.
@@edgarsanchez4339 your right there but we can aim for it. Grass roots training. Is a core requirement. It only takes one idiot working directly with or as part of a security project to wreck the whole thing and place a gaping hole in your corperations security.
@@williamevans6830 as Edgar said there's no such thing as bulletproof security. What you can do is put systems and processes in place to reduce the impact of a possible breach. In your example a solid least privileged policy can prevent one idiot from wrecking the whole thing.
@@mdo it's true. I just think as boring as it is everyone and I mean everyone who uses a PC needs to be forced to follow a good security briefing. Also I think people need to care more. So many organisations just don't. Then BOOM. They get hacked. Best security officer on the planet ain't gonna solve that. Grass roots security and a highly advanced understanding of good security polices is where its at.
@@williamevans6830 oh yeah, I totally agree with you. Security is not just one guy or department doing all the heavy lifting. All employees need to be aware of it, follow the guidelines and use some common sense. The reality is the human element is still the weakest link in most companies' cybersecurity and most data leaks are not achieved with complex zero-day exploits but with social engineering.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
Yeah I'm on the same boat because GIC certs are not that tough but they are very costly and for GSE you have to pass 3 certs so that's why there is very few people who hold GSE
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
How can you "prepare" for that last exam? You're gonna have a different experience based on who they match you up against. U may face a hacking genius and fail to get the cert.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
CCIE takes a lot of real-world experience, and you'd have to first get CCNA Security and CCNP Security before even thinking of CCIE. It's a very long journey to CCIE.
Hi Tanvir, getting hands-on training with specific security tools can be helpful, as can Virtual Lab experiences. Here’s a list of some good tools to learn: - 5 Security Tools for a New IT Pro www.cbtnuggets.com/blog/certifications/security/5-security-tools-for-a-new-it-pro - Security+ (SY0-601) training for the concepts www.cbtnuggets.com/it-training/comptia/security-plus - PenTest+ course for lots of virtual labs www.cbtnuggets.com/it-training/comptia/pentest-plus
Comparing these three certs with CCIE is absurd. You have to gain knowledge of 4-6 months CCNA then 5-6 months CCNP, and after a months/years to pass a CCIE which exam cost 1600 eur plus travel cost going to Europe - Brussels and taking 8h exam with slim chance of passing. Comparing OSCP you need ~3 months to pass. CISSP you can buy dumps and pass it. GIAC ~ 4months.
It's almost impossible to dump a CISSP cert, the more questions you get correct the harder the questions become and most of them will not be in the practice guides, plus the audit you at random every year and if they even suspect that you tried to dump the exam they will pull it from you. The man in the video also left out in regards to the GIAC Security Expert Cert is that you must have at least 1300 white papers published and I believe there are only 9 people on the entire planet who have actually passed that certification.
I don’t care how many certs you have. They all depend on where you want to be in security. I, myself am a pen tester that specializes in VM and Threat. I also write entire security programs from scratch. So a CISSP and a OSCP will benefit me more with a sprinkle of CISM and CRISC. Security at the end of the day is purely about risk. That is what separates us from IT. We just use technology to do our jobs. And yes I have all 4 of those certs.
With Gsec, Gcih, Gcia I still wouldnt feel anywhere near to Gse, thats why people have 8 or more Giac certs before even attempting that, and must revise those certs for maybe a yr or 2 also...
Great content! Now I know which certificates I should go for initially and then move on to the tougher ones. A small doubt though, I have recently taken up a ISP course at EC Council University out of passion and interest but now I am clueless on what course or project to take next to have a career in cyber security. Could you help me decode this? Thanks!
Hi, Ria! Many will try to gain experience in pentest, which the EC-Council and CompTIA have good certifications for. Another is CISSP, which is always a slam dunk for an applicant to have. The key is to continue to grow and never stop learning. Some will focus on cloud security and do the AWS or Azure security track. Or security vendors such as Palo Alto, Check Point, or Cisco. There are so many options and areas of focus, we recommend reaching out to communities with veterans in the industry to learn more about each path. Hope that helps!
Oh Man CISSP... we really need some CBT lessons on that one especially for the new CAT exam since the ajustement made in April 2018. I know skilled security peoples who failed in the new CAT exam, and I know peoples who got it as their first IT certification ever and on their first try without being skilled in security. Something is wrong with it... it really scares me, it’s like a gambling certification, any advices please?
Passed but honestly thought I had failed going thru the exam and reaching question 150. I was so relieved reading “Congratulations” on that printout. Kelly Handerhan’s course on Cybrary is a must to complement your study material!
OSCP is from Offensive Security, you go there to take that cert. But you can't just take it, you must complete the Penetration Testing with Kali Linux course first.
1. GSE / GIAC Security Expert 2:40
2. OSCP 2:08
3. CCIE Security 1:35
4. CISSP 0:40
You should bring that guy on more often.
Who is he ? He was pretty good
@@kfc5201314able That's Asher from the Learning Content team. You'll definitely see more from him here.
Sir he sounds like you 👌🏻 #NetworkChuck
hahah what year was this shot?
Body language is same like NetworkChuck
CISSP
CCIE Security
OSCP
GIAC Security Expert
CISSP is like studying law ... you have to swot a shitload of stuff while the practicals like GIAC or Offensive Security aim for a deep understanding of complex interaction and long term experience within hands-on security. Imho its easier to get ready for a governance position than a practical security engineer position.
@g milne well I don't think of CISSP as horseshit. What I said it's like study law. You have to get an understanding of a shitload of material (I mean the quantity by this term). While the other ones are practical and thus you have to get a deep understanding of the logical ongoings within IT systems. I see it as extensive vs. complex while none misses the other part. And each has its authorization.
If OSCP is in the TOP 4 then what is OSEE?
@@tserpthan5251 I dunno dude... Wtf was this... why is cissp difficult??!?!
@@Daiphiron Governing is easy. You just do whatever the corporate overlords tell you.
Love it! Way to go Asher and team CBT! Proud to be part of the team.
Hey Keith, how's it going?
Keith is the man...I have watched numerous Security videos created by Keith and I just started CCNA Security
2 inches deep and a mile wide .
Master Barker!!! We are not worthy, we are not worthy!
I just like the way he laughs 😃
I’ve got Net+, Sec+ and CySA+...passed all three exams first time I took them. Scheduled for CISSP in September! I have over 9 yrs of IT experience. I have several friends that have passed CISSP on the first try. They all say don’t answer the questions from a “technicians” point of view, answer them from a “Managers” point of view!
Good luck, sec+ and cysa+ are pretty decent prep exams for CISSP
I didn't pass my sec+ pass but I came close to it. How many years of experience did you have when you took it?
Exactly, look at the CISSP from an InfoSec manager's perspective, not an IT tech perspective. I passed on my 1st try at 100 questions with around 3 weeks of cram studying. Kelly Handerhan's "Why you will pass the CISSP" and Kirk and Spock CISSP TH-cam videos are a much watch for any prepping for the CISSP.
so what is your payin dollars
@@thelonewanderer6146 1 year and about 2-3weeks of book work.
The major problem with this is, most companies have outdated hardware and security practices. and when you inform them that they are still using a decade old system,
They respond with, we can not afford to update. But yet they want their company to depend on such security backbone systems.
And not if, but when it breaks, guess what, youll be the one to blame. Most if not all of the pencil pushers dont know about networking, so to them they dont care.
They just want it to work, they dont care how, but they also wont update the system to todays standards.
So when you walk into a company and they are still using windows XP, and wont update, when they are still using 1980's hardware and wont update,
when they tell you, "Just make it work".... There is only one thing to do, Walk out and never come back....
If companies want proper security, they are going to have to learn the hard way. Update your security system infrastructure or im out the door. plain and simple.
Great Post
TwstedTV whet the hell have you worked that they still use XP?
@@Ogzay202 gs.statcounter.com/os-version-market-share/windows/desktop/worldwide Windows XP is used 5x more than win Vista still.
@@Ogzay202 www.google.com/amp/s/www.techrepublic.com/google-amp/article/its-2019-and-one-third-of-businesses-still-have-active-windows-xp-deployments/ they claim a 3rd of companies still have a few machines with xp on them. What people don't realize is things like oscilloscope's from 15 years ago are running on xp. ATM's and so on.
Wrong answer
You will need to support the company and it's goals. There are many ways to deal with risk.
Sometimes the cost is mitigating the risk is higher that the expected loss. I wouldn't walk out. If the pay was good enough, I would stay and help them better themselves in whatever way the company can.
Defense in depth is a good way to look at it.
Challenge Accepted!
EDIT: nvm, not doing this
lmao mood!
It does not matter which is tough, it matters which is most widely valued in the market, I personally think CISSP is the most valuable information security certification. I have seen many of my colleagues getting 40 to even 100 percent increase in their salaries after this beast certification!
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
OSCP is generally considered to be an entry level pentest qualification.
It's very common to complete it with less than 1 yr of pen experience, there are tons of way harder exams around.
They should've said OSCE3 rather than OSCP or since OSCE3 technically consists of 3 exams they couldn't said one of them or even better, OSEE. Weird that they said OSCP as #2 hardest exam when Offsec has multiple more advanced ones that are supposed to stem from foundational knowledge within the OSCP.
So you're telling me there's a chance? 😅
They should have a certification where you sit around playing Runescape all day
Offensive Security Certified Runescape Player - OSCRP? Lol
There is a point in time where i just look at the cost to be called a "professional" vs my skill as "someone that can do stuff i guess" and realized that in the end it is not the difficulty that pushes many many people away it is the over all cost of becoming a "professional" and yet many many companies don't use "professionals" because it boils down to cost again. this is why cloud is winning and private servers is slowly becoming a thing of the past for many companies of all sizes.
You can clear CISM & All Network exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
You have a point. Automation in IT ...in the next 10 years is going to WIPE IT Operations off the map!!! Why ask a certified cisco guy to implement a command when you can automate using chef?
@@senju2024 man what can you automata if you have no idea how it works in the first place
CISSP as an adaptive exam was very difficult. It was deeper than I expected.
I just passed the CISSP on the first try - you must think, as he said, like management while having enough technical experience to know how that colors the responses. It was exhausting, but worth it. Deep prep and practice is a must.
Roger that, and congrats on your CISSP. I took the CISSP back in 2015 and up to that point, it was the hardest exam I ever took. I would say 90% of it was focused around the "management perspective" of Cybersecurity, but there were a lot of technical based questions, that if you didn't understand the configuration or system in question, you couldn't answer the management type question. Prior to taking my exam, I had been in Cybersecurity for approx 20 years by this point, got all the lower-tier certs in the field, but yes, the CISSP was tough, IMO. I took the 6-hour sit in a classroom being watched the entire time, exam.
I have my OSCP as well, but this was def a more technical exam. Also, it wasn't that "tough" other than the 24 hour period you have to do all that you can do.
I have my CISSP and I badly want to get the GSE someday! That is my next big goal after I finish my Doctorate.
I am planning on taking CISM. Seems pretty difficult though
@@Mak100ish The CISM and the CISSP are similar in ways, but the CISM is def a more "management" type exam/questions. Both are excellent certs to have in Cybersecurity, but I've often read that the CISSP is more sought via automated CR/Resume searches.
I have my CISSP, debating getting my CISM. Unsure it is really needed once you have one or the other.
Good luck in your studies! Go get it!
@@Paddy_PI Thanks Patrick :) I am doing TOGAF right now. Think its nice to have the architecture knowledge as well 😂
@@Mak100ish That's great brother! Just keep on doing it! Any knowledge gained is always good. Good luck in the future!
And I though Comptia Security+ was hard...
It's not. All the CompTIA security certs are considered basic/rudimentary knowledge. Friends of mine working as pentesters have said OSCP is really just the beginning
haha welcome
Makes them money. To be fair, over time it’s become better, but it still doesn’t test technical competency. You can pass and not know how to secure RHEL.
Lmao fr (agreeing w you)
@@for2utube Yes. I took the new 601 Sec+, which aspires a tad more toward covering more of the CISSP's said mileage than its 501 predecessor. It's more difficult, but it's still principally conceptual. It allows one to speak the language and grow within the industry accordingly.
That said, it was not only my first CompTIA cert but my first IT-sec cert of any kind; and I passed it first attempt. However I did leverage studying a bit during the lockdowns of 2020...for 501; and then switched course in December 2020 for 601. This was and is advised against by most instructors for the exam. But, upon careful reflection, I didn't want to be an extra iteration of the exam behind come time to recert (especially given a variance of nearly 50% between the 501 and 601).
I did CISSP, read the book 3 times and took several courses failed first attempt and passed the second one, but these others look like real monsters. I did CISM after it and now studying CCSP. Hopefully I get a good job one day or eventually migrate to a proper country
How did you claim the job experience requirement for CISSP?
@@francis2k488 Worked several years in a managed service provider which had several clients, so did so much diverse tasks I was able to get the experience requirement.
@@dieglhix, I get it now. I am in the same position as you(previously worked with an MSP for over 6 years). I currently work as a cyber security analyst and still do some GRC work.
Thanks for sharing your experience. I am currently studying for the CISSP exam and hope to do CCSK alongside.
@@francis2k488 There is a very nice CISSP course here in TH-cam, it's called Skillset CISSP. It was made in 2016 but it's still pretty good aside from lack of GDPR stuff.
CISSP is the most sought after cert and most difficult in my opinion. And please make no mistake it's technical as well
Can you please kindly make a video on IT certifications based on courses for beginners, intermediate and advanced level.
Thank You.
The main difference with CISSP and the rest is that they are more technical / hands-on.
OSCP isn’t even the most difficult cert offered by OffSec.
Osce?
tejas zarekar Yes, and OSEE.
Lol there’s now the OSEP
@@tejaszarekar9145 Lol there’s now the OSEP
@@younesmohssen8158 Theres also now the OSHIT. Where the exam includes material that was never discussed in the prep course.
CISSP is not hard at all. It is just bulky. On case of CCIE, yes it is hard, but CCIE is all about netsec not sec itself. CyberOPS is not ready yet. Oscp is also hard, but OSCP is not the hardest cert given by OfSec. For sec specialist it is crucial to know linux and network on a very good level. I am not talking about vendors, i am talking about permissions, services, firewalls, protocols, how to attack, maybe some tools. It is also nice to have some knowledge on managerial aspects.
Thanks
Thanks for that info 👌🏼
LORD NIGHTSHIELD I agree with this. There’s a bunch of stuff to learn in CISSP. Did you know for Instance flip-flops are found in Static RAM, capacitors in dynamic ?! 😜 but if you can remember junk like this then you’ll be fine
ross alexander I cannot imagine anyone failing CISSP due to not knowing that.
1/ low level question highly unlikely to come on exam. You are supposed to have a good understand of broad subjects, not be a specific expert in one field.
2/ if it comes (still unlikely) it would just be one missed question.
randomgeocacher I think you misunderstand me. I did not say you will fail if you don’t know that! I was demonstrating one insignificant little fact you learn as part of the CBK the point being there’s a heck of a lot of wide ranging knowledge to take in
I have the CISSP, CCISO, Sec +. Next certs for me are ISSAP, and CCSP.
Is u got any job ?
(Edit: apparently some testing centers have changed format which efficient use of time/effort harder. Unfortunately.)
How to pass CISSP and other many-questions style exams: 1. Know the subjects. 2. Complete all easy questions quick. 3. Revisit all hard questions (questions you didn’t understand etc) a couple of times. 4. Make a couple of safety checks, just double check everything. Now you are done, hours ahead and likely will succeed. I think there is a big myth about “the special nature” of CISSP questions promoted by authors of books/course/training exams.
All of that weird mind tricks and hidden traps in the questions, I didn’t find any such crap in the actual exam. 90% were plain questions just checking if you knew the subject matter, and maybe 10% were hard in some manner (needed you to make an intelligent decision from the scenario presented).
I didn’t find any question where once you understood it the answer wasn’t obvious.
So it is a big exam on a huge subject matter, but there is imho nothing strange or hard about the questions.
Tony Martins You must certainly could when I took it a couple of years ago.
randomgeocacher Took it in December and you couldn’t.
Tony Martins that sucks. Which testing center was that?
randomgeocacher Pearson Vue. Washington DC.
Tony Martins hrrm, iirc it was their facility in Stockholm I took my certification many years ago. Makes you wonder if it is a change or if testing facilities differ per country.
The Community College at which I work is developing a Cyber Security program that will result in either a certificate or an Associates Degree in Cyber Security or Networking. The two will overlap significantly. By the time the student receives their Certificate or Associates Degrees which FOUR certifications should HOLD? I figure one certification test per semester is a good goal for most students. We have a Pearson Vue testing center on campus as well.
and companies want people to work in Cyber Security.
It's an interesting field, the problem with it that 100% protection from breaches is impossible and if management doesn't understand that simple principle when you DO suffer a large breach you're screwed. It's like a lot of IT jobs, you only get noticed when things go wrong, you don't get noticed for the 99% of things you keep right unless you have good managers.
Pretty much every day I’m waiting for “the big one” and know that in the end I’m just there to get blamed for getting pwned. Upside is we get paid really well, deal with the devil and all that.
@@c1ph3rpunk new and creative bullshit to prevent the unavoidable....
@@Drum8888 the most important thing you need to make management understand is that with breaches it's not a question of "if" but rather a question of "when". You need to prepare for that "when" as best as you can so when it happens your systems and processes are prepared and you are able to react swiftly and minimize the damage.
@@Drum8888 100% only get noticed when things go wrong. If everything is going OK it's like they dont even know we exist.
CISSP exam was written by demented lawyers... A total mind f--- from beginning to end.. Studied my a-- off for 12 months and still struggled through it.
LOL quite true. I'd prepped for at least two years, was prepared for the most rigorous of difficulty, and instead was faced with "what is the *best*" options about word salad questions.
haha same here. Took me 2X
Question- honestly - is CISSP applicable (in a broad sense)outside of US? I would like to tackle it, but only if it is in demand abroad - specifically Latin America and non EU Eastern Europe? Debating…
This is an area of it were there really isn't a door open enough to put a foot in. A lot of companies don't care about the certifications, they care about time spent using them. There really isn't an entry-level to this market, and that can be frustrating. I'm currently learning that.
This gives immense boost ....that's to the powerful orator on screen...
Good thing I saw this before enrolling in a 45k university
OSCP holder here. The exam is not a "massive virtual environment", the *course labs* are the massive labs, because they are meant to be a free range to experiment with a multitude of techniques. The exam lab is a small number of machines. I'm not sure if I'm allowed to disclose the exact number but I will say it's in the single digits.
Also, the proctoring includes not just your webcam, but screen-sharing software. This is because you are allowed to turn off your webcam when taking breaks, but the screen share is to make sure you aren't working on the lab after you said you were on break. The concern is that people have been cheating the OSCP by having someone more skilled stand over their shoulder and tell them what to do. The webcam is to make sure you are alone.
I had to get OSCP to get a job, so in the UK it's classed as an gateway cert. Then you need to sit through CREST exams to do certain work, and they are harder.
So, if it's a gateway cert in the UK, does it not belong on this list?
@@davidadams2395 I think his point is CREST exams are even harder.
The CISSP has been updated, the newest version isn't just a manager's view; it's a lot more technical than expected.
We need a list of the easiest lol
The CompTIA track is the least challenging and gives you rudimentary knowledge. EC-Council CEH is about on par with CompTIA Pentest+.
Sure they require a little work but you're only starting out. You also should be very comfortable with Windows administration, Linux administration and networking and be learning shell scripting and Python...
CEH is probably the easiest to crack without the lab ... Along with security +
There's the CIW web security exam which is really easy, from my experience i would say CIW -> CompTIA -> EC-Council
Big ups to the presenter, nicely answered
I would definitely argue that CCIE Security is much more difficult than OSCP, both in time commitment and exam difficulty.
As someone who has the OSCP and various Cisco certs, I would happen to agree you. That said, the 48 hour OSEP exam might be up there now although I get different opinions about that one too. The CCIE looks to be one of the toughest exams around.
Considering the following certifications:
CISSP vs OSCP vs GPEN vs GIAC + GSEC + GCIA = GSE vs OSEE
where would you personally rank each course in comparison to others?
?
OSCP is not their hardest cert. It is the entry level of the OffSec pen testing certs. Sure it's 24 hours but they have 2x 48hr cert exams and a 72hr one that requires attendance at a course during Black Hat in Vegas...
funny that you mention the OSCP as second hardest since its the entry level Offensive Security cert there are several specializations and more difficult levels beyond. OSCE OSEE ...
I was going to say the same but I figured that perhaps they classifed this as pentesting certs maybe? Who knows. But I think anyone in the OffSec world knows that OSEE is probably the hardest cert out there. 72 hours of Windows 32 and 64 bit exploitation. Wonder how many OSEEs there are in the world.
@@zephyfoxyTensho you are probably right. As far as I know, there are only a very few labs for OSEE (Blackhat have been booked out within seconds last year ^^)which is mandatory to get into the certification process. Therefore I guess there are only a few 100 holding this cert. I guess I will just ask them :)
he probably means 4 hardest mortals can achieve... why bother with god level certs. the thought of osce probably made him look away from that category to even mention it. i’ll be at the front door end of the year lined up to take my osce.
entry level != entry Offensive Sec
@@joselima9398 osce isn't that hard ...i mean it is way beyong most of the course but it's not really that hard...
CISSP was the only exam when I started, I think my number was in hundreds back then and it was hard and done on paper with a very long turn around time to be graded. It also requires that the person show and document experience in the field - seems all that is gone now
All of ISC certs require docs from your employee in order to proove that you are into IT Sec on daily basis, even the easiest ones.
For CISSP, you have to work in industry for 5 or 7 years(don't remember). You can though pass it much earlier but you will not get a certificate.
My colleague passed CISSP and waited more than a year for cert in order to meet ISP requirements.
If someone has a friend who already did something from ISC, he or she can invite you to ISC platform and it is also a chance to proove your it sec profession without providing docs from employee.
I remember those good old days.
Thoughts on Security+? I have about two weeks left of it in my college course(workforce return to education offering) and I am already intimated to sit for the exam.
Dont be nervous. Its "difficult" but you'll look back at it and think it was ridiculously easy lol it's all subjective.
I just started studying this week because I had gotten sick and my mind wasn't so the. Have the exam this week and I'm scared I'm going to fail. 😔
@@erikavilla5994 Can you reschedule your exam? I know you can go into PearsonVue and change it as late as 24 hrs prior. Give yourself more time.
@@JerseyJeff84 so I just got back from the exam. I seriously thought I was going to fail because I just started studying hard this week. I was basically guessing (guess I'm a good guesser?), but it helped that I knew the performance based. I am happy to say I passed! Yay!
It's really not that hard man. I had no experience in IT and passed the first try. I'm not a genius or anything. I'm military and retrained into IT/Comm career field and the last portion on the school was you had to pass Security+ and only have 2 weeks to study/take/pass. Just give yourself time, take it seriously, and sit down and study, you'll be fine. Trust me.
Just passed the sec+ 601 exam. It was tough even when i have some skills in it sec from college and work. Think also the english language level was a factor of the difficult
Congratulations! Keep up the awesome work.
Congrats!
Almost 10 years after passing and I still remember how annoying taking the CCIE Sec was. Totally worth it, but it SUCKED. You gotta embrace the suck to pass. :)
What work do people having GIAC certification do?are the pen testers?
A majority of the GIAC guys I've seen were either Pen Testers for private/contract companies or (I was in the Army as a Cyber guy) all the Red Team guys had GIAC certs under their belts.
So usually these cyber guys are on the offensive/grey hat/white hat side of the house...from my experience.
I don’t argue that CCIE security is hard as nails. But what is the value of it if you are not using Cisco’s security products? What if I am using products from Palo Alto, F5 and Microsoft to secure my company?
I got the (GIAC Security Expert) GSE. I got the OSCP too. None of my other plethora of of carts came anywhere close.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
U do the gxpn?
@@nahnahson yea took the class but didn’t take the test. Tough class though .learned a lot
@@plogoo1 I'm at a cross roads. Just finished the course (on demand) but it took me 3 1/2 months to get through. Honestly don't think I can index books and take cert in the little remaining time 2 weeks I have left.
Learned a valuable lesson though. Never take an on demand course with sans if you want to get the cert. Clock starts on day 1, not when you finish.
@@nahnahson if you have the cert attemp, don't waste it though.
For those of us who want to start a career on IT, which certs are better? CompTIA, Cisco or Microsoft? I had to take a crash course on System Admin (very basic) in order to get a job and my trainer told me that Microsoft's certs have a better value today as most of IT services are moving to cloud so you can get networking or security certs that are related to that cloud environment. Any tips or advice will be greatly appreciated.
Hello, how has you cloud career went until now? Which certs have you got? 😊
What's wrong with a master in informatics (from a university)?
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
What have I done. I've started a Cyber Secuirty degree with foundation C maths and only experience in Visual Basic, a little in C# and Python.
You got this. It's not that hard.
we're rooting for ya
How are you doing now?
@@winds1010 Pretty much the same, just better at Python and C++, marginally. Got a free pass for the first year thanks to Covid, won't be as lucky this year.
@@Pond721 Alright man, im rooting for you!
What about CISM and CISA?
OSCP exam was too easy!!! Dont let this 24 hour exam intimidate you! AWAE is a lot harder !
Can attest, I hold the CISSP and sat for the OSCP and after 22 hours straight, I couldn't crack the final box to pass. Hundreds of hours went into practicing on their VPN and still, couldn't pass it.
Just try harder.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
Going for OSCP at 17.... Let's nail it
You got this, John!
@@cbtnuggets by the way John is not my real it's just a fake account that I made for privacy....... Other than this Thank you CBT Nuggets you guys are just awesome.... ❤️
@@cbtnuggets just came back here to tell you guys today that now I am officially OSCP certified at 17 *
@@JohnDoe-sm7vw Congratulations! What an accomplishment. You should be so proud of yourself! Well done, and thank you for learning with us.
Should i start on cissp to begin my security career? Or start on security+?
Security + what you learn there will help you with cissp and the sec + is cheaper.
@@noobsarecool101 thanks. I wanna start my career in the security field
+1 for noobsarecool101’s comment. Sec+ is a great intro for CISSP
Gotcha. I start there
Personally I did Security+, then Certified Ethical Hacker, then OSCP, but that's because I'm leaning more towards pentesting than just security.
So what career steps can you take while you are waiting for that 5-year experience to enter Cybersecurity? I'm studying for my A+ right now but I don't want to be on the helpdesk for more than 2 years. Are there any options outside of second-line support and system admin that I can aspire to while I gather the experience for the 5 years minimum exp?
Hey man... Looking to break into this cyber security space....
How's it going for you if you don't mind me asking?
Any advice as well... Thank you.
@@forextradealgorithm1386 Hey. To be honest, I'm no longer looking to enter cybersecurity. I did 1 year in help desk and now I am in a NOC role and will probably try to land a role in devops in another year or so. But in my opinion, if you want to land a role in cybersecurity, it would help to have some networking fundamentals and some coding or scripting skills if you don't already.
@@j6873 ayy much appreciated for your input on this... Was currently studying for the CCNA then hopefully get into cyber security.... So hearing you say that bout networking makes me feel happy
Good fortunes in your endeavours.
And thank you once more.🙏
Unfortunately, companies seldomly pay appropriately for the level of commitment of these certs.
Really good video. I was expecting you to sell your training and only mention CISSP, Cisco and firewall certs, but this is a very good set of certs.
I got CISSP and OSCP.... Which shall I try next?
but i want to CISA is it marketable?
I'm studying PWK at the moment. Then I'm going to cissp. Im a good hacker but I think you need to know how to hack before you know how to mitigate.
What is the CASP difficulty level?
CISM , Assured pass guidance for 1st attempt pass is been given. Please mail me rrkatheer@gmail.com if you are serious.
I have dozens of certs and the CASP was terrifying. You must be knowledgeable in several different areas that just aren’t normal. You get questions ranging from "what are the CLI commands to make this firewall do " to "what are the five things wrong with this HTML code". The study guide at the time didn't seem to help with the questions that I received on the exam. If you have a lot of general experience and are looking for a challenge, then give the CASP a try.
Not stand up for 24 hours? LETS GO!!!!!
OSWE of offensive security is 48h exam where you need to reverse engineer many machines and root them. Harder than OSCP for sure.
Yup!
isn't OSEE harder than OSCP?
What do you think about Mile2 Certifications?
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
Isn’t CISSM the management one? Or did i misunderstand you?
CISM by ISACA is more management based then the CISSP. CISSP is a mix of technical and management but they drill into your head to "think like a manager" for the test. I found the CISSP to be easier than the CISM because the CISM was so boring to try to study for.
CISM , Assured pass guidance for 1st attempt pass is been given. Please mail me rrkatheer@gmail.com if you are serious.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
What about the offensive security exploit writing cert?
OSCE, and yes, definitely harder than some of the ones listed here, but OffSec has so many high-level pentesting certs that they'd practically dominate the list, so I guess they wanted diversity?
I don't believe there is a certificate more difficult than CCIE, because CCIE is a combination of theory and practical, and practical means implementation and troubleshooting, and troubleshooting means you must be expert in every technology with hands-on, and the scope of the certification is quite big, you can pass CISSP in 4 months, but you need 2 years to pass CCIE.
but there might be certificates much more worthy than CCIE
I did my CISSP back in 2010 I think, when they use to send out examiners instead of doing it online, I brought the Sybex book I think it was (remember Sybex books were so popular in the day) read that for 6 weeks then had a crack at it, after 4 hours walked out and though I had failed but I passed. It's a hell of an exam, but now it can be done online I am sure there are plenty of lab centers that don't have cameras on and allow people to cheat it like all the MSCE's etc. I found once in Shanghai when I did a MS cert the test center asked for my ID, but didn't care if I took in my bag, phone pen etc. Useless.
Don’t think that happens anymore. They’re heavily controlled (but I could be wrong about some regions)
The CISSP isn't online... even during COVID - www.isc2.org/Notice/COVID-19-Response-Online-Exams# - You have to submit to multiple palm scans before you can start your test and after you finish your test to verify your identity....
Pearson testing centers are strict and heavily controlled. Took an exam weeks ago and they check and restict down to detail
All of this cert, is it really worth it to take?
I lost all my respect for CISSP, when I saw a fresh (less than 6 month) CISSP struggle to distinguish between the risk for confidentiality and integrity. And even after I tried to argue with him, would not understand it. Risk for C was low, risk for I was high. He argued, risk for C should also be high, because if someone get's the credentials and then logs into the application to alter the content, there would be high damage.
Roger that, your explanation makes sense. As a CISSP, I have to admit, I have worked with other CISSPs that I was like "WTF are you talking about?" You CAN have a low risk C and a high risk I for a system. Confidentiality primarily covers "if data were to get out, how would it affect the company/organization?" While Integrity deals with "if the data was changed, how would it affect the company/org?" There are many instances where you could have a LHH or LHM for your CIA classification. It all depends on the data you're protecting.
You should have asked that CISSP, then why the biggest bug Bounty platform in Europe have named themselves as Intigriti instead of confidentiality. 😁
OSCE > CCIE Security > OSCP > GXPN
I am CISA , the most accepted and usefull , suggest to get it, rest is not much genaral accepted;
Others; cobit 5 and iso/iec 27001
If u have my certificate can have big sallaries
Please how do l get the CISM? Is it through a 2 years associate degree in information systems technology/Cybersecurity or four years degree or just the certifications
CISA not CISM
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
Where is OSEE?? 72hs exam! Or Corelan Exploit development course?
Working in IT. What I cannot grasp with the IT Security industry is that security is a grass roots thing. Sure companies can hire amazing people who have worked in the industry for decades and have all the certs under the Sun. Its not them thats the problem. Its the the limitations of technology and the sheer ignorance of corporations. Bulliet proof security costs serious money and constant updated staff training from the top down. The end result is corperations just don't take it seriously. Even multi billion dollar corperations. So why make getting to security so damn difficult. Its just plain dumb. You need to open security roles up to the masses. Not make it a niech thing. Available only the select few.
William Evans bullet proof security? That does not exist in the real world my friend.
@@edgarsanchez4339 your right there but we can aim for it. Grass roots training. Is a core requirement. It only takes one idiot working directly with or as part of a security project to wreck the whole thing and place a gaping hole in your corperations security.
@@williamevans6830 as Edgar said there's no such thing as bulletproof security. What you can do is put systems and processes in place to reduce the impact of a possible breach. In your example a solid least privileged policy can prevent one idiot from wrecking the whole thing.
@@mdo it's true. I just think as boring as it is everyone and I mean everyone who uses a PC needs to be forced to follow a good security briefing. Also I think people need to care more. So many organisations just don't. Then BOOM. They get hacked. Best security officer on the planet ain't gonna solve that. Grass roots security and a highly advanced understanding of good security polices is where its at.
@@williamevans6830 oh yeah, I totally agree with you. Security is not just one guy or department doing all the heavy lifting. All employees need to be aware of it, follow the guidelines and use some common sense. The reality is the human element is still the weakest link in most companies' cybersecurity and most data leaks are not achieved with complex zero-day exploits but with social engineering.
I’ve watched this 8 times over 2 yea and I still don’t know what I want to do. 😂
#GSE holder here. yes its hard but this list isnt right. #OSEE and #OSWE should be in this list.
Dude is legit I checked. Well done!
how old are you bro?
Which is enough experience?
Thank you for the video. Very useful!! Keep up the great quality! --Sage
Glad it was helpful, thank you Sage!
CISM , Assured pass guidance for 1st attempt pass is been given. Please mail me rrkatheer@gmail.com if you are serious.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
Holy moly you have to be god tier to get the GSE
I work with two people who have it
oscp should've got #1
Yeah I'm on the same boat because GIC certs are not that tough but they are very costly and for GSE you have to pass 3 certs so that's why there is very few people who hold GSE
If you compare GPEN vs OSCP GPEN is theorical exam while OSCP is fully practical based and needs additional research to crack the exam
Agreed
Among these, yes, but if I was going to rank #1 hardest of all time, it's probably the OSEE.
I love his presentation
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
come on .. am preparing now for security + >>> u just gave me a bad waves LOOL
I love this video!!!!
There are only 228 GsE in the world. Coz its so damn expensive hahahaha 2:45
I was thinking much the same thing. I'm on my 2nd SANS course and it's only cost nearly $15K so far...
Can you still say the same in 2023? Any updates or still these ones in the same rank?
Wow first comment convinced me you know what you're talking about. There REALLY isn't an entry level position for this.
How can you "prepare" for that last exam? You're gonna have a different experience based on who they match you up against. U may face a hacking genius and fail to get the cert.
You can clear CISM exam in first attempt at reasonable fees. Please drop mail with contact details to know more details. if you are serious of clearing exam. Mail to kworksindia@gmail.com
Asher - i wud think the OSEE and GSE rank the same wudnt u agree ??
Is it feasible to gain CCIE? I mean, how hard will it be to get employed anywhere. You're salary will be through the roof for most employers
CCIE takes a lot of real-world experience, and you'd have to first get CCNA Security and CCNP Security before even thinking of CCIE. It's a very long journey to CCIE.
Can anyone advise how can I get hands on experience on IT security without having the full time job on that.
Hi Tanvir, getting hands-on training with specific security tools can be helpful, as can Virtual Lab experiences. Here’s a list of some good tools to learn:
- 5 Security Tools for a New IT Pro
www.cbtnuggets.com/blog/certifications/security/5-security-tools-for-a-new-it-pro
- Security+ (SY0-601) training for the concepts
www.cbtnuggets.com/it-training/comptia/security-plus
- PenTest+ course for lots of virtual labs
www.cbtnuggets.com/it-training/comptia/pentest-plus
Comparing these three certs with CCIE is absurd. You have to gain knowledge of 4-6 months CCNA then 5-6 months CCNP, and after a months/years to pass a CCIE which exam cost 1600 eur plus travel cost going to Europe - Brussels and taking 8h exam with slim chance of passing. Comparing OSCP you need ~3 months to pass. CISSP you can buy dumps and pass it. GIAC ~ 4months.
It's almost impossible to dump a CISSP cert, the more questions you get correct the harder the questions become and most of them will not be in the practice guides, plus the audit you at random every year and if they even suspect that you tried to dump the exam they will pull it from you. The man in the video also left out in regards to the GIAC Security Expert Cert is that you must have at least 1300 white papers published and I believe there are only 9 people on the entire planet who have actually passed that certification.
I don’t care how many certs you have. They all depend on where you want to be in security. I, myself am a pen tester that specializes in VM and Threat. I also write entire security programs from scratch. So a CISSP and a OSCP will benefit me more with a sprinkle of CISM and CRISC. Security at the end of the day is purely about risk. That is what separates us from IT. We just use technology to do our jobs. And yes I have all 4 of those certs.
So is the ceh a waste?
With Gsec, Gcih, Gcia I still wouldnt feel anywhere near to Gse, thats why people have 8 or more Giac certs before even attempting that, and must revise those certs for maybe a yr or 2 also...
what are those 8 certs bro? and how many certs does GIAC offer?
Great content! Now I know which certificates I should go for initially and then move on to the tougher ones. A small doubt though, I have recently taken up a ISP course at EC Council University out of passion and interest but now I am clueless on what course or project to take next to have a career in cyber security. Could you help me decode this? Thanks!
Hi, Ria! Many will try to gain experience in pentest, which the EC-Council and CompTIA have good certifications for. Another is CISSP, which is always a slam dunk for an applicant to have. The key is to continue to grow and never stop learning. Some will focus on cloud security and do the AWS or Azure security track. Or security vendors such as Palo Alto, Check Point, or Cisco. There are so many options and areas of focus, we recommend reaching out to communities with veterans in the industry to learn more about each path. Hope that helps!
Oh Man CISSP... we really need some CBT lessons on that one especially for the new CAT exam since the ajustement made in April 2018.
I know skilled security peoples who failed in the new CAT exam, and I know peoples who got it as their first IT certification ever and on their first try without being skilled in security.
Something is wrong with it... it really scares me, it’s like a gambling certification, any advices please?
Passed but honestly thought I had failed going thru the exam and reaching question 150. I was so relieved reading “Congratulations” on that printout. Kelly Handerhan’s course on Cybrary is a must to complement your study material!
@g milne Thanks for the tip Milne, any other advices please?^^
@@leonphelps Thanks Leon i have already the Kelly courses, any other advice please?
Thanks for the engaging video!!
And thanks covid for allowing me time to watch these videos, instead of pretending to work all the time :')
wouldve been nice to know what the abbreviatons stand for...
Certified Cloud Security Professional (CCSP)
Cisco Certified Internetwork Expert CCIE
Offensive Security Certified Professional (OSCP)
GIAC Security Expert (GSE)
GSEC (GIAC Security Essentials Certification)
GCIH (GIAC Certified Incident Handler) GCIA (GIAC Certified Intrusion Analyst)
@@dreindenver798 It was CISSP, not CCSP, and CISSP stands for Certified Information Systems Security Professional.
www.google.com. Lemme guess, you’re also the guy that asks “how do I get into hacking”.
How and where too you go too take these certificates
Pesrson Vue or Prometric Dirk.... Do an online search and it will bring up all the relevant info :)
OSCP is from Offensive Security, you go there to take that cert. But you can't just take it, you must complete the Penetration Testing with Kali Linux course first.
@@zephyfoxy
None of these would work for me because I can't code.
what is the average salary of cyber security?
$130k
OSCP and OSWE have entered the chat..