very nice.

a quick question though, do you plan on updating the beginner course anytime soon?

True and I'm currently looking to ways to get deal with that issue. Currently, I don't have the experience and thus, i have a feeling that i will be relegated to *shudder* the tier 1 help desk sinkhole and thus will get no experience that i can put on a resume for possibility years.



I actually spent my lunch hour watching that and while it's content is good, it mostly geared towards professionals already in the field (SysAdmins, Network Engineers, etc) and want to make the leap into Infosec. there is sadly little use for a college student working on certs.


I understand that it's not one or the other, but as a student starting off, i need to make choices regarding my resources (chiefly, time and money) and need to see what will get me the most bang for the buck in the immediate future (which is why I'm looking at the eCPPT and OSCP over the C|EH).


yes, i know. Like i said, I'm still intensely curious about all the different tools, techniques, and schools of Infosec so I'll settle down in something fairly soon.

Thanks for the input.

None taken.


Well, basic is good and we all have to start from somewhere. From what i've heard, the industry as a whole is moving more towards web apps everyday so that will really come in useful.



Oh yes. I was toying with the idea of getting the C|EH so it could look pretty on the resume and get my foot in the door for a low infosec job and once there, allow me to beg my new employer about taking shots at the better certs. then i will feel more conferable after 5-6 months of actual infosec experience to take the OSCP. 

btw, do you have any book recommendations for the OSCP.



Not to be cynical (and i may be wrong on this) but i keep hearing in my local DefCon group that either pen testers go on to be managers or eventually fall prey of the "being too old and outdated" mentality. Is this true or am i just hearing things?

Haha, I've actually subscribed to his youtube account. I love his explanation of "best policies"

Well, I've been lurking on this site for a while now and figured it was about time to register myself on the forum.

Who am I: I am a 22 year old college student who is going after a BBA in Information Systems while at the same time pursing an AAS in Information Security. Unlike most people, my interest in Infosec didn't start until a year ago and have found myself trying to play catch up with the rest of the industry ever since.

Current Goals: Right now, my current goal is to set up a laptop pen testing lab where i can toy with programs without fear of screwing up my gaming PC (After i get my laptop, I'll see about converting my gaming PC into a GPU powered password cracking machine). During this time, I'm trying to learn the basics of Ruby, Python, and Javascript (in that order) along with the basics of TCP/IP and Hacking platforms such as Metasploit.

Beyond that, I'll see about adding more stuff to my pen testing lab beyond just the laptop with VMs. Thomas Wilhelm's Rant opened my eyes a bit and i found myself agree with him that i invest more in my lab if i want to get more out of it.

Specialization: Ideally, i want to go into Pen Testing but Computer Forensics has also sparked my interest along with Malware Analyzing so it depends if my interests involve fishing for files that no one wants to see (but it's your job to find) or to be building exploits.

Future Possible Projects: Lately, I've been looking a the Prey anti-thief software. Now, this program is all great and good but the problem is that a thief could steal a computer, reformat the hard drive and you lose your tracking. I've been toying with the idea of combining a rootkit into the BIOs of the computer so if the hard drive gets wiped, you can still track them. Any ideas or resources that can help me with this would be appreciated.

Now on to the cert path:

My AAS degree has aligned it's self with the CompTIA certs (A+,Network+,Security+) along with some basic Cisco knowlage (the CCNA is offered at this school but it is in a different program so I'll have to pick that up later) so it should give me the basic knowledge for the more advanced certs.

beyond that, I'm stuck at a bit of a crossroads.
I've heard mixed results about the C|EH (it's a cert that HR wants but most infosec people dismiss it). likewise, i've heard good things about the eCCPT (provides lots of actual experience but HR doesn't like it).

Regardless of the middle level certifications, I eventually want to obtain the OSCP and proceed to get a CISSP shortly after.

So anyways, there's my story and hope to see you around the forums.