Certification suggestions for intrusion detection/Snort

Joined
Apr 17, 2018
Messages
3
I have worked in Cybersecurity in the Navy for 6 years and I'm separating soon. My specific experience is with Intrusion Detection, Snort rule creation, Incident Response, and Forensics/Malware Analysis. I am very good at Snort and it is my passion so I want to continue with that when I separate. My current certs are Security+, CEH, and GREM.

Most job postings I see for Snort fall under Network Admin/Engineers and the like which I don't really have experience in. It seems the private sector does things a little different than the government. Does anyone have suggestions on certs I can pursue to get me more in that realm? I am a quick learner and very technical. I have multiple systems at home networked and love tinkering with stuff. I like Linux. Would something like RHCSA/RHCE be good? Thanks for your help.

Also, I'm finishing my last couple semesters of college for a BS in Information Technology - Cybersecurity.
 
Last edited:
Sit yourself in front a computer and learn IPTABLES, download and install Kali and learn the hell out of metasploit and pretty much everything on there. Start hacking test boxes. Learn how to craft an email with a payload to go spearfishing. Learn nmap/zenmap. Make sure you know your networking theory, subnetting, ports, protocols. Figure out wireless hacking as well using the aircrack suite.

OR

Go get a cert and sit in front of a computer and just enter firewall rules over and over and over.

Good Luck and Regards.
 
Mega6 thats going a very different direction from where he/she is now.

There is plenty of work on the "blue" side of house cybersailor. Do you have an active clearance? I don't know if you can PM me, if you can send me an address to email you....

The biggest "problem" I see with prior military/gov experience is sometimes that person is very silo'd in their experiences. They go SUPER deep in one discipline because that's what was needed from them for years, but they may only have beginner knowledge of other disciplines where as "private" sector people usually have a broader exposure to many things with the same amount of work experience. Neither one is bad per say, just something to be aware.

As for your particular search right now, spend some time looking for "SOC analyst", "Security Analyst", IPS and/or IDS. Your experience with SNORT will be easily applied to almost any other IPS/IDS.
 
Maybe so..Here are some certs that could be of use:

  • EnCase Certified Examiner (EnCE);
  • AccessData Certified Examiner (ACE);
  • GIAC Certified Incident Handler (GCIH);
  • GIAC Certified Intrusion Analyst (GCIA);
  • GIAC Certified Forensic Analyst (GCFA);
  • GIAC Certified Forensic Examiner (GCFE);
  • GIAC Reverse Engineering Malware (GREM); and,
  • GIAC Network Forensic Analyst (GNFA).
 
cheap50, I couldn't figure out how to PM you but I do have an active clearance. I'm trying to go private sector but if the right opportunity presents itself in government, I am open to that as well. I've been moved around a lot to different jobs in somewhat of an escalating manner and have experience in several different aspects of Cyber. Network traffic analysis/PCAP, Snort, Threat hunting, Forensics/Malware RE, Incident Response, managing IDS/IPS systems. I've worked in SOC environments for the whole 6 years. I haven't really gone very in-depth on any one particular aspect but I've excelled at each job.

Thanks for your input cheap50, Mega6, I would love to get another GIAC cert as I already have GREM but I'm in the boat of paying out of pocket at this point and can't quite justify the expense. If I can get some cheaper certs, I may go that route. But I also want quality certs/training. I have been asking around and some suggested RHCSA and RHCE. I saw where you can get a bundle subscription through Red Hat where you get access to all their training videos/materials for a year and get vouchers included with their "standard" subscription.
 
Work the Clearance, that is a BIG ticket. You could probably get a job in DC in 5 minutes. Good idea asking around. That should get you on the path to the right cert(s).
 
cybersailor - btw - my apologies for projecting my own Curriculum upon yours, that was not helpful and short sighted. 50 got us back on track.
 
Last edited:
Mega6, no worries. And I'm really hoping to get out of the D.C. area. That's where I am currently. Hoping to move to a smaller city even though I have job offers here. Traffic here is just ridiculous.
 
Pick some companies you would like to work for. Contact them and ask what they are looking for education/certification wise. Match what you know against what they want. The missing pieces are your list.

A lot of cyber security work is more jack of all trades then what you have. Think firewall configuration, malware prevention, keeping things properly patched, network design, designing a security policy, etc. Many organizations will expect that you can do things like configure an edge device to keep MS Office from sending confidential documents outside the network. Smaller companies may expect you to be able to do non cyber security things like basic server management, workstation setup or even help desk work.

As silly as it may seem, A+ is a good cert to have as a lot of job postings want it. Same for Network+. Keep in mind you have to get your resume past the HR drones and their basic filters before you get to talk to the IT folks.
 
Mega6, no worries. And I'm really hoping to get out of the D.C. area. That's where I am currently. Hoping to move to a smaller city even though I have job offers here. Traffic here is just ridiculous.

I'd say chill where u r until the right offer comes through and you complete your cert(s). Where u r at - you can complete everything you need. Your choices will be much more numerous down the road. 16 lane DC traffic is legendary. :(
 
cheap50, I couldn't figure out how to PM you but I do have an active clearance. I'm trying to go private sector but if the right opportunity presents itself in government, I am open to that as well. I've been moved around a lot to different jobs in somewhat of an escalating manner and have experience in several different aspects of Cyber. Network traffic analysis/PCAP, Snort, Threat hunting, Forensics/Malware RE, Incident Response, managing IDS/IPS systems. I've worked in SOC environments for the whole 6 years. I haven't really gone very in-depth on any one particular aspect but I've excelled at each job.

Thanks for your input cheap50, Mega6, I would love to get another GIAC cert as I already have GREM but I'm in the boat of paying out of pocket at this point and can't quite justify the expense. If I can get some cheaper certs, I may go that route. But I also want quality certs/training. I have been asking around and some suggested RHCSA and RHCE. I saw where you can get a bundle subscription through Red Hat where you get access to all their training videos/materials for a year and get vouchers included with their "standard" subscription.

Let me know if you need help on the job hunt. I have parlayed a handful of years, some certs & college into a work from home security job for some Fortune 20 clients. I have picked up a few tricks along the way, I would enjoy helping a vet make the most of their skill set :)

Work the Clearance, that is a BIG ticket. You could probably get a job in DC in 5 minutes. Good idea asking around. That should get you on the path to the right cert(s).

+1 to this. The clearance will get you some offers based SOLELY on the clearance. Its a huge leg up.

I don't know if your looking to settle down but if your willing to travel on an annual basis the State Dept is always looking for qualified, cleared candidates for high paying secure/sys admin work at foreign embassies. A friend of mine did this work for a few years, went to Italy, Portugal, Canada (lol) & Japan and got paid very well to do it.
 
I thought CISSP is the ticket to get a cyber security related job. Is that not the case anymore?
 
For certain jobs it helps. CISSP is less technical than what he does now and has a much broader scope.
I agree, to me CISSP is more of a management type thing because it is so broad.

If you want to go more red team type I would say maybe consider the OSCP cert. It would be a tough test from what I have been told.
 
I agree, to me CISSP is more of a management type thing because it is so broad.

If you want to go more red team type I would say maybe consider the OSCP cert. It would be a tough test from what I have been told.

I have both. The CISSP is 10,000 miles wide and 3 inches deep. Decent intro to security concepts for management-level people but not great if you want to get into the weeds of anything.

OSCP is laser-focused on becoming a penetration tester which isn't a bad skillset to have. I run both a blue and a red team at my org and it helps to have your blue team understand the kind of techniques and tool sets that a red team will use in order more effectively defend the network.
 
I have both. The CISSP is 10,000 miles wide and 3 inches deep. Decent intro to security concepts for management-level people but not great if you want to get into the weeds of anything.

OSCP is laser-focused on becoming a penetration tester which isn't a bad skillset to have. I run both a blue and a red team at my org and it helps to have your blue team understand the kind of techniques and tool sets that a red team will use in order more effectively defend the network.

I might be taking over what's the OP were asking but I would like to ask if you were going to hire an individual to be in a blue or red team, what type of certifications you would be looking for?

I am a software engineer and I hold a bachelor of Computer Science degree and a master of Information Assurance degree. The curriculum of the IA master degree jammed many information but it's like what Blackjack described about CISSP certification, the knowledge I gained from the degree is 10,000 miles wide and 3 inches deep on cyber security.
 
cheap50, I couldn't figure out how to PM you but I do have an active clearance. I'm trying to go private sector but if the right opportunity presents itself in government, I am open to that as well. I've been moved around a lot to different jobs in somewhat of an escalating manner and have experience in several different aspects of Cyber. Network traffic analysis/PCAP, Snort, Threat hunting, Forensics/Malware RE, Incident Response, managing IDS/IPS systems. I've worked in SOC environments for the whole 6 years. I haven't really gone very in-depth on any one particular aspect but I've excelled at each job.

Thanks for your input cheap50, Mega6, I would love to get another GIAC cert as I already have GREM but I'm in the boat of paying out of pocket at this point and can't quite justify the expense. If I can get some cheaper certs, I may go that route. But I also want quality certs/training. I have been asking around and some suggested RHCSA and RHCE. I saw where you can get a bundle subscription through Red Hat where you get access to all their training videos/materials for a year and get vouchers included with their "standard" subscription.

I don't think you have enough posts yet to be able to use the "Start Conversation" PM tool.

The DC area would be your main bread and butter for your particular case. Moving away will limit your opportunities. As for positions, what you want to be looking for would be more of an analyst role: network analyst/malware analyst/incident response. Network Admin/Engineer is not going to be the same. Going along with what some others said I would follow this track:

GCIH (GIAC Certified Incident Handler)
GCIA (GIAC Certified Intrusion Analyst)
GCFA (GIAC Certified Forensics Analyst)
GPEN (GIAC Certified Penetration Tester)

You can read up on SANS Cyber Guardian path which will include many of the certs that will help the most. You can also look into the following for more Red Team:

OCSP (Offensive Security Certified Professional)
KLCP (Kali Linux Certified Professional)
 
I might be taking over what's the OP were asking but I would like to ask if you were going to hire an individual to be in a blue or red team, what type of certifications you would be looking for?

I am a software engineer and I hold a bachelor of Computer Science degree and a master of Information Assurance degree. The curriculum of the IA master degree jammed many information but it's like what Blackjack described about CISSP certification, the knowledge I gained from the degree is 10,000 miles wide and 3 inches deep on cyber security.

I just sent you a PM to remain on-topic but would be happy to expand if the OP would like to know.
 
Oh that's pretty cool! Glad that there are programs like that for our vets!!

I am still in school and very much learning this stuff, but yes the OSCP is supposed to be a long and very difficult cert exam! Isn't that the adaptive one that takes hours? 0.o. I remember my teacher mentioned one cert in my CEH focused course that sits you in front of a target and you have six hours to break it or something? Of course I can't find it in my notes at the moment heh.
In any event, I would think if you are looking to go private sector you should try to pick up some Linux admin certs and maybe do some Cisco networking ones e.g. CCNA or CCNP particularly the security focused ones. Then of course all the online applications are going to check if you have the A+/Net+/Security+ or will likely chuck your application out so while those might be too beginner for your experience you might need them just to get past the bureaucracy!
 
Oh that's pretty cool! Glad that there are programs like that for our vets!!

I am still in school and very much learning this stuff, but yes the OSCP is supposed to be a long and very difficult cert exam! Isn't that the adaptive one that takes hours? 0.o. I remember my teacher mentioned one cert in my CEH focused course that sits you in front of a target and you have six hours to break it or something? Of course I can't find it in my notes at the moment heh.
In any event, I would think if you are looking to go private sector you should try to pick up some Linux admin certs and maybe do some Cisco networking ones e.g. CCNA or CCNP particularly the security focused ones. Then of course all the online applications are going to check if you have the A+/Net+/Security+ or will likely chuck your application out so while those might be too beginner for your experience you might need them just to get past the bureaucracy!

It might be this:
https://www.elearnsecurity.com/certification/ejpt/
 
I don't know if I would spend too much time and money on certs, as you should be able to get a good job with your existing experience (Let the new employer pay for some SANS courses). Very large companies will have security programs that resemble what you did in the navy. If you are interested in living in North Texas (DFW) send me a PM.
 
Good point. I interviewed at two places (one fortune 100, one private but equally large) for a sec analyst position. Both offered at least 1 SANS course/cert a year and T&E for a couple sec conferences. Companies will invest in the good talent, with your background you are most likely going to land in that pool.
 
Back
Top