1 00:00:06,467 --> 00:00:08,476 - [Instructor] There are several security certifications 2 00:00:08,476 --> 00:00:11,429 related to pen testing in the industry. 3 00:00:11,429 --> 00:00:14,833 Now this course helps you to get fundamentals 4 00:00:14,833 --> 00:00:16,680 to prepare for some of them, 5 00:00:16,680 --> 00:00:20,988 however, each certification has its own requirement. 6 00:00:20,988 --> 00:00:25,109 So let's actually review some of these certifications. 7 00:00:25,109 --> 00:00:28,973 The first set of certifications that I'm gonna cover 8 00:00:28,973 --> 00:00:31,750 are actually from Offensive Security, 9 00:00:31,750 --> 00:00:33,077 and they have different certifications 10 00:00:33,077 --> 00:00:36,592 related to pen testing and also exploitation. 11 00:00:36,592 --> 00:00:39,593 Now the first one is the Offensive Security 12 00:00:39,593 --> 00:00:42,176 Certified Professional or OSCP. 13 00:00:43,110 --> 00:00:46,023 It goes over the principles of pen testing, 14 00:00:46,023 --> 00:00:50,190 and the exam is a 24 hour exam that includes the requirement 15 00:00:51,128 --> 00:00:54,601 for you to actually write a penetration testing report. 16 00:00:54,601 --> 00:00:57,250 So that's actually something that some of the other 17 00:00:57,250 --> 00:01:00,888 certifications actually do not present into the fact 18 00:01:00,888 --> 00:01:02,583 that you not only use the 24 hour exam 19 00:01:02,583 --> 00:01:05,647 but you actually have to write a penetration testing report. 20 00:01:05,647 --> 00:01:08,289 Now they also have a certification that concentrates 21 00:01:08,289 --> 00:01:10,851 on wireless security pen testing called the 22 00:01:10,851 --> 00:01:14,934 Offensive Security Wireless Professional or OSWP. 23 00:01:15,856 --> 00:01:20,666 They also have three different expert level certifications. 24 00:01:20,666 --> 00:01:23,396 The first one is Offensive Security Certified Expert, 25 00:01:23,396 --> 00:01:27,563 or OSCE, the Offensive Security Exploitation Expert, OSEE, 26 00:01:29,388 --> 00:01:33,305 and the Offensive Security Web Expert, or OSWE. 27 00:01:34,949 --> 00:01:36,692 I'm including the link to their website here 28 00:01:36,692 --> 00:01:38,599 for your reference in case you actually want 29 00:01:38,599 --> 00:01:40,874 to read more about them. 30 00:01:40,874 --> 00:01:44,725 Now there's also an organization called the EC-Council 31 00:01:44,725 --> 00:01:46,464 and they have two certifications, 32 00:01:46,464 --> 00:01:49,166 the Certified Ethical Hacker 33 00:01:49,166 --> 00:01:52,388 and the Certified Network Defender certifications. 34 00:01:52,388 --> 00:01:54,458 You can obtain more information about them 35 00:01:54,458 --> 00:01:57,400 in the link that I'm sharing in this screen. 36 00:01:57,400 --> 00:02:02,084 Now another organization that has multiple courses 37 00:02:02,084 --> 00:02:04,696 and also certifications is SANS, 38 00:02:04,696 --> 00:02:09,083 and actually SANS in combination with G-I-A-C or GIAC. 39 00:02:09,083 --> 00:02:11,073 Now some of them are related to pen testing, 40 00:02:11,073 --> 00:02:12,066 some of them are not. 41 00:02:12,066 --> 00:02:14,721 Like for example, they have courses and certifications 42 00:02:14,721 --> 00:02:18,080 related to forensics, instant response, 43 00:02:18,080 --> 00:02:21,026 and also related to pen testing. 44 00:02:21,026 --> 00:02:23,471 Now there are many other cyber security certifications 45 00:02:23,471 --> 00:02:27,274 out there, so even if you want to get certified 46 00:02:27,274 --> 00:02:31,333 in things like network security or cyber security operations 47 00:02:31,333 --> 00:02:34,685 there are a few additional choices for you. 48 00:02:34,685 --> 00:02:38,088 For example, Cisco, where I work, they actually have 49 00:02:38,088 --> 00:02:40,990 two tracks for cyber security certifications, 50 00:02:40,990 --> 00:02:45,052 the traditional network security, so CCNA Security, 51 00:02:45,052 --> 00:02:47,802 CCNP Security, and CCIE Security, 52 00:02:48,661 --> 00:02:51,974 and then they also have a new certification 53 00:02:51,974 --> 00:02:54,417 that will help you prepare to be a cyber security analyst 54 00:02:54,417 --> 00:02:58,486 in the security operations center known as SOC 55 00:02:58,486 --> 00:03:00,389 or be part of a computer security 56 00:03:00,389 --> 00:03:03,700 instant response team or a CSIRT. 57 00:03:03,700 --> 00:03:06,270 Now that's the Cyper Ops certification though 58 00:03:06,270 --> 00:03:08,503 so the CCNA Cyber Ops. 59 00:03:08,503 --> 00:03:11,653 I actually author the books and the video courses 60 00:03:11,653 --> 00:03:14,257 for both the CCNA Security 61 00:03:14,257 --> 00:03:17,446 and the CCNA Cyber Ops certifications. 62 00:03:17,446 --> 00:03:20,680 I'm including a link to the Cisco Certification website 63 00:03:20,680 --> 00:03:22,711 for your reference. 64 00:03:22,711 --> 00:03:25,871 (ISC)2 is another organization that has 65 00:03:25,871 --> 00:03:28,806 several cyber security certifications. 66 00:03:28,806 --> 00:03:32,155 They range from the Certified Information System 67 00:03:32,155 --> 00:03:34,738 Security Professional or CISSP, 68 00:03:36,002 --> 00:03:38,523 which is actually one of the most known 69 00:03:38,523 --> 00:03:40,594 security certifications in the market. 70 00:03:40,594 --> 00:03:43,408 And it actually provides you a common understanding 71 00:03:43,408 --> 00:03:47,277 of the different domains in information security. 72 00:03:47,277 --> 00:03:50,549 Then you have more specialized certifications like this 73 00:03:50,549 --> 00:03:53,484 Certified Cloud Security Professional, 74 00:03:53,484 --> 00:03:56,096 the Certified Authorization Professional, 75 00:03:56,096 --> 00:03:58,785 and of course, others like the 76 00:03:58,785 --> 00:04:02,468 Certified Secure Software Lifecycle Professional 77 00:04:02,468 --> 00:04:06,769 in case you actually are concentrating in an SDL program. 78 00:04:06,769 --> 00:04:08,919 They also have certifications related 79 00:04:08,919 --> 00:04:11,775 to health care information security. 80 00:04:11,775 --> 00:04:15,623 The HealthCare Information Security and Privacy Practitioner 81 00:04:15,623 --> 00:04:17,123 or HCISPP, and the 82 00:04:19,492 --> 00:04:23,388 Certified Cyber Forensics Professional. 83 00:04:23,388 --> 00:04:27,561 ISACA is another organization that has a cyber security 84 00:04:27,561 --> 00:04:30,335 certification that is fairly popular 85 00:04:30,335 --> 00:04:33,399 among security managers and auditors. 86 00:04:33,399 --> 00:04:36,756 It is called the Certified Information 87 00:04:36,756 --> 00:04:39,528 Systems Auditor or CISA. 88 00:04:39,528 --> 00:04:41,103 I'm including the link to their websites 89 00:04:41,103 --> 00:04:43,094 for their reference. 90 00:04:43,094 --> 00:04:46,451 One of the questions that I often get is what recommendation 91 00:04:46,451 --> 00:04:49,103 do you have to actually get a certification 92 00:04:49,103 --> 00:04:52,436 like an OACP or CEH or a CCNA Cyber Ops? 93 00:04:54,820 --> 00:04:58,343 Or should I get a four year degree instead 94 00:04:58,343 --> 00:05:00,960 or even a Master's degree in cyber security? 95 00:05:00,960 --> 00:05:04,517 Well, as you can expect, my answer is it all depends. 96 00:05:04,517 --> 00:05:09,364 So for instance, for being an expert in cyber security, 97 00:05:09,364 --> 00:05:11,932 you need to have a really good understanding 98 00:05:11,932 --> 00:05:14,088 on how systems operate. 99 00:05:14,088 --> 00:05:15,455 You also need the fundamentals 100 00:05:15,455 --> 00:05:18,264 of networking and programming. 101 00:05:18,264 --> 00:05:21,615 How can you hack a system, if you actually don't know 102 00:05:21,615 --> 00:05:23,645 what that system is actually doing 103 00:05:23,645 --> 00:05:26,024 or how it actually runs under the hood? 104 00:05:26,024 --> 00:05:30,660 So yes, you can launch a tool and try to be lucky, 105 00:05:30,660 --> 00:05:34,014 but I actually don't classify that as a security expert, 106 00:05:34,014 --> 00:05:36,464 right, actually not even security amateur 107 00:05:36,464 --> 00:05:37,840 to be honest with you. 108 00:05:37,840 --> 00:05:41,441 So there are several universities that actually have 109 00:05:41,441 --> 00:05:43,759 excellent programs for cyber security 110 00:05:43,759 --> 00:05:47,926 including undergraduate, Master's, and PhD level degrees. 111 00:05:48,945 --> 00:05:52,655 Now when it comes to pen testing, there are not a lot 112 00:05:52,655 --> 00:05:56,738 of university programs out there for pen testing. 113 00:05:58,219 --> 00:06:00,287 In many cases for pen testing, 114 00:06:00,287 --> 00:06:03,228 a certification may be better. 115 00:06:03,228 --> 00:06:06,645 Now it all depends on what your employer, 116 00:06:07,861 --> 00:06:09,556 of course, will require. 117 00:06:09,556 --> 00:06:11,977 And if your don't have actually pen testing 118 00:06:11,977 --> 00:06:15,207 or a security assessment review for a client, 119 00:06:15,207 --> 00:06:19,101 that may actually dictate what type of certifications 120 00:06:19,101 --> 00:06:21,994 you may actually have or what type of degrees 121 00:06:21,994 --> 00:06:23,610 you may actually have. 122 00:06:23,610 --> 00:06:27,469 Now regardless, what I do recommend is actually to have 123 00:06:27,469 --> 00:06:30,042 a good roadmap for your career 124 00:06:30,042 --> 00:06:33,042 so that you can actually plan ahead. 125 00:06:34,013 --> 00:06:37,495 For example, you may want to eventually be a CISO, 126 00:06:37,495 --> 00:06:41,342 or Chief Information Security Officer, of a big company, 127 00:06:41,342 --> 00:06:45,488 so in that case actually you have to develop your roadmap 128 00:06:45,488 --> 00:06:47,728 a little bit different than if you wanted to be 129 00:06:47,728 --> 00:06:51,620 just say a security researcher or somebody focusing 130 00:06:51,620 --> 00:06:55,063 on reverse engineering or exploit development. 131 00:06:55,063 --> 00:06:59,158 So depending on your career goals, you have to analyze 132 00:06:59,158 --> 00:07:02,844 and become familiar with all the options out there 133 00:07:02,844 --> 00:07:06,115 and then create somewhat of a roadmap. 134 00:07:06,115 --> 00:07:09,212 Now of course, this roadmap will actually change 135 00:07:09,212 --> 00:07:11,440 as you advance your career. 136 00:07:11,440 --> 00:07:15,255 For instance, I actually started in cyber security 137 00:07:15,255 --> 00:07:19,268 whenever I used to work for the US Department of Defense 138 00:07:19,268 --> 00:07:21,435 back in 1994 through 1999. 139 00:07:23,041 --> 00:07:26,978 And then since 1999 actually I have been at Cisco. 140 00:07:26,978 --> 00:07:29,954 I have served within several roles within Cisco 141 00:07:29,954 --> 00:07:34,254 and these roles actually included from network security, 142 00:07:34,254 --> 00:07:36,746 supporting actually Cisco security products, 143 00:07:36,746 --> 00:07:40,218 also pen testing, instant response, 144 00:07:40,218 --> 00:07:43,620 and the security research and operations team 145 00:07:43,620 --> 00:07:45,401 that I actually serve right now. 146 00:07:45,401 --> 00:07:49,589 So my roadmap, as you can see, has changed over the years. 147 00:07:49,589 --> 00:07:52,613 What is actually important is that you stay relevant 148 00:07:52,613 --> 00:07:56,015 and you're committed, that you actually concentrate 149 00:07:56,015 --> 00:07:58,450 and develop that roadmap and then actually 150 00:07:58,450 --> 00:08:00,349 commit to your goal. 151 00:08:00,349 --> 00:08:05,074 Now cyber security is actually changing every minute, 152 00:08:05,074 --> 00:08:08,101 every single day, and you must study and become familiar 153 00:08:08,101 --> 00:08:11,206 with the new concepts every single day. 154 00:08:11,206 --> 00:08:15,833 So stay relevant, be committed, develop that roadmap, 155 00:08:15,833 --> 00:08:18,916 and that's actually my humble advice.