1. GSE / GIAC Security Expert 2:40 2. OSCP 2:08 3. CCIE Security 1:35 4. CISSP 0:40

Love it! Way to go Asher and team CBT! Proud to be part of the team.

You should bring that guy on more often.

CISSP CCIE Security OSCP GIAC Security Expert

I’ve got Net+, Sec+ and CySA+...passed all three exams first time I took them. Scheduled for CISSP in September! I have over 9 yrs of IT experience. I have several friends that have passed CISSP on the first try. They all say don’t answer the questions from a “technicians” point of view, answer them from a “Managers” point of view!

The major problem with this is, most companies have outdated hardware and security practices. and when you inform them that they are still using a decade old system, They respond with, we can not afford to update. But yet they want their company to depend on such security backbone systems. And not if, but when it breaks, guess what, youll be the one to blame. Most if not all of the pencil pushers dont know about networking, so to them they dont care. They just want it to work, they dont care how, but they also wont update the system to todays standards. So when you walk into a company and they are still using windows XP, and wont update, when they are still using 1980's hardware and wont update, when they tell you, "Just make it work".... There is only one thing to do, Walk out and never come back.... If companies want proper security, they are going to have to learn the hard way. Update your security system infrastructure or im out the door. plain and simple.

Challenge Accepted! EDIT: nvm, not doing this

It does not matter which is tough, it matters which is most widely valued in the market, I personally think CISSP is the most valuable information security certification. I have seen many of my colleagues getting 40 to even 100 percent increase in their salaries after this beast certification!

They should have a certification where you sit around playing Runescape all day

OSCP is generally considered to be an entry level pentest qualification. It's very common to complete it with less than 1 yr of pen experience, there are tons of way harder exams around.

I have my CISSP and I badly want to get the GSE someday! That is my next big goal after I finish my Doctorate.

We need a list of the easiest lol

CISSP as an adaptive exam was very difficult. It was deeper than I expected.

There is a point in time where i just look at the cost to be called a "professional" vs my skill as "someone that can do stuff i guess" and realized that in the end it is not the difficulty that pushes many many people away it is the over all cost of becoming a "professional" and yet many many companies don't use "professionals" because it boils down to cost again. this is why cloud is winning and private servers is slowly becoming a thing of the past for many companies of all sizes.

I did CISSP, read the book 3 times and took several courses failed first attempt and passed the second one, but these others look like real monsters. I did CISM after it and now studying CCSP. Hopefully I get a good job one day or eventually migrate to a proper country

And I though Comptia Security+ was hard...

Can you please kindly make a video on IT certifications based on courses for beginners, intermediate and advanced level. Thank You.

I have the CISSP, CCISO, Sec +. Next certs for me are ISSAP, and CCSP.

CISSP is the most sought after cert and most difficult in my opinion. And please make no mistake it's technical as well

The main difference with CISSP and the rest is that they are more technical / hands-on.

The Community College at which I work is developing a Cyber Security program that will result in either a certificate or an Associates Degree in Cyber Security or Networking. The two will overlap significantly. By the time the student receives their Certificate or Associates Degrees which FOUR certifications should HOLD? I figure one certification test per semester is a good goal for most students. We have a Pearson Vue testing center on campus as well.

OSCP isn’t even the most difficult cert offered by OffSec.

Question- honestly - is CISSP applicable (in a broad sense)outside of US? I would like to tackle it, but only if it is in demand abroad - specifically Latin America and non EU Eastern Europe? Debating…

CISSP exam was written by demented lawyers... A total mind f--- from beginning to end.. Studied my a-- off for 12 months and still struggled through it.

and companies want people to work in Cyber Security.

Big ups to the presenter, nicely answered

This is an area of it were there really isn't a door open enough to put a foot in. A lot of companies don't care about the certifications, they care about time spent using them. There really isn't an entry-level to this market, and that can be frustrating. I'm currently learning that.

I had to get OSCP to get a job, so in the UK it's classed as an gateway cert. Then you need to sit through CREST exams to do certain work, and they are harder.

OSCP is not their hardest cert. It is the entry level of the OffSec pen testing certs. Sure it's 24 hours but they have 2x 48hr cert exams and a 72hr one that requires attendance at a course during Black Hat in Vegas...

CISSP was the only exam when I started, I think my number was in hundreds back then and it was hard and done on paper with a very long turn around time to be graded. It also requires that the person show and document experience in the field - seems all that is gone now

CISSP is not hard at all. It is just bulky. On case of CCIE, yes it is hard, but CCIE is all about netsec not sec itself. CyberOPS is not ready yet. Oscp is also hard, but OSCP is not the hardest cert given by OfSec. For sec specialist it is crucial to know linux and network on a very good level. I am not talking about vendors, i am talking about permissions, services, firewalls, protocols, how to attack, maybe some tools. It is also nice to have some knowledge on managerial aspects.

What work do people having GIAC certification do?are the pen testers?

The CISSP has been updated, the newest version isn't just a manager's view; it's a lot more technical than expected.

I love this video!!!!

(Edit: apparently some testing centers have changed format which efficient use of time/effort harder. Unfortunately.) How to pass CISSP and other many-questions style exams: 1. Know the subjects. 2. Complete all easy questions quick. 3. Revisit all hard questions (questions you didn’t understand etc) a couple of times. 4. Make a couple of safety checks, just double check everything. Now you are done, hours ahead and likely will succeed. I think there is a big myth about “the special nature” of CISSP questions promoted by authors of books/course/training exams. All of that weird mind tricks and hidden traps in the questions, I didn’t find any such crap in the actual exam. 90% were plain questions just checking if you knew the subject matter, and maybe 10% were hard in some manner (needed you to make an intelligent decision from the scenario presented). I didn’t find any question where once you understood it the answer wasn’t obvious. So it is a big exam on a huge subject matter, but there is imho nothing strange or hard about the questions.

Thank you

Almost 10 years after passing and I still remember how annoying taking the CCIE Sec was. Totally worth it, but it SUCKED. You gotta embrace the suck to pass. :)

Good thing I saw this before enrolling in a 45k university

Thoughts on Security+? I have about two weeks left of it in my college course(workforce return to education offering) and I am already intimated to sit for the exam.

funny that you mention the OSCP as second hardest since its the entry level Offensive Security cert there are several specializations and more difficult levels beyond. OSCE OSEE ...

Just passed the sec+ 601 exam. It was tough even when i have some skills in it sec from college and work. Think also the english language level was a factor of the difficult

This gives immense boost ....that's to the powerful orator on screen...

OSCP holder here. The exam is not a "massive virtual environment", the *course labs* are the massive labs, because they are meant to be a free range to experiment with a multitude of techniques. The exam lab is a small number of machines. I'm not sure if I'm allowed to disclose the exact number but I will say it's in the single digits.

I don’t argue that CCIE security is hard as nails. But what is the value of it if you are not using Cisco’s security products? What if I am using products from Palo Alto, F5 and Microsoft to secure my company?

Really good video. I was expecting you to sell your training and only mention CISSP, Cisco and firewall certs, but this is a very good set of certs.

I got CISSP and OSCP.... Which shall I try next?

I would definitely argue that CCIE Security is much more difficult than OSCP, both in time commitment and exam difficulty.

I got the (GIAC Security Expert) GSE. I got the OSCP too. None of my other plethora of of carts came anywhere close.

Should i start on cissp to begin my security career? Or start on security+?

but i want to CISA is it marketable?

What's wrong with a master in informatics (from a university)?

For those of us who want to start a career on IT, which certs are better? CompTIA, Cisco or Microsoft? I had to take a crash course on System Admin (very basic) in order to get a job and my trainer told me that Microsoft's certs have a better value today as most of IT services are moving to cloud so you can get networking or security certs that are related to that cloud environment. Any tips or advice will be greatly appreciated.

So what career steps can you take while you are waiting for that 5-year experience to enter Cybersecurity? I'm studying for my A+ right now but I don't want to be on the helpdesk for more than 2 years. Are there any options outside of second-line support and system admin that I can aspire to while I gather the experience for the 5 years minimum exp?

isn't OSEE harder than OSCP?

What about CISM and CISA?

Excellent

What is the CASP difficulty level?

Can attest, I hold the CISSP and sat for the OSCP and after 22 hours straight, I couldn't crack the final box to pass. Hundreds of hours went into practicing on their VPN and still, couldn't pass it.

All of this cert, is it really worth it to take?

Can you still say the same in 2023? Any updates or still these ones in the same rank?

Considering the following certifications: CISSP vs OSCP vs GPEN vs GIAC + GSEC + GCIA = GSE vs OSEE where would you personally rank each course in comparison to others?

Unfortunately, companies seldomly pay appropriately for the level of commitment of these certs.

What have I done. I've started a Cyber Secuirty degree with foundation C maths and only experience in Visual Basic, a little in C# and Python.

Isn’t CISSM the management one? Or did i misunderstand you?

I did my CISSP back in 2010 I think, when they use to send out examiners instead of doing it online, I brought the Sybex book I think it was (remember Sybex books were so popular in the day) read that for 6 weeks then had a crack at it, after 4 hours walked out and though I had failed but I passed. It's a hell of an exam, but now it can be done online I am sure there are plenty of lab centers that don't have cameras on and allow people to cheat it like all the MSCE's etc. I found once in Shanghai when I did a MS cert the test center asked for my ID, but didn't care if I took in my bag, phone pen etc. Useless.

Thank you for the video. Very useful!! Keep up the great quality! --Sage

There are only 228 GsE in the world. Coz its so damn expensive hahahaha 2:45

I don't believe there is a certificate more difficult than CCIE, because CCIE is a combination of theory and practical, and practical means implementation and troubleshooting, and troubleshooting means you must be expert in every technology with hands-on, and the scope of the certification is quite big, you can pass CISSP in 4 months, but you need 2 years to pass CCIE. but there might be certificates much more worthy than CCIE

Not stand up for 24 hours? LETS GO!!!!!

What do you think about Mile2 Certifications?

What about the offensive security exploit writing cert?

Going for OSCP at 17.... Let's nail it

Where is OSEE?? 72hs exam! Or Corelan Exploit development course?

I’ve watched this 8 times over 2 yea and I still don’t know what I want to do. 😂

OSWE of offensive security is 48h exam where you need to reverse engineer many machines and root them. Harder than OSCP for sure.

OSCP exam was too easy!!! Dont let this 24 hour exam intimidate you! AWAE is a lot harder !

I am CISA , the most accepted and usefull , suggest to get it, rest is not much genaral accepted; Others; cobit 5 and iso/iec 27001 If u have my certificate can have big sallaries

come on .. am preparing now for security + >>> u just gave me a bad waves LOOL

I'm studying PWK at the moment. Then I'm going to cissp. Im a good hacker but I think you need to know how to hack before you know how to mitigate.

I love his presentation

Working in IT. What I cannot grasp with the IT Security industry is that security is a grass roots thing. Sure companies can hire amazing people who have worked in the industry for decades and have all the certs under the Sun. Its not them thats the problem. Its the the limitations of technology and the sheer ignorance of corporations. Bulliet proof security costs serious money and constant updated staff training from the top down. The end result is corperations just don't take it seriously. Even multi billion dollar corperations. So why make getting to security so damn difficult. Its just plain dumb. You need to open security roles up to the masses. Not make it a niech thing. Available only the select few.

I lost all my respect for CISSP, when I saw a fresh (less than 6 month) CISSP struggle to distinguish between the risk for confidentiality and integrity. And even after I tried to argue with him, would not understand it. Risk for C was low, risk for I was high. He argued, risk for C should also be high, because if someone get's the credentials and then logs into the application to alter the content, there would be high damage.

What is the most demanded Security certification in the market.

Can anyone advise how can I get hands on experience on IT security without having the full time job on that.

oscp should've got #1

OSCE > CCIE Security > OSCP > GXPN

Which is enough experience?

INTERESTING

Awesome

#GSE holder here. yes its hard but this list isnt right. #OSEE and #OSWE should be in this list.

I have the same Galaga Cabinet!

Great content! Now I know which certificates I should go for initially and then move on to the tougher ones. A small doubt though, I have recently taken up a ISP course at EC Council University out of passion and interest but now I am clueless on what course or project to take next to have a career in cyber security. Could you help me decode this? Thanks!

the most i would ever do is the cissp. the rest i cant be bothered.

How can you "prepare" for that last exam? You're gonna have a different experience based on who they match you up against. U may face a hacking genius and fail to get the cert.

With Gsec, Gcih, Gcia I still wouldnt feel anywhere near to Gse, thats why people have 8 or more Giac certs before even attempting that, and must revise those certs for maybe a yr or 2 also...

Thanks for the engaging video!! And thanks covid for allowing me time to watch these videos, instead of pretending to work all the time :')

Asher - i wud think the OSEE and GSE rank the same wudnt u agree ??

I have two of them.

Oh Man CISSP... we really need some CBT lessons on that one especially for the new CAT exam since the ajustement made in April 2018. I know skilled security peoples who failed in the new CAT exam, and I know peoples who got it as their first IT certification ever and on their first try without being skilled in security. Something is wrong with it... it really scares me, it’s like a gambling certification, any advices please?

Holy moly you have to be god tier to get the GSE