EH-Net

Hello everyone,

I am new at this forum and hope to find some answers that will help me to make the right choices.

I don't have any university degree and never had a job in IT in general.
My plan is to start with an ethical hacker certification and try to get an IT job with that.I will make it clear......AM I DREAMING?

Thank you for your time!!!

Gerry.

You might find it pretty hard to get into security straight off

In security, they want you to have plenty of experience, and maybe a cert

Certs are good for getting past the HR filtering, but without experience, you're not likely to get anywhere

I am looking at working in Penetration Testing, I have no corporate experience yet, and I'm working on an IT helpdesk.  After a few years of experience and a few certs I will look at actually looking for a security related position

Without experience you won't get the job, without the certs you won't get an interview, so start off low with IT jobs that you can do, like a helpdesk and work up from there

~TheXero

gt86,

Without having more information on your background it will be hard to say if you're dreaming or not. What kind of experience do you have with computers over all? How do you think you should get the cert? What do you know about different operating systems and networks? Etc, and etc.

There are easier ways to get an IT job than getting the C|EH first. Like A+, and Net+ and then build off those. Even then, if you have a cert with no experience you'll still most likely get passed over.

What kind of IT job are you looking for?

@TheXero....Thank you very much for your advice.It seems to be the logical of progression of how things should be done.I will have it in mind.

@chrisj........Well, i would like to become a penetration tester.My experience in computers is pretty much basic.I might now some advanced things but just in theory.I am thinking to get the certs doing online training.I dont now much about operating systems but i have this feeling that UNIX is magic ;).I am trying to teach my self Linux.A task i can do easy now is to crack a WEP password and hope i will do the same with WPA when my rt73 chipset usb adapter arrive!I know that i am a noob but everyone was once!!!
Could you please give me a schedule of how certs should be done in a row?
e.g 0->1->2->3->4->5->........

Also about experience: I am thinking to start a website which will convert digital currency or cash in to LR.If i do that and goes well would it count as experience?i think that is a good idea!

Again......thank you for your time.

gt86,

SephStorm has a good post over in this thread (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6781.0/) talking about cert progression relating to pen testing.  There's a couple other links in that thread that link to reviews, etc also.

I'd recommend reading through some threads in the Network Pen Testing (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/board,22.0/) forum.  There's lots of threads there talking about various certs pertaining to pen testing that have helped me plan my course/certification path that'll hopefully lead into a career in pen testing :)

you're going to need a good grounding... I say blow off the certs for now and focus on learning. Not just studying to pass a test.

My back ground is Unix / Linux and networking so my point of view is a little colored in their favor.

Get and read the following books:
Rework
Dissecting the Hack: The Forbidden Network.
Running Linux
Unix shell programming
(then pick up either Perl or Python as a programming language)
Linux System Administration (older and a little dated but teaches you how to admin a site running LAMP, which will get you experience).
You'll need a book on networking, but other than Todd Lammle's CCNA study guide I can't think of any good entry level ones

Security+ Get Certified Get A head (covers basic best practices, but not how to do them). Don't worry about the cert, you need more networking experience first.

Although you can take the list with a grain of salt. I'm more defender than attacker.

reading the books in tandem would probably be wise.

Just wanted to echo what some of the others have stated. To do a good job in security you really need to understand how operating systems and protocols work and work together.

Someone I met before took a cut in pay to work first level helpdesk and studied his butt off the entire time. That job taught him what troubles to expect and what he was learning (mainly Cisco classes) brought in the networking knowledge that he needed. After three years he was making double what he had before, had a couple of certs under his belt, and working on a couple of others.

And yes, learn some programming. I have not done much in... well, a long time and if I do not change that it will hold me back. Once you start getting a solid understanding of networking and the basics of security things will make more sense as you move deeper into the security realm.

While having a goal to work toward to is great, be sure to keep your mind open to what is going on around you. I originally wanted to do PenTesting and some of the really neat stuff that others talk about but I have ended up making the biggest impact on the administrative side. While not as "glamorous" it is necessary and gives security a very public face within an agency/business.

Another book to add to the list (IMHO):
Counter Hack Reloaded by Skoudis and Liston

Read it after going through the Security + material.

Good luck and let us know what ends up working for you. :)

Seems that someone has a lot of homework to do  ;D!!!

Thank you for your advices and references.First i will order Rework and F0rb1dd3n Network to start with theory and way of thinking.

I have a good feeling.... 8)

+ 1 for "Counter Hack Reloaded."

When I was first getting into security that was the book that made me think..."OH, so thats how this stuff works..."

you can skip Rework if you want. It's not about the hard tech skills, more of the soft skills. It's  just a book I read recently  (http://chrisrattis.blogspot.com/2011/02/read-rework.html) and think that it had a lot of really good things in it to improve the soft / business skills, which should help someone stand out in the long run.

As for Counter Hack Reloaded. I agree it's great. I'm about 1/3 of the way through it, it's sitting on my kitchen table next to my box of books on hacking. (Note not in the box).

I could toss in a few other books too, but since gt86 is just starting out, there are some basics first.

Notice my list was mostly about OS, Networking, Best Practices, and admin type skills. For a list of hacking books:

Hacking for Dummies (More best practices / overview of some tools, but liking Dissecting the Hack better for that now).
Hacking Exposed
Hacking Exposed: Wireless
Counter Hack Reloaded
Professional Penetration Testing
Practical Lockpicking

Courses / Certs:
Sec+ (recommends 2 years experience in admin and networking)
OSWP / WiFu
OSCP / Pentesting with Backtrack