The Ethical Hacker Network - Looking to change careers

spoonyG

Newbie

Offline

Posts: 2

Looking to change careers

« on: June 08, 2007, 02:36:36 PM »

First off I would like to say hello, this is my first post. I’m looking for some advice on the right path to become an ethical hacker and work in the IT security field. I’m been working as an accountant/auditor for the past 8 years but IT security has been a hobby of mine for much of that time. Right now I’m studying for the CEH exam, but I was also thinking of taking the offensive-security 101 course and getting the OSCP. I would like to know what the members here think I should focus on.


	Logged

nebu10uz

Sr. Member

Offline

Posts: 368

Re: Looking to change careers

« Reply #1 on: June 08, 2007, 04:46:26 PM »

IMHO, I would start of by studying the fundamentals of TCP/IP suite protocol. In order to be an ethical hacker you need to be familiar with this fundamental concept. Therefore, before attempting the CEH or OSCP exam I recommend that you go for basic level certifications such as network+ and security+.

I remember when I was in college studying for my Civil Engineering mayor, I received my first computer from my parents. That's where my interest in computer security was born. I ask myself the same question you're asking now and the advice I received was to learn TCP/IP then later focus on certs.

When I had my first security related job interview, the first questions asked was all TCP/IP related. Thank God for all the reading and studying of this subject and hacking concepts that I was offered the job of as a Junior Network Security Analyst.

Anyways enough of me, both the CEH and OSCP are good certs but CEH is more popular and is well known among the security industries. Having this in your resume is a plus if your are looking for job in the pen-testing field. Remember though, cert alone doesn't mean you're proficient as an Ethical Hacker, some experience is required but it could help you land a job where you can mature and gain the required experience for later becoming an EH.

As for the OSCP, this cert is new and I think it will be popular. I personally consider this to be an advance cert. The OSCP tests your technical skills as an EH. The exam consist of 4 to 5 challenges where you literally have to hack an unfamiliar network with different types of OS such as Windows, linux and Solaris. This is not an easy exam but you do have 24 hours to complete the challenge.

In conclusion, I recommend that you get know TCP/IP very well before or while you're studying for the CEH. The CEH is considered to be an intermediate cert so focus on this first and then take OSCP course.

-CEH, multiple questions
-OSCP, practical challgenges

Hope this helps, and oh yeah, welcome to EH-NET Grin


	Logged

Security+, OSCP, CEH

Manu Zacharia (-M-)

Sr. Member

Offline

Posts: 393

c0c0n Hacking Conference - where hackers unite

Re: Looking to change careers

« Reply #2 on: June 08, 2007, 08:12:28 PM »

Hi spoonyG

First of all Welcome to EH-Net. You made the right choice by registering with EH-Net

I totally agree with blackazarro, The first step in ethical hacker / network security is mastering TCP/IP Concepts. The book I would suggest is:

Richard Stevens' TCP/IP illustrated.
Published by Addison-Wesley.

Volume 1 - describes the TCP/IP protocols.
URL: http://www.amazon.com/exec/obidos/ASIN/0201633469/tcpipresources

Volume 2 - describes the TCP/IP stack as implemented in 4.4BSD-Lite, at the source code level.
URL: http://www.amazon.com/exec/obidos/ASIN/020163354X/tcpipresources

Volume 3 - describes HTTP, NNTP, and more.
URL: http://www.amazon.com/exec/obidos/ASIN/0201634953/tcpipresources

The next area that I would like you to go through is the Request for Comments (RFC). The Requests for Comments form a series of notes, started in 1969, about the Internet (originally the ARPANET). The notes discuss many aspects of computer communication, focusing on networking protocols, procedures, programs, and concepts but also including meeting notes, opinion, and sometimes humor. RFCs are available at http://www.ietf.org/rfc/.

Mastering the Operating System Concepts and the various Operating Systems (both Windows and Linux) is the next step I would suggest. A good practical working experience on these operating systems (at the administrative and user level) gives a good grip on the various security issues related to ethical hacking.

Once you have a good understanding of the above topics, you can slowly move on to some languages - the one I suggest is C and Perl. Parallel to this, you can start working on various other technologies like IDS, honeypots, honeynets, forensics, Routers, switching concepts, firewalls, etc.

Last but not the least, keep learning, keep updating the technologies that you have mastered, Knowledge is gained when it is shared, so keep sharing your expertise and knowledge here so that we all can learn from you.

Stay secure and Happy hacking

Manu Zacharia - (morpheus063)


	Logged

Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n

spoonyG

Newbie

Offline

Posts: 2

Re: Looking to change careers

« Reply #3 on: June 09, 2007, 06:04:15 AM »

Thanks for the advice blackazarro and Manu, I do have a general understanding of TCP/IP concepts but probably not to the level that I should. At least now I have a place to focus on before getting to far down the wrong path. Thanks again, SpoonyG.


	Logged

Pages: [1] Go Up

« previous next »