"Blue team" certifications

Hi HTB,

I am currently at a point where I can afford some certifications. I have now got my OSCP & eCPPTv2 which I am pleased with, I am looking to get something on the defensive side of things. I am considering the eLearnSecurity qualifications but it seems to be a hardsell showing the worth of them (although I personally think they look pretty strong).

Does anyone have any suggestions? I am currently thinking of doing the Azure and AWS security certifications (I work with both), but I wanted something more generalized if at all possible.

Really not wanting to do CEH but it looks as though this still counts for something, even in analyst type roles. Quoted $2000.00 for the 'training' and exam, not sure it's worth it at all.

Cheers,
da1y

da1y

OSCP | eCPPTv2 | eJPT

I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

Comments

  • Agree with your analysis of CEH. It really isn't worth it. The only reason I ended up getting the CEH was because my job paid for it. The training is okay, the exam is easy, the questions are misspelled and just not a great exam at all. On top of that, after paying $2000, they don't even give you a physical certificate. Nothing tangible at all.

    The CEH didn't prepare me for what was in HTB at all to be honest.

    What do you think about the GCIH? If you can get your work to pay for it, it can help you a fair bit :)

    -TheMadGo65

  • It would be me funding it, from what I can see it's about $2000.00. I am 'experienced', 10+ years in industry, just want to make sure I have both sides of the security spectrum. To be honest. the goal is contracting and what helps in a CV sift - I keep seeing CEH asked for, GCIH sometimes, OSCP occasionally and eLearnSecurity stuff never.

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • CEH is nice for CV, but instead of paying $2000, you can get it at $500 from EC- Council
    For Blue Team certifications, some are recommending CompTIA CySA+

    Hack The Box

  • EC-Council are charging me $2000.00, you need to pay for one of the two course types - I am not sure I would pass the experience check they do. I will check out CompTIA.

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • I assure you can get it at $500 for base package, I got it and I know many who did, https://aspen.eccouncil.org/Home/iLearn
    Base package includes:

    Instructor-led, streaming video training modules – 1 year access
    Official EC-Council e-courseware – 1 year access
    iLabs, virtual lab platform – 6 months access
    Certification Exam Voucher
    Certificate of Attendance

    PM me if needed, i can forward you a training consultant contact for arrangements.

    Hack The Box

  • You really have 2 options here:
    either SANS courses ($7000+cert fee ~$800) OR ElearnSecurity (they have at least 2 courses)

    IF your company is paying for it, go for SANS. Otherwise, ElearnSecurity is the way to go.

    Stay away from CEH. It's not even relevant to this discussion so I'm not really sure how it ended up here anyway ....

    Hack The Box

    OSCP | GPEN | eCPTX | CREST CRT | eCPPTv2 | GWAPT | ECSA (Practical) | CREST CPSA | ACE

  • edited December 2019

    @Ryan412 - the amount of blue roles that ask for is it why it is here on CV sift... I guess you haven't looked at any roles recently? Not stating it's right or good that it's on the requirements of most roles, but here (UK at least), it's commonly asked over SANS, eLearnSecurity isn't on the radar.

    EDIT: SANS looks 50/50 split on roles, could just be bad recruiters though. CEH... nearly all.

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • Type your comment> @da1y said:

    Not stating it's right or good that it's on the requirements of most roles, but here (UK at least), it's commonly asked over SANS, eLearnSecurity isn't on the radar.

    This is 100% correct and a big problem in the UK (IMHO). I have no idea why people looking to hire for defensive roles (such as network monitoring, etc) put things like CEH on the job spec. It is insane.

    Speaking as a CEH holder (an employer paid for it many years ago), I strongly believe it isn't worth spending anything on. If you have found a lot of jobs where you are held back by not having a CEH, then maybe consider it.

    Dont even think about spending £2k on it though.

    With regard to jobs, I've never seen an organisation reject a candidate because they are lacking a CEH. There are some certs which do become a big blocker but that tends to be CISSP/CISM more than anything else.

    On that topic, in the UK most defensive-type roles ask for CISSP / CISM more than anything else. While this makes <0 sense, it is worth considering getting one of them instead of a CEH if you just need a badge to get through HR screening.

    Lastly, you are 100% correct SANS courses are rarely asked for as a cert, but the training is excellent. If you are after a cert to improve your defensive knowledge & make you a stronger candidate in interviews, then applying for the Work Study programme is well worth it.

  • @TazWake - the problem is my work history although very technical doesn't cover CISSP requirements, although I could maybe argue 2 or 3 years of it across a couple of the areas just about.

    CISSP associate I could go for but it is often CISSP or CEH on the CV sifts (i'd maybe hit the CISSP keyword haha), some of this is ticking the box for a CV sift, some is getting something out of it technically (I think I'd pass CEH without needing content, it seems a waste of money and I know I wont pass their 'screening' to just take the test).

    I am not specifically looking for a defense type role, but want to show I can do both sides of the coin, red and blue team roles ask for CEH.

    Glad I'm not the only one seeing how ridiculous the UK market is right now, I can imagine some companies do it to say "we have this certification" but i wonder how much is just useless recruiters.

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • @da1y
    I'm working on moving the opposite direction. Currently in a blue role, but have done a bit of offensive style work to facilitate that.

    Depending on the company and/or role you can get by without the certification provided you could demonstrate the correct skill set. We've had openings open for over a year without being filled not because there weren't people without certs - but because they just didn't have the knowledge/skills/weren't teachable.

    Certs are great, but practical experience (even when it's only in a homelab) is better. I didn't have a cert before getting my current gig - but I am a polyglot when it comes to programming, have enterprise software in my lab, SE engagement experience, etc.

    CEH is relevant though. It's a requirement for security clearance and government jobs (regardless of what anyone thinks about it). As a result, a lot of HR people look at what the government is doing and copy paste without input from their technical heads.

    The only reason I'd look at picking CEH up on my own dime is if I decided I wanted to go back to the land of clearances. If you don't, it probably isn't going to matter.

  • edited January 7

    I have the CEH and CISSP. The CEH meets a US government requirement and so does the CISSP. Having been through many job interviews, the non-infosec interviewers/HR people see the words 'certified ethical hacker' as impressive, regardless of the meat of the cert. Having said that, CEH is not worthless. It has alot of basic infosec concepts that will inform and enrich, especially anyone new to the industry. CISSP was the hardest exam I've ever taken. Mainly as it is not a technical exam. It is a lot of 'what is the best method to ....' where there are several 'right' answers to choose from. It is testing your ability to build and manage a security program for an organization (maybe the ultimate blue team manager?). As a sec engineer I would say that understanding CCNA, window admin, linux admin, sec analysis (e.g. SIEM skills) are topics that are important, as well as any coding training. So training/certs that give you those will get you what you need. Working toward a CISSP if you plan to be an exec some day (or work in anything DOD related).

    To a larger point I really warn against the 'cert vs experience' or the 'which cert is better' arguments. Certs are valid and useful. Experience is valuable. Which cert is 'worth it' depends entirely on the individual. If you have the OSCP, but have never looked at any other aspect of infosec, you migh gain some understanding with the CEH as it is more broad and less deep. If you can already perform Pen tests, then the OSCP is only useful to put on resume/cv. If you need to engineer security automation with red hat ansible, then all those certs are "worthless". I would exam what path in info sec you want to take (even more specific that blue vs red) and look at what training you lack, then go from there. And as others have mentioned, when your employer offers to pay for a cert, just get it. It won't hurt.

    Good Luck!

  • In the UK, I am not sure it's necessary for clearance but it's possible they may follow US standards, I will look into that.

    These certs are coupled with 10+ years from sysadmin to lead engineering roles, I have a CCENT/ICND-1 but didn't bother with ICND-2 (at the time MCSA was more important) but I know my way around. This is to show I can do this side of things without the on the job experience specifically, although I did work at a large security vendor for a few years, that's now 6 years back almost.

    Thanks for the feedback, I'll definitely look into it more after into this side of things after I complete OSWE.

    da1y

    OSCP | eCPPTv2 | eJPT

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

Sign In to comment.