EH-Net

Hi All,

I am basically from Black box testing background, and involve in security testing from last 1yr. Now I really want to take security as a career.

So, Please guide me how I can proceed and which certificate is best to start with.

Thanks In Advance.

We need a bit more on where you want to go?   What exactly do you want to do in security?  Pentesting, IDS / firewall management, etc?

Hi and welcome to EH-Net, sharabhs.

When you have already experience in (black box) pentesting you should have some knowledge in security and have many requirements needed to "make career" in security.

Don gave some time ago a very good presentation which is titled "DIY Career in Ethical Hacking", which might give you some tipps.

Normal version (http://www.ethicalhacker.net/content/view/201/24/)
R-Rated version (http://www.ethicalhacker.net/content/view/236/24/)


I would recommend you to search through the forums as many others have the same desire as you. A recent thread which might help you can be find here (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,4291.0/).

Hi Ketchup/awesec,

Thanks a lot for your reply, ketchup exactly i want to go for pentesting, can you explain what about the career prospect as a pentester.

awesec, thanks for sharing really good and motivated pdf.

Actually, i am looking for guidance for certifies

Thanks,

Depending on where you are located different certificates may be more important than others.

Because of your first post I assume that you have already at least basic knowledge in security, therefore I won't recommend Security+ by CompTia and similar ones.

Most job offers I saw asked for at least one of the following (in no particular order): OPST, OPSA, CISSP, CEH;

CEH (Certified Ethical Hacker) by EC-Council and CISSP by (ISC)˛ seems to be the ones one should definetily have on his/ her CV/ resume. But again, if you have only the possibility for one or two certificates, e.g. because of money, it should be considered in which area in security/ pentesting you would like to work. E.g. if you are more interested in malware analysis and research, the GIAC Reverse Engineering Malware (GREM) certificate by SANS may help you more than CISSP.

There are various different areas in penetration testing, so it may help to know in which specifically you are most interested.
In general or if you don't know which area caught your interest most, I would recommend CEH and CISSP.

Certification for pentesters has also been discussed quite a bit around these forums.  A good starting point is the CEH, which is a pretty basic but pretty well rounded cert.  OSCP would be a great hands-on certification and is very well respected by the folks here and out there. SANs has quite a few great courses as well, which are a bit more expensive than others.  

Hi All,

I have the same plan in my mind, start with security + and then go for CEH.

So first talk about security +, can anybody share which is the best place for study material and anything related to security +, that can help.

Well, i am from INDIA, anyone have idea about security JOB prospect here.


Thanks,
Sharabh Sharma

It shouldn't be too hard to find resources for Security+ as it covers mostly basic stuff.

On CompTIA's official website (http://www.comptia.org/certifications/testprep.aspx) you will find Exam Objectives, Practice Tests, Training Materials and more.
CBT also offers free videos to get a first impression on the video trainings. You will also find one for Security+ (2008) (http://www.cbtnuggets.com/webapp/videos).

When you take a look at amazon you will find some books which focuses on security+, but be careful as those often were written for S+ 2003 and not S+ 2008. However, I don't know how big the difference is.

There are also quite a few video trainings available, e.g. from CBT Nuggets (http://www.cbtnuggets.com/webapp/product?id=454). Haven't worked through them yet, but I heard that they are good.

Maybe this site (http://www.certification-crazy.net/security+_resources.htm) will help too.

You may also browse through the forums as there are a few threads about the S+ certificate.

I found this book to be the best one for the exam:
http://www.amazon.com/Security-Study-Guide-Ido-Dubrawsky/dp/1597491535/ref=sr_1_12?ie=UTF8&s=books&qid=1248297814&sr=8-12