Sil put together a pretty good list here: http://infiltrated.net/TechnicalSecurityRoadmap.html

SANS offers a lot for both offensive and defensive courses. Other defensive certs may be more vendor-specific, such as Cisco security certs.

Congrats.

eCPPT isn't as difficult as OSCP, so that might help bridge the gap between CEH and OSCP a bit (which is enormous).

Python will probably be more useful day-to-day. C will help you better understand exploit development, how memory's used, etc., but unless you're writing something that needs to be extremely efficient (i.e. a password cracker), using C is going to be a pain for most tasks.

Look at the courses from eLearnSecurity and Offensive Security.

Also, look into setting up a virtual network where you can create vulnerable virtual machines to practice on. You will indeed lose this knowledge unless you work with it, so you need to keep active.

Welcome to the forums.

It's a difference between versions.

Try:
from scapy import *

I think there's a pool of targets that's randomly selected. You may see something that's familiar, but you shouldn't expect to have the same exam.

Awesome job, congrats!

Also, Google "time in italy"

Your immediate goal should just be breaking into a general IT position. If you feel the CCNA material will take you too long, maybe consider Network+ and A+. I don't think you'll have trouble meeting your salary requirements, and you'll get a decent bump after you get a year or two of experience under your belt.

I don't think you have much to worry about. You're going to have to work your ass off to get a pen testing position, but even if you later decide that isn't worth it, you should still be able to comfortably provide for your family in a systems or networking position. Whether or not you'd find that to be a satisfying role is up to you though.

I imagine it would be difficult to even be a network security admin without experience. You're probably going to have to start as a network admin. Start by going for a CCNA and CCNA: Security. That's a lot of material and will probably take you the better part of a year.

Your primary goal should be landing an entry-level IT position and to start building experience. Small companies can be great to get started with as you'll likely have to wear many hats and consequently get to work with and learn many technologies.


I don't understand this. No one I know, especially myself, as gotten to where they are without stumbling and making mistakes. Just keep learning and moving forward, and you'll get there eventually. Realize that this will probably be a 5+ year goal, so break it down into manageable pieces to avoid getting discouraged and overwhelmed.

And +1 to cd1zz. Spend some time going through the forums. There are a large number of long and elaborate responses to this question.

Which course? It might just be going through a refresh and will be back shortly.

Please don't take this the wrong way, but to be completely candid: if you really cared, you'd spend ~$30 on a book and at least skim it and/or use it as a reference for specific topics.

My exact point is that you're not going to properly secure anything, including your laptop, unless you take the time to learn what common threats are on how to mitigate them. I'm using arbitrary numbers here, but doing really well in three areas and neglecting twelve others isn't going to do you much good overall. "Security" means different things to different people, and unless you take the time to figure out what it means to you, you're not going to go about it in an efficient or effective manner.

Depending on where your math is at, you could try something like http://projecteuler.net/

I wouldn't necessarily discount a resource because it's not directly in-line with what you're doing. You'll learn a lot by branching out, and the techniques used for one task may be applicable to others as well. There's lso aa somewhat dated Python Cookbook from O'Reilly that is a bit more general than the Violent Python and SecurityTube material.

Keeping things out of RAM is not going to leave you with a very usable system

If someone has that kind of access to your system, you're pretty much hosed anyway. Who cares about scraping RAM for the encryption key when they can just wait and key-log you?

If you want to completely separate it, store it on something like your smartphone. There are tons of apps like 1Password. I sync for convenience, but you could leave it only on your mobile device, assuming you're comfortable with the level of authentication for that device.

For #3 you're just going to have to get demos, experiment, and see what works for you.

I use a few different usernames (i.e. financial institutions are different than forums), but I don't do anything stupid like choose a username of d23aXalx. You need to find a balance between security and usability, and most people can't keep up with passwords, let alone what would effectively be doubling that effort.

You should go through a resource like this and develop a decent foundation; you really just seem to be cherry-picking random items to "secure" and not focusing on a comprehensive approach to security: http://www.amazon.com/Network-Security-Bible-Eric-Cole/dp/0470502495/ref=sr_1_1?ie=UTF8&qid=1366937898&sr=8-1&keywords=network+security+bible

Work through the Mutillidae videos: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae