Information Security Certifications – L33t H4x0ring!

It’s about I got myself a new cert, it’s almost a year since I got myself OPST Certified..

OPST stands for OSSTMM Professional Security Tester, recursive eh? OSSTMM stands for Open Source Security Testing Methodology Manual.

If you’ve never heard of the OSSTMM, you don’t really need this cert 😉

The OPST is a certification of applied knowledge designed to improve the work done as a professional security tester. This is an important certification for those who want or need to prove they can walk the walk in security testing, the discipline which covers network auditing, ethical hacking, web application testing, intranet application testing, and penetration testing. And it is a critical, eye-opening class for security auditors, network engineers, system and network administrators, developers, network architects, security analysts, and truly anyone who works in IT from systems to networks.


Cool eh? Kinda nerve wracking after submitting the results directly the servers in Spain and waiting 3 weeks for the pass/fail..

Yes that’s X-windows on a *nix station, the exam was done purely on Linux, Windows was used for some surfing, the exam is 90% practical a tunelled connection to spain, kinda slow..the other 10% is about some ethics and parts of the OSSTMM.

Yes of course I passed, top grade in the class I think..

Ah well, wonder which certificate to do next, kind of hard to find decent computer security courses in Asia, I think SANS is in Singapore soon though..

Don’t even mention MSCE, I’ll spit on you 😉 I wouldn’t mind RHCE or LPI next though, or perhaps go the Cisco route or something else proprietary..




You can subscribe via e-mail to get my posts in your Inbox, or stalk me on numerous other platforms.

Follow my Dayre!

, , , , , ,

16 Responses to Information Security Certifications – L33t H4x0ring!

  1. Hallaj July 10, 2006 at 11:53 am #

    Well, if you’re planning on going for *nix based certs. I think you can look into BSD Certification. It’s worth ‘mentioning’ I guess 😉

  2. gbyeow July 10, 2006 at 1:11 pm #

    Getting certification to prove you’re 1337 isn’t exactly a very “1337” act. So meh… CCNA is too easy to acquire such that it proves nothing. I guess the same is true for half the low tiered certs. Now a CCIE. That’s a different story 🙂

  3. ShaolinTiger July 10, 2006 at 2:22 pm #

    Hallaj: Looks interesting.

    gbyeow: Actually I find certifications in general completely un-l33t. But HR people make them a necessity and those who accept tenders for consultation also expect a bunch of acronyms relating to industry standards. The only certs techies in my field respect are CCIE:Security and GCIA/GCIH, although the latter lost a lot of respect lately..and to get CCIE you need at least CCNA & CCNP it’s a vicious circle.

  4. Gouki July 10, 2006 at 2:50 pm #

    First of all, congratulations ST.

    CCIE is a great certification. As you said, CCNA and CCNP are required. However, you’ll have no problems doing the CCNA. The same cannot be said to CCNP, however. Things are a bit hard with this cert, still, I think it’s the way to go.

    Maybe adding your certifications to the ‘About’ page. We both agree that they do not mean much, still is cool to know what you have 🙂

  5. Dabido (Teflon) July 10, 2006 at 2:59 pm #

    ST – actually, you can sit the CCIE without a CCNA or a CCNP. It states something like that on the Cisco site, but I can’t be bothered looking for it. I think it also states something similar in the CCNA and CCNP books.

    I do know a few CCIE’s, and they’ve all bascially told me it takes two years study in every spare minute of their lives to complete it. Some of the stuff they discuss though, like the internal workings of some chip in some specific router, make me wonder if they’d ever use that info in their life.

    Like you said though, some HR departments throw peoples resume’s out before they even interview people if they don’t have the right letters in there somewhere.

    gbyeow – Even Cisco says the CCNA is for junior positions in networking, so they’re not expecting people to be 133t. For some people, it’s the piece of paper that opens the door for their first Networking job. It’s really only there to prove you have the minimal amount of networking knowledge before letting you start in networks.

    The CCNP isn’t there to prove you are 133t either. It’s considered the sort of thing you might be expected to get a year or two after starting in networks.

    I would have to say though, the CCIE [no, I don’t have one] is pretty 133t with some of the stuff they learn. The way some of them talk, you’d beleive they could buld a catalyst switch with just some string and sticky tape. [Which was what held the network together in the last place I worked!] 🙂

    Ah, the good old days … brings back memories of managers complaining the 10/100 switches were too slow, and when we’d suggest replacing them with a 1Gig switch, they’d tell us they’d give us the money for it once we got the 10/100 switches running 1Gig speeds! Ah, Managers, a laugh a minute! 🙂

  6. KY July 10, 2006 at 3:16 pm #

    I want a medical certificate for tomorrow.. -.-

  7. Adam July 10, 2006 at 3:39 pm #

    I have an E-commerce professional cert from Informatics. The funny thing is that we didn’t learn anything about e-commerce. On the other hand, I guess it was quite useful to guys like us who had minimal webdesign knowledge. WOnder whether they are still continuing this cert. programme.

  8. suanie July 10, 2006 at 5:31 pm #

    so many alphabets…

  9. Hacker July 10, 2006 at 5:40 pm #

    H4x0ring, I definitely want a security cert for that one, upper or intermediate level would probably be best. 🙂

  10. stephen July 10, 2006 at 9:14 pm #

    Hai tiger, I was wondering what are the prospects for a professional security tester, what are the benefits or perks-do they pay well, specially OPST, im kinda interested.

  11. stephen July 10, 2006 at 9:16 pm #

    I just wanted to know ,Not much exposure for any security tester here in malaysia.(Im sure its way more exciting than just being programmer)

  12. gbyeow July 11, 2006 at 11:09 am #

    Yeah, I know what you mean. Worse part is that as you say, HR perpetuates the need for these certs. Quite frankly, it’s not as though the guy with the cert can do any better than the Joe Bloke who has been twiddling his fingers and picking his nose trying to figure out the how to plug the big security hole in his home network. The latter might actually come out tops 🙂

    Dabido: Gah! I left the abyss of networking behind and don’t want to go back there. Don’t dig up old memories.

    stephen: Don’t look down on ‘just being programmer’. To each his own. At the end of the day, the grass always seems greener on the other side.

  13. Dabido (Teflon) July 11, 2006 at 12:29 pm #

    gbyeow – Sorry. lol I left the Inferno of Servitude (IS ) as well. lol Well, sort of …

    I probably should also add some insider knowledge concerning the CCIE as well. I was told that Cisco only likes to have a certain amount of CCIE’s in any given area, so if they decide there is only going to be, say 120 CCIE’s in KL, then if the quota is full and you go for the exam, they deliberately fail you.

    It’s one of the ways they keep the CCIE value up. Also, ANYTHING regarding Cisco stuff and networkin in general is fair game on the exam (there’s a verbal exam as well), so you can be asked ANYTHING (except maybe questions concerning the internal workings of competitor equipment).

    I’ve also heard that they often like to fail people three times as well … just because … lol

  14. hyperhex July 16, 2006 at 4:12 pm #

    It’s been a year already ? wow, so fast! :p first time met u dude… 🙂 ei, next time u all got gathering, call me out ler.. l33t hax0r must meet up to see how we can conquer the world… hehe

  15. Mr_Moslow August 16, 2006 at 12:12 am #

    Getting certification to prove you’re 1337 isn’t exactly a very “1337” act. So meh… CCNA is too easy to acquire such that it proves nothing. I guess the same is true for half the low tiered certs. Now a CCIE. That’s a different story 🙂

    gbyeow, the OPST is like the CCIE in that it is a practical examination. You can’t fake it.
    IMHO, it is miles better than all the other so-called “pentesting” courses that don’t have a practical exam. Plus the OSSTMM has been around since 2001 and forms part of the internal assessment posture framework of the US Army. 🙂

    BTW, congrats on the achievement ST! 😀

  16. The Guru July 1, 2009 at 12:01 pm #

    Which hat are you wearing Shaolin 😀

    You got my dream job, by the way NMAP was still the king of port scanner right. I still haven’t got time to test the latest version of Backtrack 😉

    Share more, love you haxlc topic :p